[MediaWiki-commits] [Gerrit] added csrf back into Metric forms - change (analytics/wikimetrics)

Fri, 05 Jul 2013 07:52:20 -0700 

Milimetric has uploaded a new change for review.

  https://gerrit.wikimedia.org/r/72098


Change subject: added csrf back into Metric forms
......................................................................

added csrf back into Metric forms

Change-Id: I25deb7f64a538e205c49bf0d058b3d6cc729cef9
---
M wikimetrics/metrics/metric.py
M wikimetrics/metrics/namespace_edits.py
M wikimetrics/templates/form_for_metrics.html
M wikimetrics/templates/layout.html
4 files changed, 23 insertions(+), 17 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/analytics/wikimetrics 
refs/changes/98/72098/1

diff --git a/wikimetrics/metrics/metric.py b/wikimetrics/metrics/metric.py
index 573f225..ebf5cb9 100644
--- a/wikimetrics/metrics/metric.py
+++ b/wikimetrics/metrics/metric.py
@@ -1,4 +1,5 @@
-from wtforms import Form
+from wtforms.ext.csrf.session import SessionSecureForm
+from wikimetrics.configurables import app
 import logging
 logger = logging.getLogger(__name__)
 
@@ -7,8 +8,7 @@
 ]
 
 
-# TODO: implement csrf request token since we're no longer using wtf.Form
-class Metric(Form):
+class Metric(SessionSecureForm):
     """
     This class is the parent of all Metric implementations.
     Child implementations should be callable and should take in users
@@ -38,15 +38,17 @@
         """
         return {user: None for user in user_ids}
     
-    #def __init__(self, *args, **kwargs):
-        #"""
-        #This __init__ handles the problem with calling Form.__init__()
-        #outside of a flask request context.
-        #"""
-        #try:
-            #Form.__init__(self, *args, **kwargs)
-        #except(RuntimeError):
-            #logger.debug(
-                #'initializing Metric outside Flask context,'
-                #'most likely in testing or interactive mode'
-            #)
+    def __init__(self, *args, **kwargs):
+        """
+        Initialize the things required by SessionSecureForm to do its job
+        This __init__ handles the problem with calling 
SessionSecureForm.__init__()
+        outside of a flask request context.
+        """
+        self.SECRET_KEY = 'not really secret, this will only happen in a 
testing context'
+        csrf_context = {}
+        
+        if app:
+            # TODO: need to set csrf_context to something? (the flask session 
maybe?)
+            self.SECRET_KEY = app.config['SECRET_KEY']
+        
+        SessionSecureForm.__init__(self, csrf_context=csrf_context, *args, 
**kwargs)
diff --git a/wikimetrics/metrics/namespace_edits.py 
b/wikimetrics/metrics/namespace_edits.py
index d427f96..dfb5604 100644
--- a/wikimetrics/metrics/namespace_edits.py
+++ b/wikimetrics/metrics/namespace_edits.py
@@ -13,7 +13,6 @@
 class CommaSeparatedIntegerListField(Field):
     
     
-    print 'parsing CommaSeparatedIntegerListField.__iter__()'
     def __iter__(self):
         return iter(self.data)
     
diff --git a/wikimetrics/templates/form_for_metrics.html 
b/wikimetrics/templates/form_for_metrics.html
index 377e397..45523be 100644
--- a/wikimetrics/templates/form_for_metrics.html
+++ b/wikimetrics/templates/form_for_metrics.html
@@ -1,6 +1,7 @@
 <form class="form-horizontal metric-configuration" method="POST" 
action="{{action}}" data-bind="submit: $root.saveMetricConfiguration">
     {# TODO: flask-wtf does nice things, bring this back: form.hidden_tag() #}
-    {% for f in form if f.label.text != 'Csrf Token' %}
+    {% for f in form %}
+    {% if f.name != 'csrf_token' %}
         <div class="control-group">
             {{ f.label(class="control-label") }}
             <div class="controls">
@@ -18,6 +19,9 @@
                 {% endif %}
             </div>
         </div>
+    {% else %}
+        {{ f }}
+    {% endif %}
     {% endfor %}
     <div class="form-actions">
         <input class="btn btn-primary" type="submit" value="Save 
Configuration"/>
diff --git a/wikimetrics/templates/layout.html 
b/wikimetrics/templates/layout.html
index 6a1af7e..50eb443 100644
--- a/wikimetrics/templates/layout.html
+++ b/wikimetrics/templates/layout.html
@@ -2,6 +2,7 @@
 <html lang="en">
 <head>
 <title>Wiki Metrics</title>
+<!-- TODO: set long expire header for favicon in Apache -->
 <link rel="shortcut icon" href="{{ url_for('static', filename='favicon.ico') 
}}">
 
 <link rel="stylesheet" type="text/css" href="{{ url_for('static', 
filename='css/bootstrap.css') }}">

-- 
To view, visit https://gerrit.wikimedia.org/r/72098
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I25deb7f64a538e205c49bf0d058b3d6cc729cef9
Gerrit-PatchSet: 1
Gerrit-Project: analytics/wikimetrics
Gerrit-Branch: master
Gerrit-Owner: Milimetric <[email protected]>

_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

Reply via email to