forked from ticketfrei/ticketfrei
give CSRF token to template engine
This commit is contained in:
parent
d0feecc9b2
commit
9e6e8aadfe
17
user.py
17
user.py
|
@ -1,5 +1,5 @@
|
|||
from config import config
|
||||
from bottle import response
|
||||
from bottle import response, request
|
||||
from db import db
|
||||
import jwt
|
||||
from mastodon import Mastodon
|
||||
|
@ -11,10 +11,15 @@ class User(object):
|
|||
def __init__(self, uid):
|
||||
# set cookie
|
||||
response.set_cookie('uid', uid, secret=db.get_secret(), path='/')
|
||||
allchar = "1234567890"
|
||||
response.set_cookie('csrf', "".join(choice(allchar) for x in [32]),
|
||||
db.get_secret(), path='/')
|
||||
self.uid = uid
|
||||
response.set_cookie('csrf', self.get_csrf(), db.get_secret(), path='/')
|
||||
|
||||
def get_csrf(self):
|
||||
csrf_token = request.get_cookie('csrf')
|
||||
if not csrf_token:
|
||||
allchar = "1234567890"
|
||||
csrf_token = "".join(choice(allchar) for x in [32])
|
||||
return csrf_token
|
||||
|
||||
def check_password(self, password):
|
||||
db.execute("SELECT passhash FROM user WHERE id=?;", (self.uid,))
|
||||
|
@ -239,6 +244,7 @@ schlitz
|
|||
# - mail_md
|
||||
# - goodlist
|
||||
# - blocklist
|
||||
# - csrf
|
||||
# - logged in with twitter?
|
||||
# - logged in with mastodon?
|
||||
# - enabled?
|
||||
|
@ -248,7 +254,8 @@ schlitz
|
|||
mail_md=citydict['mail_md'],
|
||||
triggerwords=self.get_trigger_words(),
|
||||
badwords=self.get_badwords(),
|
||||
enabled=self.enabled)
|
||||
enabled=self.enabled,
|
||||
csrf=self.get_csrf())
|
||||
|
||||
def save_request_token(self, token):
|
||||
db.execute("""INSERT INTO
|
||||
|
|
Loading…
Reference in a new issue