On 3 October 2011 20:15, Bobby <[email protected]> wrote:
> I was thinking of editing the deform.form class and adding the request
> as a keyword param. The request would then be used to create a token
> attribute in the __init__ method with the rest of the attributes. Then
> I would create a custom form template and add a hidden field with the
> csrf token.
Or you could shamelessly add it to your ``formid``, e.g.
Form(formid="deform-%s" % self.request.session.get_crsf_token())
> That takes care of creating the token. Now to checking.
If you're using ``pyramid_deform``, then you could subclass and add:
@reify
def crsf(self):
return self.request.session.get_csrf_token()
@reify
def form_class(self):
return functools.partial(
deform.form.Form,
formid="deform-%s" % self.crsf,
)
def __getattribute__(self, name):
value = object.__getattribute__(self, name)
if name.endswith('_success'):
def crsf_validator(data, crsf=self.crsf, post=self.request.POST):
formid = post.get('__formid__')
token = formid.split('-')[-1]
if token != crsf:
raise HTTPUnauthorized("CRSF validation error")
return value(data)
return crsf_validator
return value
\malthe
--
You received this message because you are subscribed to the Google Groups
"pylons-discuss" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/pylons-discuss?hl=en.
