Use pyramid.csrf independent API #230

slav0nic · 2019-06-26T14:39:21Z

remove CSRF related code from session
use default get_csrf_token() function in templates
update CSRF validator for deform2
use token functions directly (request.session.* -> pyramid.csrf.*)
default CSRF policy is SessionCSRFStoragePolicy (store token in session)
update tests
update docs

It's break some request.session.get_csrf_token() calls, now you must use standard get_csrf_token() (that available in templates too). About backward compability - i don't think that it really needed, websauna is still in alfa and upgrading to new API is trivial task.

TODO: update websauna.magiclogin, blog and check other apps.

* remove CSRF related code from session * use default get_csrf_token() function in templates * update CSRF validator for deform2 * use token functions directly (request.session.* -> pyramid.csrf.*)

By default Pyramid 1.10 still use `LegacySessionCSRFStoragePolicy`

codecov-io · 2019-06-26T14:48:59Z

Codecov Report

Merging #230 into master will decrease coverage by 0.01%.
The diff coverage is 100%.

@@            Coverage Diff             @@
##           master     #230      +/-   ##
==========================================
- Coverage   78.64%   78.63%   -0.02%     
==========================================
  Files         133      133              
  Lines        5803     5800       -3     
  Branches      627      626       -1     
==========================================
- Hits         4564     4561       -3     
  Misses        997      997              
  Partials      242      242

Impacted Files	Coverage Δ
websauna/system/core/session.py	`89.77% <ø> (-0.66%)`	⬇️
websauna/system/form/csrf.py	`100% <100%> (ø)`	⬆️
websauna/system/__init__.py	`88.75% <100%> (+0.05%)`	⬆️
websauna/system/core/views/badcsrftoken.py	`100% <100%> (ø)`	⬆️

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update b7b5525...efc21a1. Read the comment docs.

codecov-commenter · 2020-09-26T07:15:08Z

Codecov Report

Merging #230 into master will decrease coverage by 0.01%.
The diff coverage is 100.00%.

@@            Coverage Diff             @@
##           master     #230      +/-   ##
==========================================
- Coverage   78.64%   78.63%   -0.02%     
==========================================
  Files         133      133              
  Lines        5803     5800       -3     
  Branches      627      626       -1     
==========================================
- Hits         4564     4561       -3     
  Misses        997      997              
  Partials      242      242

Impacted Files	Coverage Δ
websauna/system/core/session.py	`89.77% <ø> (-0.66%)`	⬇️
websauna/system/__init__.py	`88.75% <100.00%> (+0.05%)`	⬆️
websauna/system/core/views/badcsrftoken.py	`100.00% <100.00%> (ø)`
websauna/system/form/csrf.py	`100.00% <100.00%> (ø)`

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update af56e8a...efc21a1. Read the comment docs.

slav0nic added 3 commits June 26, 2019 17:37

Use pyramid.csrf independent API

8d237e4

* remove CSRF related code from session * use default get_csrf_token() function in templates * update CSRF validator for deform2 * use token functions directly (request.session.* -> pyramid.csrf.*)

Use SessionCSRFStoragePolicy

449b306

By default Pyramid 1.10 still use `LegacySessionCSRFStoragePolicy`

Update docs

6d0037e

slav0nic marked this pull request as ready for review June 26, 2019 18:18

update test_csrf

efc21a1

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Use pyramid.csrf independent API #230

Use pyramid.csrf independent API #230

Use pyramid.csrf independent API #230

Are you sure you want to change the base?

Use pyramid.csrf independent API #230

Conversation

Codecov Report

Codecov Report