本文整理汇总了Python中controllers.utils.XsrfTokenManager类的典型用法代码示例。如果您正苦于以下问题:Python XsrfTokenManager类的具体用法?Python XsrfTokenManager怎么用?Python XsrfTokenManager使用的例子?那么恭喜您, 这里精选的类代码示例或许可以为您提供帮助。
在下文中一共展示了XsrfTokenManager类的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。
示例1: get
def get(self):
"""Provides empty initial content for asset upload editor."""
# TODO(jorr): Pass base URI through as request param when generalized.
json_payload = {'file': '', 'base': ALLOWED_ASSET_UPLOAD_BASE}
transforms.send_json_response(
self, 200, 'Success.', payload_dict=json_payload,
xsrf_token=XsrfTokenManager.create_xsrf_token('asset-upload'))示例2: render
def render(self, node, context):
"""Renders the submit button."""
xsrf_token = XsrfTokenManager.create_xsrf_token(
QUESTIONNAIRE_XSRF_TOKEN_NAME)
form_id = node.attrib.get('form-id')
button_label = node.attrib.get('button-label')
disabled = (node.attrib.get('disabled') == 'true')
post_message = node.text
user = context.handler.get_user()
registered = False
if user and models.Student.get_enrolled_student_by_user(user):
registered = True
template_vals = {
'xsrf_token': xsrf_token,
'form_id': form_id,
'button_label': button_label,
'disabled': disabled,
'registered': registered,
'post_message': post_message,
}
template = jinja_utils.get_template(
'questionnaire.html', [TEMPLATES_DIR])
button = template.render(template_vals)
return tags.html_string_to_element_tree(button)示例3: get
def get(self):
"""Get the data to populate the question editor form."""
key = self.request.get('key')
if not CourseOutlineRights.can_view(self):
transforms.send_json_response(
self, 401, 'Access denied.', {'key': key})
return
if key:
question = QuestionDAO.load(key)
payload_dict = question.dict
else:
payload_dict = {
'version': self.SCHEMA_VERSION,
'question': '',
'description': '',
'graders': [
{
'score': '1.0',
'matcher': 'case_insensitive',
'response': '',
'feedback': ''}]}
transforms.send_json_response(
self, 200, 'Success',
payload_dict=payload_dict,
xsrf_token=XsrfTokenManager.create_xsrf_token(self.XSRF_TOKEN))示例4: get
def get(self):
"""Handles REST GET verb and returns an object as JSON payload."""
assert self.app_context.is_editable_fs()
key = self.request.get('key')
if not CourseSettingsRights.can_view(self):
transforms.send_json_response(
self, 401, 'Access denied.', {'key': key})
return
# Load data if possible.
fs = self.app_context.fs.impl
filename = fs.physical_to_logical('/course.yaml')
try:
stream = fs.get(filename)
except: # pylint: disable=bare-except
stream = None
if not stream:
transforms.send_json_response(
self, 404, 'Object not found.', {'key': key})
return
# Prepare data.
json_payload = self.process_get()
transforms.send_json_response(
self, 200, 'Success.',
payload_dict=json_payload,
xsrf_token=XsrfTokenManager.create_xsrf_token(self.XSRF_ACTION))示例5: get
def get(self):
"""Respond to the REST GET verb with the contents of the group."""
key = self.request.get('key')
if not CourseOutlineRights.can_view(self):
transforms.send_json_response(
self, 401, 'Access denied.', {'key': key})
return
if key:
question_group = QuestionGroupDAO.load(key)
version = question_group.dict.get('version')
if self.SCHEMA_VERSION != version:
transforms.send_json_response(
self, 403, 'Cannot edit a Version %s group.' % version,
{'key': key})
return
payload_dict = question_group.dict
else:
payload_dict = {
'version': self.SCHEMA_VERSION,
'items': [{'weight': ''}, {'weight': ''}, {'weight': ''}]}
transforms.send_json_response(
self, 200, 'Success',
payload_dict=payload_dict,
xsrf_token=XsrfTokenManager.create_xsrf_token(self.XSRF_TOKEN))示例6: get
def get(self):
"""Provides empty initial content for asset upload editor."""
