本文整理汇总了Python中controllers.utils.XsrfTokenManager.create_xsrf_token方法的典型用法代码示例。如果您正苦于以下问题:Python XsrfTokenManager.create_xsrf_token方法的具体用法?Python XsrfTokenManager.create_xsrf_token怎么用?Python XsrfTokenManager.create_xsrf_token使用的例子?那么恭喜您, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类controllers.utils.XsrfTokenManager的用法示例。
在下文中一共展示了XsrfTokenManager.create_xsrf_token方法的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。
示例1: get
# 需要导入模块: from controllers.utils import XsrfTokenManager [as 别名]
# 或者: from controllers.utils.XsrfTokenManager import create_xsrf_token [as 别名]
def get(self):
"""Provides empty initial content for asset upload editor."""
# TODO(jorr): Pass base URI through as request param when generalized.
json_payload = {'file': '', 'base': ALLOWED_ASSET_UPLOAD_BASE}
transforms.send_json_response(
self, 200, 'Success.', payload_dict=json_payload,
xsrf_token=XsrfTokenManager.create_xsrf_token('asset-upload'))示例2: render
# 需要导入模块: from controllers.utils import XsrfTokenManager [as 别名]
# 或者: from controllers.utils.XsrfTokenManager import create_xsrf_token [as 别名]
def render(self, node, context):
"""Renders the submit button."""
xsrf_token = XsrfTokenManager.create_xsrf_token(
QUESTIONNAIRE_XSRF_TOKEN_NAME)
form_id = node.attrib.get('form-id')
button_label = node.attrib.get('button-label')
disabled = (node.attrib.get('disabled') == 'true')
post_message = node.text
user = context.handler.get_user()
registered = False
if user and models.Student.get_enrolled_student_by_user(user):
registered = True
template_vals = {
'xsrf_token': xsrf_token,
'form_id': form_id,
'button_label': button_label,
'disabled': disabled,
'registered': registered,
'post_message': post_message,
}
template = jinja_utils.get_template(
'questionnaire.html', [TEMPLATES_DIR])
button = template.render(template_vals)
return tags.html_string_to_element_tree(button)示例3: get
# 需要导入模块: from controllers.utils import XsrfTokenManager [as 别名]
# 或者: from controllers.utils.XsrfTokenManager import create_xsrf_token [as 别名]
def get(self):
"""Provides empty initial content for asset upload editor."""
# TODO(jorr): Pass base URI through as request param when generalized.
key = self.request.get('key')
base = asset_paths.AllowedBases.match_allowed_bases(key)
if not base:
transforms.send_json_response(
self, 400, 'Malformed request.', {'key': key})
return
json_payload = {
'key': key,
'base': base,
}
fs = self.app_context.fs.impl
if fs.isfile(fs.physical_to_logical(key)):
json_payload['asset_url'] = key
# TODO(davyrisso): Remove when cached assets issues are solved.
# We add a random seed to the URL to force a reload, we also append
# the URL because oeditor expects it to end with the filename.
suffix = ('?seed=%s&url=%s' % (
str(random.randint(0, 100000)), json_payload['asset_url']))
json_payload['asset_url'] += suffix
else:
json_payload['asset_url'] = asset_paths.relative_base(base)
transforms.send_json_response(
self, 200, 'Success.', payload_dict=json_payload,
xsrf_token=XsrfTokenManager.create_xsrf_token(self.XSRF_TOKEN_NAME))示例4: get
# 需要导入模块: from controllers.utils import XsrfTokenManager [as 别名]
# 或者: from controllers.utils.XsrfTokenManager import create_xsrf_token [as 别名]
def get(self):
"""Get the data to populate the question editor form."""
key = self.request.get('key')
if not CourseOutlineRights.can_view(self):
transforms.send_json_response(
self, 401, 'Access denied.', {'key': key})
return
if key:
question = QuestionDAO.load(key)
payload_dict = question.dict
else:
payload_dict = {
'version': self.SCHEMA_VERSION,
'question': '',
'description': '',
'graders': [
{
'score': '1.0',
'matcher': 'case_insensitive',
'response': '',
'feedback': ''}]}
transforms.send_json_response(
self, 200, 'Success',
payload_dict=payload_dict,
xsrf_token=XsrfTokenManager.create_xsrf_token(self.XSRF_TOKEN))示例5: get
# 需要导入模块: from controllers.utils import XsrfTokenManager [as 别名]
# 或者: from controllers.utils.XsrfTokenManager import create_xsrf_token [as 别名]
def get(self):
"""Handles REST GET verb and returns an object as JSON payload."""
