Added utils.views.CSRFMixin to append the csrf token to a view
Fixes: #1476
This commit is contained in:
Oskar Hahn
parent
7f8ad4bfcc
commit
cfdabfbb40
@ -10,7 +10,6 @@ from django.utils.importlib import import_module
|
|||||||
from django.utils.translation import ugettext as _
|
from django.utils.translation import ugettext as _
|
||||||
from haystack.views import SearchView as _SearchView
|
from haystack.views import SearchView as _SearchView
|
||||||
from django.http import HttpResponse
|
from django.http import HttpResponse
|
||||||
from django.views.decorators.csrf import ensure_csrf_cookie
|
|
||||||
|
|
||||||
from openslides import get_version as get_openslides_version
|
from openslides import get_version as get_openslides_version
|
||||||
from openslides import get_git_commit_id, RELEASE
|
from openslides import get_git_commit_id, RELEASE
|
||||||
@ -27,7 +26,7 @@ from .exceptions import TagException
|
|||||||
from .serializers import CustomSlideSerializer, TagSerializer
|
from .serializers import CustomSlideSerializer, TagSerializer
|
||||||
|
|
||||||
|
|
||||||
class IndexView(utils_views.View):
|
class IndexView(utils_views.CSRFMixin, utils_views.View):
|
||||||
"""
|
"""
|
||||||
The primary view for OpenSlides using AngularJS.
|
The primary view for OpenSlides using AngularJS.
|
||||||
|
|
||||||
@ -36,14 +35,6 @@ class IndexView(utils_views.View):
|
|||||||
to the custom staticfiles directory. See STATICFILES_DIRS in settings.py.
|
to the custom staticfiles directory. See STATICFILES_DIRS in settings.py.
|
||||||
"""
|
"""
|
||||||
|
|
||||||
@classmethod
|
|
||||||
def as_view(cls, *args, **kwargs):
|
|
||||||
"""
|
|
||||||
Makes sure that the csrf cookie is send.
|
|
||||||
"""
|
|
||||||
view = super().as_view(*args, **kwargs)
|
|
||||||
return ensure_csrf_cookie(view)
|
|
||||||
|
|
||||||
def get(self, *args, **kwargs):
|
def get(self, *args, **kwargs):
|
||||||
with open(finders.find('templates/index.html')) as f:
|
with open(finders.find('templates/index.html')) as f:
|
||||||
content = f.read()
|
content = f.read()
|
||||||
|
|||||||
@ -7,14 +7,16 @@ from django.contrib.auth.decorators import login_required
|
|||||||
from django.core.context_processors import csrf
|
from django.core.context_processors import csrf
|
||||||
from django.core.exceptions import ImproperlyConfigured, PermissionDenied
|
from django.core.exceptions import ImproperlyConfigured, PermissionDenied
|
||||||
from django.core.urlresolvers import reverse
|
from django.core.urlresolvers import reverse
|
||||||
from django.http import (HttpResponse, HttpResponseRedirect)
|
from django.http import HttpResponse, HttpResponseRedirect
|
||||||
from django.utils.decorators import method_decorator
|
from django.utils.decorators import method_decorator
|
||||||
from django.utils.translation import ugettext as _, ugettext_lazy
|
from django.utils.translation import ugettext as _
|
||||||
|
from django.utils.translation import ugettext_lazy
|
||||||
from django.views import generic as django_views
|
from django.views import generic as django_views
|
||||||
|
from django.views.decorators.csrf import ensure_csrf_cookie
|
||||||
from reportlab.lib.units import cm
|
from reportlab.lib.units import cm
|
||||||
from reportlab.platypus import SimpleDocTemplate, Spacer
|
from reportlab.platypus import SimpleDocTemplate, Spacer
|
||||||
from rest_framework.views import APIView as _APIView
|
|
||||||
from rest_framework.response import Response
|
from rest_framework.response import Response
|
||||||
|
from rest_framework.views import APIView as _APIView
|
||||||
|
|
||||||
from .exceptions import OpenSlidesError
|
from .exceptions import OpenSlidesError
|
||||||
from .forms import CSVImportForm
|
from .forms import CSVImportForm
|
||||||
@ -25,7 +27,7 @@ from .utils import html_strong
|
|||||||
View = django_views.View
|
View = django_views.View
|
||||||
|
|
||||||
|
|
||||||
class LoginMixin(object):
|
class LoginMixin:
|
||||||
"""
|
"""
|
||||||
Mixin for Views, that only can be viseted from users how are logedin.