# TODO(jorr): Pass base URI through as request param when generalized.
key = self.request.get('key')
base = asset_paths.AllowedBases.match_allowed_bases(key)
if not base:
transforms.send_json_response(
self, 400, 'Malformed request.', {'key': key})
return
json_payload = {
'key': key,
'base': base,
}
fs = self.app_context.fs.impl
if fs.isfile(fs.physical_to_logical(key)):
json_payload['asset_url'] = key
# TODO(davyrisso): Remove when cached assets issues are solved.
# We add a random seed to the URL to force a reload, we also append
# the URL because oeditor expects it to end with the filename.
suffix = ('?seed=%s&url=%s' % (
str(random.randint(0, 100000)), json_payload['asset_url']))
json_payload['asset_url'] += suffix
else:
json_payload['asset_url'] = asset_paths.relative_base(base)
transforms.send_json_response(
self, 200, 'Success.', payload_dict=json_payload,
xsrf_token=XsrfTokenManager.create_xsrf_token(self.XSRF_TOKEN_NAME))示例7: get
def get(self):
"""A GET REST method shared by all unit types."""
key = self.request.get("key")
if not CourseOutlineRights.can_view(self):
transforms.send_json_response(self, 401, "Access denied.", {"key": key})
return
unit = courses.Course(self).find_unit_by_id(key)
if not unit:
transforms.send_json_response(self, 404, "Object not found.", {"key": key})
return
message = ["Success."]
if self.request.get("is_newly_created"):
unit_type = verify.UNIT_TYPE_NAMES[unit.type].lower()
message.append("New %s has been created and saved." % unit_type)
transforms.send_json_response(
self,
200,
"\n".join(message),
payload_dict=self.unit_to_dict(unit),
xsrf_token=XsrfTokenManager.create_xsrf_token("put-unit"),
)示例8: get
def get(self):
"""Handles REST GET verb and returns an object as JSON payload."""
assert is_editable_fs(self.app_context)
key = self.request.get("key")
if not FilesRights.can_view(self):
transforms.send_json_response(self, 401, "Access denied.", {"key": key})
return
# Load data if possible.
fs = self.app_context.fs.impl
filename = fs.physical_to_logical(key)
try:
stream = fs.get(filename)
except: # pylint: disable=bare-except
stream = None
if not stream:
transforms.send_json_response(self, 404, "Object not found.", {"key": key})
return
# Prepare data.
entity = {"key": key}
if self.is_text_file(key):
entity["encoding"] = self.FILE_ENCODING_TEXT
entity["content"] = vfs.stream_to_string(stream)
else:
entity["encoding"] = self.FILE_ENCODING_BINARY
entity["content"] = base64.b64encode(stream.read())
# Render JSON response.
json_payload = transforms.dict_to_json(entity, FilesItemRESTHandler.SCHEMA_DICT)
transforms.send_json_response(
self, 200, "Success.", payload_dict=json_payload, xsrf_token=XsrfTokenManager.create_xsrf_token("file-put")
)示例9: get
def get(self):
"""Handles REST GET verb and returns an object as JSON payload."""
if not CourseOutlineRights.can_view(self):
transforms.send_json_response(self, 401, 'Access denied.', {})
return
course = courses.Course(self)
outline_data = []
for unit in course.get_units():
lesson_data = []
for lesson in course.get_lessons(unit.unit_id):
lesson_data.append({
'title': lesson.title,
'id': lesson.lesson_id})
unit_title = unit.title
if verify.UNIT_TYPE_UNIT == unit.type:
unit_title = 'Unit %s - %s' % (unit.index, unit.title)
outline_data.append({
'title': unit_title,
'id': unit.unit_id,
'lessons': lesson_data})
transforms.send_json_response(
self, 200, None,
payload_dict={'outline': outline_data},
xsrf_token=XsrfTokenManager.create_xsrf_token(
'unit-lesson-reorder'))示例10: test_attempt_activity_event
def test_attempt_activity_event(self):
"""Test activity attempt generates event."""
email = '[email protected]'
name = 'Test Attempt Activity Event'
actions.login(email)
actions.register(self, name)
# Enable event recording.
config.Registry.db_overrides[
lessons.CAN_PERSIST_ACTIVITY_EVENTS.name] = True
# Prepare event.
request = {}
request['source'] = 'test-source'
request['payload'] = json.dumps({'Alice': 'Bob'})
# Check XSRF token is required.
response = self.post('rest/events?%s' % urllib.urlencode(
{'request': json.dumps(request)}), {})
assert_equals(response.status_int, 200)
assert_contains('"status": 403', response.body)
# Check PUT works.
request['xsrf_token'] = XsrfTokenManager.create_xsrf_token(
'event-post')
response = self.post('rest/events?%s' % urllib.urlencode(
{'request': json.dumps(request)}), {})
assert_equals(response.status_int, 200)
assert not response.body
# Clean up.
config.Registry.db_overrides = {}示例11: get
def get(self):
"""Handles REST GET verb and returns an object as JSON payload."""