assert self.app_context.is_editable_fs()
key = self.request.get('key')
if not CourseSettingsRights.can_view(self):
transforms.send_json_response(
self, 401, 'Access denied.', {'key': key})
return
# Load data if possible.
fs = self.app_context.fs.impl
filename = fs.physical_to_logical('/course.yaml')
try:
stream = fs.get(filename)
except: # pylint: disable=bare-except
stream = None
if not stream:
transforms.send_json_response(
self, 404, 'Object not found.', {'key': key})
return
# Prepare data.
json_payload = self.process_get()
transforms.send_json_response(
self, 200, 'Success.',
payload_dict=json_payload,
xsrf_token=XsrfTokenManager.create_xsrf_token(self.XSRF_ACTION))示例6: get
# 需要导入模块: from controllers.utils import XsrfTokenManager [as 别名]
# 或者: from controllers.utils.XsrfTokenManager import create_xsrf_token [as 别名]
def get(self):
"""Handles REST GET verb and returns an object as JSON payload."""
if not CourseOutlineRights.can_view(self):
transforms.send_json_response(self, 401, "Access denied.", {})
return
course = courses.Course(self)
outline_data = []
for unit in course.get_units():
lesson_data = []
for lesson in course.get_lessons(unit.unit_id):
lesson_data.append({"title": lesson.title, "id": lesson.lesson_id})
unit_title = unit.title
if verify.UNIT_TYPE_UNIT == unit.type:
unit_title = "Unit %s - %s" % (unit.index, unit.title)
outline_data.append({"title": unit_title, "id": unit.unit_id, "lessons": lesson_data})
transforms.send_json_response(
self,
200,
"Success.",
payload_dict={"outline": outline_data},
xsrf_token=XsrfTokenManager.create_xsrf_token("unit-lesson-reorder"),
)示例7: test_attempt_activity_event
# 需要导入模块: from controllers.utils import XsrfTokenManager [as 别名]
# 或者: from controllers.utils.XsrfTokenManager import create_xsrf_token [as 别名]
def test_attempt_activity_event(self):
"""Test activity attempt generates event."""
email = '[email protected]'
name = 'Test Attempt Activity Event'
actions.login(email)
actions.register(self, name)
# Enable event recording.
config.Registry.db_overrides[
lessons.CAN_PERSIST_ACTIVITY_EVENTS.name] = True
# Prepare event.
request = {}
request['source'] = 'test-source'
request['payload'] = json.dumps({'Alice': 'Bob'})
# Check XSRF token is required.
response = self.post('rest/events?%s' % urllib.urlencode(
{'request': json.dumps(request)}), {})
assert_equals(response.status_int, 200)
assert_contains('"status": 403', response.body)
# Check PUT works.
request['xsrf_token'] = XsrfTokenManager.create_xsrf_token(
'event-post')
response = self.post('rest/events?%s' % urllib.urlencode(
{'request': json.dumps(request)}), {})
assert_equals(response.status_int, 200)
assert not response.body
# Clean up.
config.Registry.db_overrides = {}示例8: get
# 需要导入模块: from controllers.utils import XsrfTokenManager [as 别名]
# 或者: from controllers.utils.XsrfTokenManager import create_xsrf_token [as 别名]
def get(self):
"""Handles REST GET verb and returns an object as JSON payload."""
assert is_editable_fs(self.app_context)
key = self.request.get("key")
if not FilesRights.can_view(self):
transforms.send_json_response(self, 401, "Access denied.", {"key": key})
return
# Load data if possible.
fs = self.app_context.fs.impl
filename = fs.physical_to_logical(key)
try:
stream = fs.get(filename)
except: # pylint: disable=bare-except
stream = None
if not stream:
transforms.send_json_response(self, 404, "Object not found.", {"key": key})
return
# Prepare data.
entity = {"key": key}
if self.is_text_file(key):
entity["encoding"] = self.FILE_ENCODING_TEXT
entity["content"] = vfs.stream_to_string(stream)
else:
entity["encoding"] = self.FILE_ENCODING_BINARY
entity["content"] = base64.b64encode(stream.read())
# Render JSON response.
json_payload = transforms.dict_to_json(entity, FilesItemRESTHandler.SCHEMA_DICT)
transforms.send_json_response(
self, 200, "Success.", payload_dict=json_payload, xsrf_token=XsrfTokenManager.create_xsrf_token("file-put")
)示例9: get
# 需要导入模块: from controllers.utils import XsrfTokenManager [as 别名]
# 或者: from controllers.utils.XsrfTokenManager import create_xsrf_token [as 别名]
def get(self):
"""Handles REST GET verb and returns an object as JSON payload."""
