rhodecode-enterprise-ce Commit - r2101:5e992dcb

1298

meta.Session.remove()

1298

meta.Session.remove()

1299

1300

1301

def get_csrf_token(session=~~None~~, force_new=False, save_if_missing=True):

1301

def get_csrf_token(session, force_new=False, save_if_missing=True):

1302

"""

1302

"""

1303

Return the current authentication token, creating one if one doesn't

1303

Return the current authentication token, creating one if one doesn't

1304

already exist and the save_if_missing flag is present.

1304

already exist and the save_if_missing flag is present.

1311

# NOTE(marcink): probably should be replaced with below one from pyramid 1.9

1311

# NOTE(marcink): probably should be replaced with below one from pyramid 1.9

1312

# from pyramid.csrf import get_csrf_token

1312

# from pyramid.csrf import get_csrf_token

1313

1314

if not session:

1315

from pylons import session

1316

1317

if (csrf_token_key not in session and save_if_missing) or force_new:

1314

if (csrf_token_key not in session and save_if_missing) or force_new:

1318

token = hashlib.sha1(str(random.getrandbits(128))).hexdigest()

1315

token = hashlib.sha1(str(random.getrandbits(128))).hexdigest()

1319

session[csrf_token_key] = token

1316

session[csrf_token_key] = token

1372

if request.method in self.except_methods:

1369

if request.method in self.except_methods:

1373

return func(*fargs, **fkwargs)

1370

return func(*fargs, **fkwargs)

1374

1371

1375

cur_token = get_csrf_token(save_if_missing=False)

1372

cur_token = get_csrf_token(request.session, save_if_missing=False)

1376

if self.check_csrf(request, cur_token):

1373

if self.check_csrf(request, cur_token):

1377

if request.POST.get(self.token):

1374

if request.POST.get(self.token):

1378

del request.POST[self.token]

1375

del request.POST[self.token]

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages

                     meta.Session.remove()
-            def get_csrf_token(session=None, force_new=False, save_if_missing=True):
+            def get_csrf_token(session, force_new=False, save_if_missing=True):
                 """
                 Return the current authentication token, creating one if one doesn't
                 already exist and the save_if_missing flag is present.
                 # NOTE(marcink): probably should be replaced with below one from pyramid 1.9
                 # from pyramid.csrf import get_csrf_token
-                if not session:
-                    from pylons import session
                 if (csrf_token_key not in session and save_if_missing) or force_new:
                     token = hashlib.sha1(str(random.getrandbits(128))).hexdigest()
                     session[csrf_token_key] = token
                     if request.method in self.except_methods:
                         return func(*fargs, **fkwargs)
-                    cur_token = get_csrf_token(save_if_missing=False)
+                    cur_token = get_csrf_token(request.session, save_if_missing=False)
                     if self.check_csrf(request, cur_token):
                         if request.POST.get(self.token):
                             del request.POST[self.token]