summaryrefslogtreecommitdiff
path: root/service/pixelated/resources/__init__.py
diff options
context:
space:
mode:
authorRoald de Vries <rdevries@thoughtworks.com>2016-12-07 15:26:10 +0100
committerRoald de Vries <rdevries@thoughtworks.com>2016-12-07 15:26:10 +0100
commitd10f607a4d40587510b0dc31b31fe4750bf4a3a3 (patch)
treedb016bb0878989249e0f329e2162d11067b0f8b7 /service/pixelated/resources/__init__.py
parentc28abba2f5b1186c671ebef508d40ffaae6d5bc5 (diff)
parenteaf2019b6e977d1191e0ee12f694a02bb9612f83 (diff)
[#801] Merge branch 'signup'
Diffstat (limited to 'service/pixelated/resources/__init__.py')
-rw-r--r--service/pixelated/resources/__init__.py10
1 files changed, 9 insertions, 1 deletions
diff --git a/service/pixelated/resources/__init__.py b/service/pixelated/resources/__init__.py
index 11611f0b..023758de 100644
--- a/service/pixelated/resources/__init__.py
+++ b/service/pixelated/resources/__init__.py
@@ -13,8 +13,9 @@
#
# You should have received a copy of the GNU Affero General Public License
# along with Pixelated. If not, see <http://www.gnu.org/licenses/>.
-
+import hashlib
import json
+import os
from twisted.web.http import UNAUTHORIZED
from twisted.web.resource import Resource
@@ -26,6 +27,8 @@ from twisted.web.http import INTERNAL_SERVER_ERROR, SERVICE_UNAVAILABLE
log = Logger()
+CSRF_TOKEN_LENGTH = 32
+
class SetEncoder(json.JSONEncoder):
def default(self, obj):
@@ -62,6 +65,11 @@ class BaseResource(Resource):
Resource.__init__(self)
self._services_factory = services_factory
+ def _add_csrf_cookie(self, request):
+ csrf_token = IPixelatedSession(request.getSession()).get_csrf_token()
+ request.addCookie('XSRF-TOKEN', csrf_token)
+ log.debug('XSRF-TOKEN added: %s' % csrf_token)
+
def _get_user_id_from_request(self, request):
if self._services_factory.mode.is_single_user:
return None # it doesn't matter
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-20 19:55:35 +0000