key = self.request.get('key')
try:
entity = AnnouncementEntity.get(key)
except db.BadKeyError:
entity = None
if not entity:
transforms.send_json_response(
self, 404, 'Object not found.', {'key': key})
return
viewable = AnnouncementsRights.apply_rights(self, [entity])
if not viewable:
transforms.send_json_response(
self, 401, 'Access denied.', {'key': key})
return
entity = viewable[0]
json_payload = transforms.dict_to_json(transforms.entity_to_dict(
entity), AnnouncementsItemRESTHandler.SCHEMA_DICT)
transforms.send_json_response(
self, 200, 'Success.',
payload_dict=json_payload,
xsrf_token=XsrfTokenManager.create_xsrf_token(
'announcement-put'))示例10: get
# 需要导入模块: from controllers.utils import XsrfTokenManager [as 别名]
# 或者: from controllers.utils.XsrfTokenManager import create_xsrf_token [as 别名]
def get(self):
"""Handles REST GET verb and returns an object as JSON payload."""
if not CourseOutlineRights.can_view(self):
transforms.send_json_response(self, 401, 'Access denied.', {})
return
course = courses.Course(self)
outline_data = []
for unit in course.get_units():
lesson_data = []
for lesson in course.get_lessons(unit.unit_id):
lesson_data.append({
'title': lesson.title,
'id': lesson.lesson_id})
unit_title = unit.title
if verify.UNIT_TYPE_UNIT == unit.type:
unit_title = 'Unit %s - %s' % (unit.index, unit.title)
outline_data.append({
'title': unit_title,
'id': unit.unit_id,
'lessons': lesson_data})
transforms.send_json_response(
self, 200, None,
payload_dict={'outline': outline_data},
xsrf_token=XsrfTokenManager.create_xsrf_token(
'unit-lesson-reorder'))示例11: get
# 需要导入模块: from controllers.utils import XsrfTokenManager [as 别名]
# 或者: from controllers.utils.XsrfTokenManager import create_xsrf_token [as 别名]
def get(self):
"""Handles REST GET verb and returns an object as JSON payload."""
key = self.request.get('key')
if not ConfigPropertyRights.can_view():
transforms.send_json_response(
self, 401, 'Access denied.', {'key': key})
return
item = None
if key and key in config.Registry.registered.keys():
item = config.Registry.registered[key]
if not item:
self.redirect('/admin?action=settings')
try:
entity = config.ConfigPropertyEntity.get_by_key_name(key)
except db.BadKeyError:
entity = None
if not entity:
transforms.send_json_response(
self, 404, 'Object not found.', {'key': key})
else:
entity_dict = {'name': key, 'is_draft': entity.is_draft}
entity_dict['value'] = transforms.string_to_value(
entity.value, item.value_type)
json_payload = transforms.dict_to_json(
entity_dict,
transforms.loads(
ConfigPropertyEditor.get_schema_json(item)))
transforms.send_json_response(
self, 200, 'Success.',
payload_dict=json_payload,
xsrf_token=XsrfTokenManager.create_xsrf_token(
'config-property-put'))示例12: get
# 需要导入模块: from controllers.utils import XsrfTokenManager [as 别名]
# 或者: from controllers.utils.XsrfTokenManager import create_xsrf_token [as 别名]
def get(self):
"""Respond to the REST GET verb with the contents of the group."""