key = self.request.get('key')
try:
entity = AnnouncementEntity.get(key)
except db.BadKeyError:
entity = None
if not entity:
transforms.send_json_response(
self, 404, 'Object not found.', {'key': key})
return
viewable = AnnouncementsRights.apply_rights(self, [entity])
if not viewable:
transforms.send_json_response(
self, 401, 'Access denied.', {'key': key})
return
entity = viewable[0]
json_payload = transforms.dict_to_json(transforms.entity_to_dict(
entity), AnnouncementsItemRESTHandler.SCHEMA_DICT)
transforms.send_json_response(
self, 200, 'Success.',
payload_dict=json_payload,
xsrf_token=XsrfTokenManager.create_xsrf_token(
'announcement-put'))示例12: get
def get(self):
"""Handles REST GET verb and returns an object as JSON payload."""
key = self.request.get('key')
if not ConfigPropertyRights.can_view():
transforms.send_json_response(
self, 401, 'Access denied.', {'key': key})
return
item = None
if key and key in config.Registry.registered.keys():
item = config.Registry.registered[key]
if not item:
self.redirect('/admin?action=settings')
try:
entity = config.ConfigPropertyEntity.get_by_key_name(key)
except db.BadKeyError:
entity = None
if not entity:
transforms.send_json_response(
self, 404, 'Object not found.', {'key': key})
else:
entity_dict = {'name': key, 'is_draft': entity.is_draft}
entity_dict['value'] = transforms.string_to_value(
entity.value, item.value_type)
json_payload = transforms.dict_to_json(
entity_dict,
transforms.loads(
ConfigPropertyEditor.get_schema_json(item)))
transforms.send_json_response(
self, 200, 'Success.',
payload_dict=json_payload,
xsrf_token=XsrfTokenManager.create_xsrf_token(
'config-property-put'))示例13: post
def post(self):
if not users.is_current_user_admin():
self.abort(403)
if not XsrfTokenManager.is_xsrf_token_valid(self.request.POST.get('xsrf_token', ''), 'post'):
self.abort(403, 'XSRF token failed.')
form = self.Form(self.request.POST)
if not form.validate():
self.response.write('<br>'.join(form.errors))
return
student = Student.get_by_key_name(form.email.data)
report = PartReport.on(student, course=self.get_course(),
part=form.part.data,
force_re_run=form.re_run.data,
put=form.really_save.data)
badge_version = choose_badge_version(part_config[form.part.data]['slug'], report.completion())
if badge_version:
badge = Badge.get_by_key_name(badge_version)
if not badge:
self.response.write(' There is no badge with key_name %s (so I cannot issue a badge)' % badge_version)
if form.really_save.data and badge:
b = Badge.issue(badge, student, put=False)
b.evidence = self.request.host_url + '/badges/evidence?id=%d' % report.key().id()
b.put()
self.response.write('Issued badge %s!' % badge_version)
else:
self.response.write('Would have issued badge %s!' % badge_version)
else:
self.response.write('Not issuing because at least one of: %s' % (', '.join(report.incomplete_reasons)))示例14: get
def get(self):
"""Handles GET requests."""
if not course_explorer.GCB_ENABLE_COURSE_EXPLORER_PAGE.value:
self.error(404)
return
user = self.initialize_page_and_get_user()
if not user:
self.redirect('/explorer')
return
courses = self.get_public_courses()
self.template_values['student'] = (
StudentProfileDAO.get_profile_by_user_id(user.user_id()))
self.template_values['navbar'] = {'profile': True}
self.template_values['courses'] = self.get_enrolled_courses(courses)
self.template_values['student_edit_xsrf_token'] = (
XsrfTokenManager.create_xsrf_token(
STUDENT_RENAME_GLOBAL_XSRF_TOKEN_ID))
self.template_values['html_hooks'] = NullHtmlHooks()
self.template_values['student_preferences'] = {}
template = jinja_utils.get_template(
'/modules/course_explorer/views/profile.html', DIR)
self.response.write(template.render(self.template_values))示例15: get
def get(self):
if not users.is_current_user_admin():
self.abort(403)
form = self.Form()
self.template_value['form'] = form
self.template_value['xsrf_token'] = XsrfTokenManager.create_xsrf_token('post')
self.template_value['action_url'] = self.request.url
self.template_value['title'] = 'Reconsider a single participant'
self.render('badge_bulk_issue.html')