[#801] Merge branch 'signup'

1 files changed, 10 insertions, 0 deletions

diff --git a/service/pixelated/resources/session.py b/service/pixelated/resources/session.py
index 9ade8d29..0e46ad8f 100644
--- a/service/pixelated/resources/session.py
+++ b/service/pixelated/resources/session.py
@@ -13,11 +13,15 @@
 #
 # You should have received a copy of the GNU Affero General Public License
 # along with Pixelated. If not, see <http://www.gnu.org/licenses/>.
+import hashlib
+import os
 
 from zope.interface import Interface, Attribute, implements
 from twisted.python.components import registerAdapter
 from twisted.web.server import Session
 
+CSRF_TOKEN_LENGTH = 32
+
 
 class IPixelatedSession(Interface):
     user_uuid = Attribute('The uuid of the currently logged in user')
@@ -28,6 +32,7 @@ class PixelatedSession(object):
 
     def __init__(self, session):
         self.user_uuid = None
+        self._csrf_token = None
 
     def is_logged_in(self):
         return self.user_uuid is not None
@@ -35,5 +40,10 @@ class PixelatedSession(object):
     def expire(self):
         self.user_uuid = None
 
+    def get_csrf_token(self):
+        if self._csrf_token is None:
+            self._csrf_token = hashlib.sha256(os.urandom(CSRF_TOKEN_LENGTH)).hexdigest()
+        return self._csrf_token
+
 
 registerAdapter(PixelatedSession, Session, IPixelatedSession)