give CSRF token to template engine

This commit is contained in:
b3yond 2019-01-27 15:56:19 +01:00
parent d0feecc9b2
commit 9e6e8aadfe

17
user.py
View file

@ -1,5 +1,5 @@
from config import config
from bottle import response
from bottle import response, request
from db import db
import jwt
from mastodon import Mastodon
@ -11,10 +11,15 @@ class User(object):
def __init__(self, uid):
# set cookie
response.set_cookie('uid', uid, secret=db.get_secret(), path='/')
allchar = "1234567890"
response.set_cookie('csrf', "".join(choice(allchar) for x in [32]),
db.get_secret(), path='/')
self.uid = uid
response.set_cookie('csrf', self.get_csrf(), db.get_secret(), path='/')
def get_csrf(self):
csrf_token = request.get_cookie('csrf')
if not csrf_token:
allchar = "1234567890"
csrf_token = "".join(choice(allchar) for x in [32])
return csrf_token
def check_password(self, password):
db.execute("SELECT passhash FROM user WHERE id=?;", (self.uid,))
@ -239,6 +244,7 @@ schlitz
# - mail_md
# - goodlist
# - blocklist
# - csrf
# - logged in with twitter?
# - logged in with mastodon?
# - enabled?
@ -248,7 +254,8 @@ schlitz
mail_md=citydict['mail_md'],
triggerwords=self.get_trigger_words(),
badwords=self.get_badwords(),
enabled=self.enabled)
enabled=self.enabled,
csrf=self.get_csrf())
def save_request_token(self, token):
db.execute("""INSERT INTO