本文整理汇总了Python中flask_wtf.csrf.generate_csrf方法的典型用法代码示例。如果您正苦于以下问题:Python csrf.generate_csrf方法的具体用法?Python csrf.generate_csrf怎么用?Python csrf.generate_csrf使用的例子?那么恭喜您, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类flask_wtf.csrf的用法示例。
在下文中一共展示了csrf.generate_csrf方法的6个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。
示例1: csrf_token
# 需要导入模块: from flask_wtf import csrf [as 别名]
# 或者: from flask_wtf.csrf import generate_csrf [as 别名]
def csrf_token(self):
# First, we'll wrap our request shim around the test client, so that
# it will work correctly when Flask asks it to set a cookie.
request = RequestShim(self)
# Next, we need to look up any cookies that might already exist on
# this test client, such as the secure cookie that powers `flask.session`,
# and make a test request context that has those cookies in it.
environ_overrides = {}
self.cookie_jar.inject_wsgi(environ_overrides)
with flask.current_app.test_request_context(
"/login", environ_overrides=environ_overrides,
):
# Now, we call Flask-WTF's method of generating a CSRF token...
csrf_token = generate_csrf()
# ...which also sets a value in `flask.session`, so we need to
# ask Flask to save that value to the cookie jar in the test
# client. This is where we actually use that request shim we made!
flask.current_app.save_session(flask.session, request)
# And finally, return that CSRF token we got from Flask-WTF.
return csrf_token 示例2: base_render_json
# 需要导入模块: from flask_wtf import csrf [as 别名]
# 或者: from flask_wtf.csrf import generate_csrf [as 别名]
def base_render_json(
form,
include_user=True,
include_auth_token=False,
additional=None,
error_status_code=400,
):
has_errors = len(form.errors) > 0
user = form.user if hasattr(form, "user") else None
if has_errors:
code = error_status_code
payload = json_error_response(errors=form.errors)
else:
code = 200
payload = dict()
if user:
# This allows anonymous GETs via JSON
if include_user:
payload["user"] = user.get_security_payload()
if include_auth_token:
# view wants to return auth_token - check behavior config
if (
config_value("BACKWARDS_COMPAT_AUTH_TOKEN")
or "include_auth_token" in request.args
):
token = user.get_auth_token()
payload["user"]["authentication_token"] = token
# Return csrf_token on each JSON response - just as every form
# has it rendered.
payload["csrf_token"] = csrf.generate_csrf()
if additional:
payload.update(additional)
return _security._render_json(payload, code, headers=None, user=user) 示例3: set_xsrf_cookie
# 需要导入模块: from flask_wtf import csrf [as 别名]
# 或者: from flask_wtf.csrf import generate_csrf [as 别名]
def set_xsrf_cookie(response):
"""
Sets the csrf token used by csrf protect as a cookie to allow usage with
react.
"""
response.set_cookie("X-CSRF", generate_csrf())
return response 示例4: configure_app
# 需要导入模块: from flask_wtf import csrf [as 别名]
# 或者: from flask_wtf.csrf import generate_csrf [as 别名]
def configure_app(app, config_object):
"""General application configuration:
- register the app's config
- register Jinja extensions
- register functions to run on before/after request
"""
# automatically configure a migrations folder for each bundle
config_object.ALEMBIC['version_locations'] = [
(bundle._name, os.path.join(PROJECT_ROOT,
bundle.module_name.replace('.', os.sep),
'migrations'))
for bundle in app.bundles if bundle.has_models
]
app.config.from_object(config_object)
app.jinja_env.add_extension('jinja2_time.TimeExtension')
@app.before_request
def enable_session_timeout():
session.permanent = True # set session to use PERMANENT_SESSION_LIFETIME
session.modified = True # reset the session timer on every request
@app.after_request
def set_csrf_cookie(response):
if response:
response.set_cookie('csrf_token', generate_csrf())
return response 示例5: inject_csrf_token
# 需要导入模块: from flask_wtf import csrf [as 别名]
# 或者: from flask_wtf.csrf import generate_csrf [as 别名]
def inject_csrf_token(response):
response.headers.set("X-CSRF-Token", generate_csrf())
return response
# EXPERIMENT PORTAL ############################################################ 示例6: init_app
# 需要导入模块: from flask_wtf import csrf [as 别名]
# 或者: from flask_wtf.csrf import generate_csrf [as 别名]
def init_app(self, app):
app.extensions['csrf'] = self
app.config.setdefault('WTF_CSRF_ENABLED', True)
app.config.setdefault('WTF_CSRF_CHECK_DEFAULT', True)
app.config['WTF_CSRF_METHODS'] = set(app.config.get(
'WTF_CSRF_METHODS', ['POST', 'PUT', 'PATCH', 'DELETE']
))
app.config.setdefault('WTF_CSRF_FIELD_NAME', 'csrf_token')
app.config.setdefault(
'WTF_CSRF_HEADERS', ['X-CSRFToken', 'X-CSRF-Token']
)
app.config.setdefault('WTF_CSRF_TIME_LIMIT', 3600)
app.config.setdefault('WTF_CSRF_SSL_STRICT', True)
app.jinja_env.globals['csrf_token'] = generate_csrf
app.context_processor(lambda: {'csrf_token': generate_csrf})
def _set_csrf_valid_true():
"""设置验证通过, 满足 _FlaskFormCSRF.validate_csrf_token 内判断"""
g.csrf_valid = True
return
@app.before_request
def csrf_protect():
if not app.config['WTF_CSRF_ENABLED']:
return _set_csrf_valid_true()
if not app.config['WTF_CSRF_CHECK_DEFAULT']:
return _set_csrf_valid_true()
if request.method not in app.config['WTF_CSRF_METHODS']:
return _set_csrf_valid_true()
if not request.endpoint:
return _set_csrf_valid_true()
view = app.view_functions.get(request.endpoint)
if not view:
return _set_csrf_valid_true()
if request.blueprint in self._exempt_blueprints:
return _set_csrf_valid_true()
dest = '%s.%s' % (view.__module__, view.__name__)
if dest in self._exempt_views:
return _set_csrf_valid_true()
self.protect()