summaryrefslogtreecommitdiff
path: root/service/pixelated/resources/session.py
diff options
context:
space:
mode:
authorRoald de Vries <rdevries@thoughtworks.com>2016-11-30 16:11:27 +0100
committerRoald de Vries <rdevries@thoughtworks.com>2016-11-30 16:11:27 +0100
commit13378255c02b97184132881599ed47826963f54a (patch)
tree01a47f844f581a12dae9d022be19d4010433633e /service/pixelated/resources/session.py
parenta493da72d53fe90d679d7fa1980dd185415d9be3 (diff)
add csrf token to login form
Diffstat (limited to 'service/pixelated/resources/session.py')
-rw-r--r--service/pixelated/resources/session.py10
1 files changed, 10 insertions, 0 deletions
diff --git a/service/pixelated/resources/session.py b/service/pixelated/resources/session.py
index 9ade8d29..0e46ad8f 100644
--- a/service/pixelated/resources/session.py
+++ b/service/pixelated/resources/session.py
@@ -13,11 +13,15 @@
#
# You should have received a copy of the GNU Affero General Public License
# along with Pixelated. If not, see <http://www.gnu.org/licenses/>.
+import hashlib
+import os
from zope.interface import Interface, Attribute, implements
from twisted.python.components import registerAdapter
from twisted.web.server import Session
+CSRF_TOKEN_LENGTH = 32
+
class IPixelatedSession(Interface):
user_uuid = Attribute('The uuid of the currently logged in user')
@@ -28,6 +32,7 @@ class PixelatedSession(object):
def __init__(self, session):
self.user_uuid = None
+ self._csrf_token = None
def is_logged_in(self):
return self.user_uuid is not None
@@ -35,5 +40,10 @@ class PixelatedSession(object):
def expire(self):
self.user_uuid = None
+ def get_csrf_token(self):
+ if self._csrf_token is None:
+ self._csrf_token = hashlib.sha256(os.urandom(CSRF_TOKEN_LENGTH)).hexdigest()
+ return self._csrf_token
+
registerAdapter(PixelatedSession, Session, IPixelatedSession)
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-06 12:57:58 +0000