key = self.request.get('key')
if not CourseOutlineRights.can_view(self):
transforms.send_json_response(
self, 401, 'Access denied.', {'key': key})
return
if key:
question_group = QuestionGroupDAO.load(key)
version = question_group.dict.get('version')
if self.SCHEMA_VERSION != version:
transforms.send_json_response(
self, 403, 'Cannot edit a Version %s group.' % version,
{'key': key})
return
payload_dict = question_group.dict
else:
payload_dict = {
'version': self.SCHEMA_VERSION,
'items': [{'weight': ''}, {'weight': ''}, {'weight': ''}]}
transforms.send_json_response(
self, 200, 'Success',
payload_dict=payload_dict,
xsrf_token=XsrfTokenManager.create_xsrf_token(self.XSRF_TOKEN))示例13: get
# 需要导入模块: from controllers.utils import XsrfTokenManager [as 别名]
# 或者: from controllers.utils.XsrfTokenManager import create_xsrf_token [as 别名]
def get(self):
"""Handles GET requests."""
if not course_explorer.GCB_ENABLE_COURSE_EXPLORER_PAGE.value:
self.error(404)
return
user = self.initialize_page_and_get_user()
if not user:
self.redirect('/explorer')
return
courses = self.get_public_courses()
self.template_values['student'] = (
StudentProfileDAO.get_profile_by_user_id(user.user_id()))
self.template_values['navbar'] = {'profile': True}
self.template_values['courses'] = self.get_enrolled_courses(courses)
self.template_values['student_edit_xsrf_token'] = (
XsrfTokenManager.create_xsrf_token(
STUDENT_RENAME_GLOBAL_XSRF_TOKEN_ID))
self.template_values['html_hooks'] = NullHtmlHooks()
self.template_values['student_preferences'] = {}
template = jinja_utils.get_template(
'/modules/course_explorer/views/profile.html', DIR)
self.response.write(template.render(self.template_values))示例14: get
# 需要导入模块: from controllers.utils import XsrfTokenManager [as 别名]
# 或者: from controllers.utils.XsrfTokenManager import create_xsrf_token [as 别名]
def get(self):
if not users.is_current_user_admin():
self.abort(403)
form = self.Form()
self.template_value['form'] = form
self.template_value['xsrf_token'] = XsrfTokenManager.create_xsrf_token('post')
self.template_value['action_url'] = self.request.url
self.template_value['title'] = 'Reconsider a single participant'
self.render('badge_bulk_issue.html')示例15: test_non_admin_has_no_access
# 需要导入模块: from controllers.utils import XsrfTokenManager [as 别名]
# 或者: from controllers.utils.XsrfTokenManager import create_xsrf_token [as 别名]
def test_non_admin_has_no_access(self):
"""Test non admin has no access to pages or REST endpoints."""
email = '[email protected]'
actions.login(email)
# Add datastore override.
prop = config.ConfigPropertyEntity(
key_name='gcb_config_update_interval_sec')
prop.value = '5'
prop.is_draft = False
prop.put()
# Check user has no access to specific pages and actions.
response = self.testapp.get('/admin?action=settings')
assert_equals(response.status_int, 302)
response = self.testapp.get(
'/admin?action=config_edit&name=gcb_admin_user_emails')
assert_equals(response.status_int, 302)
response = self.testapp.post(
'/admin?action=config_reset&name=gcb_admin_user_emails')
assert_equals(response.status_int, 302)
# Check user has no rights to GET verb.
response = self.testapp.get(
'/rest/config/item?key=gcb_config_update_interval_sec')
assert_equals(response.status_int, 200)
json_dict = json.loads(response.body)
assert json_dict['status'] == 401
assert json_dict['message'] == 'Access denied.'
# Check user has no rights to PUT verb.
payload_dict = {}
payload_dict['value'] = '666'
payload_dict['is_draft'] = False
request = {}
request['key'] = 'gcb_config_update_interval_sec'
request['payload'] = json.dumps(payload_dict)
# Check XSRF token is required.
response = self.testapp.put('/rest/config/item?%s' % urllib.urlencode(
{'request': json.dumps(request)}), {})
assert_equals(response.status_int, 200)
assert_contains('"status": 403', response.body)
# Check user still has no rights to PUT verb even if he somehow
# obtained a valid XSRF token.
request['xsrf_token'] = XsrfTokenManager.create_xsrf_token(
'config-property-put')
response = self.testapp.put('/rest/config/item?%s' % urllib.urlencode(
{'request': json.dumps(request)}), {})
assert_equals(response.status_int, 200)
json_dict = json.loads(response.body)
assert json_dict['status'] == 401
assert json_dict['message'] == 'Access denied.'