Added utils.views.CSRFMixin to append the csrf token to a view

Fixes: #1476
This commit is contained in:
Oskar Hahn 2015-02-17 20:07:44 +01:00
parent 7f8ad4bfcc
commit cfdabfbb40
3 changed files with 35 additions and 18 deletions

View File

@ -10,7 +10,6 @@ from django.utils.importlib import import_module
from django.utils.translation import ugettext as _ from django.utils.translation import ugettext as _
from haystack.views import SearchView as _SearchView from haystack.views import SearchView as _SearchView
from django.http import HttpResponse from django.http import HttpResponse
from django.views.decorators.csrf import ensure_csrf_cookie
from openslides import get_version as get_openslides_version from openslides import get_version as get_openslides_version
from openslides import get_git_commit_id, RELEASE from openslides import get_git_commit_id, RELEASE
@ -27,7 +26,7 @@ from .exceptions import TagException
from .serializers import CustomSlideSerializer, TagSerializer from .serializers import CustomSlideSerializer, TagSerializer
class IndexView(utils_views.View): class IndexView(utils_views.CSRFMixin, utils_views.View):
""" """
The primary view for OpenSlides using AngularJS. The primary view for OpenSlides using AngularJS.
@ -36,14 +35,6 @@ class IndexView(utils_views.View):
to the custom staticfiles directory. See STATICFILES_DIRS in settings.py. to the custom staticfiles directory. See STATICFILES_DIRS in settings.py.
""" """
@classmethod
def as_view(cls, *args, **kwargs):
"""
Makes sure that the csrf cookie is send.
"""
view = super().as_view(*args, **kwargs)
return ensure_csrf_cookie(view)
def get(self, *args, **kwargs): def get(self, *args, **kwargs):
with open(finders.find('templates/index.html')) as f: with open(finders.find('templates/index.html')) as f:
content = f.read() content = f.read()

View File

@ -7,14 +7,16 @@ from django.contrib.auth.decorators import login_required
from django.core.context_processors import csrf from django.core.context_processors import csrf
from django.core.exceptions import ImproperlyConfigured, PermissionDenied from django.core.exceptions import ImproperlyConfigured, PermissionDenied
from django.core.urlresolvers import reverse from django.core.urlresolvers import reverse
from django.http import (HttpResponse, HttpResponseRedirect) from django.http import HttpResponse, HttpResponseRedirect
from django.utils.decorators import method_decorator from django.utils.decorators import method_decorator
from django.utils.translation import ugettext as _, ugettext_lazy from django.utils.translation import ugettext as _
from django.utils.translation import ugettext_lazy
from django.views import generic as django_views from django.views import generic as django_views
from django.views.decorators.csrf import ensure_csrf_cookie
from reportlab.lib.units import cm from reportlab.lib.units import cm
from reportlab.platypus import SimpleDocTemplate, Spacer from reportlab.platypus import SimpleDocTemplate, Spacer
from rest_framework.views import APIView as _APIView
from rest_framework.response import Response from rest_framework.response import Response
from rest_framework.views import APIView as _APIView
from .exceptions import OpenSlidesError from .exceptions import OpenSlidesError
from .forms import CSVImportForm from .forms import CSVImportForm
@ -25,7 +27,7 @@ from .utils import html_strong
View = django_views.View View = django_views.View
class LoginMixin(object): class LoginMixin:
""" """
Mixin for Views, that only can be viseted from users how are logedin. Mixin for Views, that only can be viseted from users how are logedin.
""" """
@ -38,7 +40,7 @@ class LoginMixin(object):
return super().dispatch(request, *args, **kwargs) return super().dispatch(request, *args, **kwargs)
class PermissionMixin(object): class PermissionMixin:
""" """
Mixin for views, that only can be visited from users with special Mixin for views, that only can be visited from users with special
permissions. permissions.
@ -73,7 +75,7 @@ class PermissionMixin(object):
return super().dispatch(request, *args, **kwargs) return super().dispatch(request, *args, **kwargs)
class AjaxMixin(object): class AjaxMixin:
""" """
Mixin to response to an ajax request with an json object. Mixin to response to an ajax request with an json object.
""" """
@ -97,7 +99,7 @@ class AjaxMixin(object):
return HttpResponse(json.dumps(self.get_ajax_context())) return HttpResponse(json.dumps(self.get_ajax_context()))
class ExtraContextMixin(object): class ExtraContextMixin:
""" """
Mixin to send the signal 'template_manipulation' to add extra content to the Mixin to send the signal 'template_manipulation' to add extra content to the
context of the view. context of the view.
@ -115,7 +117,7 @@ class ExtraContextMixin(object):
return context return context
class UrlMixin(object): class UrlMixin:
url_name_args = None url_name_args = None
def get_url(self, url_name=None, url=None, args=None, use_absolute_url_link=None): def get_url(self, url_name=None, url=None, args=None, use_absolute_url_link=None):
@ -280,6 +282,17 @@ class ModelFormMixin(FormMixin):
form.save_m2m() form.save_m2m()
class CSRFMixin:
"""
Adds the csrf cookie to the response.
"""
@classmethod
def as_view(cls, *args, **kwargs):
view = super().as_view(*args, **kwargs)
return ensure_csrf_cookie(view)
class TemplateView(PermissionMixin, ExtraContextMixin, django_views.TemplateView): class TemplateView(PermissionMixin, ExtraContextMixin, django_views.TemplateView):
""" """
View to return with an template. View to return with an template.

View File

@ -331,3 +331,16 @@ class TestAPIView(TestCase):
self.assertFalse( self.assertFalse(
hasattr(views.APIView, 'method_call'), hasattr(views.APIView, 'method_call'),
"The APIView should not have the method 'method_call'") "The APIView should not have the method 'method_call'")
class TestCSRFMixin(TestCase):
@patch('builtins.super')
def test_as_view(self, mock_super):
"""
Tests, that ensure_csrf_cookie is called.
"""
mock_super().as_view.return_value = 'super_view'
with patch('openslides.utils.views.ensure_csrf_cookie') as ensure_csrf_cookie:
views.CSRFMixin.as_view()
ensure_csrf_cookie.assert_called_once_with('super_view')