本文整理汇总了Python中flask_wtf.csrf.CSRFError方法的典型用法代码示例。如果您正苦于以下问题:Python csrf.CSRFError方法的具体用法?Python csrf.CSRFError怎么用?Python csrf.CSRFError使用的例子?那么, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类flask_wtf.csrf
的用法示例。
在下文中一共展示了csrf.CSRFError方法的3个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。
示例1: test_csrf_returns_400
# 需要导入模块: from flask_wtf import csrf [as 别名]
# 或者: from flask_wtf.csrf import CSRFError [as 别名]
def test_csrf_returns_400(logged_in_client, mocker):
# we turn off CSRF handling for tests, so fake a CSRF response here.
csrf_err = CSRFError('400 Bad Request: The CSRF tokens do not match.')
mocker.patch('app.main.views.index.render_template', side_effect=csrf_err)
response = logged_in_client.get('/cookies')
assert response.status_code == 400
page = BeautifulSoup(response.data.decode('utf-8'), 'html.parser')
assert page.h1.string.strip() == 'Sorry, there’s a problem with GOV.UK Notify'
assert page.title.string.strip() == 'Sorry, there’s a problem with the service – GOV.UK Notify'
示例2: test_csrf_redirects_to_sign_in_page_if_not_signed_in
# 需要导入模块: from flask_wtf import csrf [as 别名]
# 或者: from flask_wtf.csrf import CSRFError [as 别名]
def test_csrf_redirects_to_sign_in_page_if_not_signed_in(client, mocker):
csrf_err = CSRFError('400 Bad Request: The CSRF tokens do not match.')
mocker.patch('app.main.views.index.render_template', side_effect=csrf_err)
response = client.get('/cookies')
assert response.status_code == 302
assert response.location == url_for('main.sign_in', next='/cookies', _external=True)
示例3: unauth_csrf
# 需要导入模块: from flask_wtf import csrf [as 别名]
# 或者: from flask_wtf.csrf import CSRFError [as 别名]
def unauth_csrf(fall_through=False):
"""Decorator for endpoints that don't need authentication
but do want CSRF checks (available via Header rather than just form).
This is required when setting *WTF_CSRF_CHECK_DEFAULT* = **False** since in that
case, without this decorator, the form validation will attempt to do the CSRF
check, and that will fail since the csrf-token is in the header (for pure JSON
requests).
This decorator does nothing unless Flask-WTF::CSRFProtect has been initialized.
This decorator does nothing if *WTF_CSRF_ENABLED* == **False**.
This decorator will always require CSRF if the caller is authenticated.
This decorator will suppress CSRF if caller isn't authenticated and has set the
*SECURITY_CSRF_IGNORE_UNAUTH_ENDPOINTS* config variable.
:param fall_through: if set to True, then if CSRF fails here - simply keep going.
This is appropriate if underlying view is form based and once the form is
instantiated, the csrf_token will be available.
Note that this can mask some errors such as 'The CSRF session token is missing.'
meaning that the caller didn't send a session cookie and instead the caller
might get a 'The CSRF token is missing.' error.
.. versionadded:: 3.3.0
"""
def wrapper(fn):
@wraps(fn)
def decorated(*args, **kwargs):
if not current_app.config.get(
"WTF_CSRF_ENABLED", False
) or not current_app.extensions.get("csrf", None):
return fn(*args, **kwargs)
if (
config_value("CSRF_IGNORE_UNAUTH_ENDPOINTS")
and not current_user.is_authenticated
):
_request_ctx_stack.top.fs_ignore_csrf = True
else:
try:
_csrf.protect()
except CSRFError:
if not fall_through:
raise
return fn(*args, **kwargs)
return decorated
return wrapper