PEP8-ification.

This commit is contained in:
Nathan Yergler 2011-10-01 12:48:43 -07:00
parent 6bfbe02426
commit 5d2abe45b2

View File

@ -37,14 +37,16 @@ class CsrfForm(Form):
csrf_token = HiddenField("", csrf_token = HiddenField("",
[validators.Required()]) [validators.Required()])
def render_csrf_form_token(request): def render_csrf_form_token(request):
"""Render the CSRF token in a format suitable for inclusion in a """Render the CSRF token in a format suitable for inclusion in a
form.""" form."""
form = CsrfForm(csrf_token = request.environ['CSRF_TOKEN']) form = CsrfForm(csrf_token=request.environ['CSRF_TOKEN'])
return form.csrf_token return form.csrf_token
class CsrfMiddleware(object): class CsrfMiddleware(object):
"""CSRF Protection Middleware """CSRF Protection Middleware
@ -87,7 +89,8 @@ class CsrfMiddleware(object):
response.set_cookie( response.set_cookie(
mg_globals.app_config['csrf_cookie_name'], mg_globals.app_config['csrf_cookie_name'],
request.environ['CSRF_TOKEN'], request.environ['CSRF_TOKEN'],
max_age=60*60*24*7*52, path='/', max_age=60 * 60 * 24 * 7 * 52,
path='/',
domain=mg_globals.app_config.get('csrf_cookie_domain', None), domain=mg_globals.app_config.get('csrf_cookie_domain', None),
secure=(request.scheme.lower() == 'https'), secure=(request.scheme.lower() == 'https'),
httponly=True) httponly=True)
@ -100,8 +103,7 @@ class CsrfMiddleware(object):
return hashlib.md5("%s%s" % return hashlib.md5("%s%s" %
(randrange(0, self.MAX_CSRF_KEY), (randrange(0, self.MAX_CSRF_KEY),
mg_globals.app_config['secret_key']) mg_globals.app_config['secret_key'])).hexdigest()
).hexdigest()
def verify_tokens(self, request): def verify_tokens(self, request):
"""Verify that the CSRF Cookie exists and that it matches the """Verify that the CSRF Cookie exists and that it matches the
@ -128,4 +130,3 @@ class CsrfMiddleware(object):
# either the tokens didn't match or the form token wasn't # either the tokens didn't match or the form token wasn't
# present; either way, the request is denied # present; either way, the request is denied
return HTTPForbidden() return HTTPForbidden()