|
Mixin for Views, that only can be viseted from users how are logedin.
|
||||||
"""
|
"""
|
||||||
@ -38,7 +40,7 @@ class LoginMixin(object):
|
|||||||
return super().dispatch(request, *args, **kwargs)
|
return super().dispatch(request, *args, **kwargs)
|
||||||
|
|
||||||
|
|
||||||
class PermissionMixin(object):
|
class PermissionMixin:
|
||||||
"""
|
"""
|
||||||
Mixin for views, that only can be visited from users with special
|
Mixin for views, that only can be visited from users with special
|
||||||
permissions.
|
permissions.
|
||||||
@ -73,7 +75,7 @@ class PermissionMixin(object):
|
|||||||
return super().dispatch(request, *args, **kwargs)
|
return super().dispatch(request, *args, **kwargs)
|
||||||
|
|
||||||
|
|
||||||
class AjaxMixin(object):
|
class AjaxMixin:
|
||||||
"""
|
"""
|
||||||
Mixin to response to an ajax request with an json object.
|
Mixin to response to an ajax request with an json object.
|
||||||
"""
|
"""
|
||||||
@ -97,7 +99,7 @@ class AjaxMixin(object):
|
|||||||
return HttpResponse(json.dumps(self.get_ajax_context()))
|
return HttpResponse(json.dumps(self.get_ajax_context()))
|
||||||
|
|
||||||
|
|
||||||
class ExtraContextMixin(object):
|
class ExtraContextMixin:
|
||||||
"""
|
"""
|
||||||
Mixin to send the signal 'template_manipulation' to add extra content to the
|
Mixin to send the signal 'template_manipulation' to add extra content to the
|
||||||
context of the view.
|
context of the view.
|
||||||
@ -115,7 +117,7 @@ class ExtraContextMixin(object):
|
|||||||
return context
|
return context
|
||||||
|
|
||||||
|
|
||||||
class UrlMixin(object):
|
class UrlMixin:
|
||||||
url_name_args = None
|
url_name_args = None
|
||||||
|
|
||||||
def get_url(self, url_name=None, url=None, args=None, use_absolute_url_link=None):
|
def get_url(self, url_name=None, url=None, args=None, use_absolute_url_link=None):
|
||||||
@ -280,6 +282,17 @@ class ModelFormMixin(FormMixin):
|
|||||||
form.save_m2m()
|
form.save_m2m()
|
||||||
|
|
||||||
|
|
||||||
|
class CSRFMixin:
|
||||||
|
"""
|
||||||
|
Adds the csrf cookie to the response.
|
||||||
|
"""
|
||||||
|
|
||||||
|
@classmethod
|
||||||
|
def as_view(cls, *args, **kwargs):
|
||||||
|
view = super().as_view(*args, **kwargs)
|
||||||
|
return ensure_csrf_cookie(view)
|
||||||
|
|
||||||
|
|
||||||
class TemplateView(PermissionMixin, ExtraContextMixin, django_views.TemplateView):
|
class TemplateView(PermissionMixin, ExtraContextMixin, django_views.TemplateView):
|
||||||
"""
|
"""
|
||||||
View to return with an template.
|
View to return with an template.
|
||||||
|
|||||||
@ -331,3 +331,16 @@ class TestAPIView(TestCase):
|
|||||||
self.assertFalse(
|
self.assertFalse(
|
||||||
hasattr(views.APIView, 'method_call'),
|
hasattr(views.APIView, 'method_call'),
|
||||||
"The APIView should not have the method 'method_call'")
|
"The APIView should not have the method 'method_call'")
|
||||||
|
|
||||||
|
|
||||||
|
class TestCSRFMixin(TestCase):
|
||||||
|
@patch('builtins.super')
|
||||||
|
def test_as_view(self, mock_super):
|
||||||
|
"""
|
||||||
|
Tests, that ensure_csrf_cookie is called.
|
||||||
|
"""
|
||||||
|
mock_super().as_view.return_value = 'super_view'
|
||||||
|
with patch('openslides.utils.views.ensure_csrf_cookie') as ensure_csrf_cookie:
|
||||||
|
views.CSRFMixin.as_view()
|
||||||
|
|
||||||
|
ensure_csrf_cookie.assert_called_once_with('super_view')
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user