diff options
author | Milo Casagrande <milo.casagrande@linaro.org> | 2014-07-21 17:39:10 +0200 |
---|---|---|
committer | Milo Casagrande <milo.casagrande@linaro.org> | 2014-07-21 17:39:10 +0200 |
commit | bee2a01334ffcc63bd04102afb6bd11f8264fe2f (patch) | |
tree | af4030a15755340e8f9018a9d222ee1e9460b36b | |
parent | 9b0b63a93732db3ff3f66d2877fd873d8bfcf20b (diff) |
Change how CSFR tokens are generated.
* CSRF token are now generated with a random time limit between
25 and 180 seconds.
Change-Id: I1c47b667da1bb362444093ceef6c0ceac20ea612
-rw-r--r-- | app/dashboard/__init__.py | 16 | ||||
-rw-r--r-- | app/dashboard/templates/boot.html | 2 | ||||
-rw-r--r-- | app/dashboard/templates/boots.html | 2 | ||||
-rw-r--r-- | app/dashboard/templates/builds-all.html | 2 | ||||
-rw-r--r-- | app/dashboard/templates/builds-job-kernel-defconf.html | 2 | ||||
-rw-r--r-- | app/dashboard/templates/builds-job-kernel.html | 2 | ||||
-rw-r--r-- | app/dashboard/templates/index.html | 2 | ||||
-rw-r--r-- | app/dashboard/templates/jobs-all.html | 2 | ||||
-rw-r--r-- | app/dashboard/templates/jobs-job.html | 2 |
9 files changed, 24 insertions, 8 deletions
diff --git a/app/dashboard/__init__.py b/app/dashboard/__init__.py index e24494d..44ebf00 100644 --- a/app/dashboard/__init__.py +++ b/app/dashboard/__init__.py @@ -14,6 +14,7 @@ # along with this program. If not, see <http://www.gnu.org/licenses/>. import os +import random from flask import ( Flask, @@ -24,6 +25,7 @@ from flask import ( ) from flask_wtf.csrf import ( CsrfProtect, + generate_csrf, validate_csrf, ) @@ -48,6 +50,17 @@ from utils.backend import ( ) +def generate_csrf_token(): + """Custom function for tokens generation. + + It returns a CSRF token with a random time limit between 25 and + 180 seconds. + + :return A random CSRF token. + """ + return generate_csrf(time_limit=random.randint(25, 180)) + + # Name of the environment variable that will be lookep up for app configuration # parameters. APP_ENVVAR = 'FLASK_SETTINGS' @@ -62,6 +75,9 @@ if os.environ.get(APP_ENVVAR): CsrfProtect(app) +# Use the custom CSRF token generation. +app.jinja_env.globals['csrf_token_r'] = generate_csrf_token + # General URLs. app.add_url_rule('/', view_func=IndexView.as_view('index'), methods=['GET']) app.add_url_rule( diff --git a/app/dashboard/templates/boot.html b/app/dashboard/templates/boot.html index b7f4be9..69f6c04 100644 --- a/app/dashboard/templates/boot.html +++ b/app/dashboard/templates/boot.html @@ -1,6 +1,6 @@ {%- extends 'base.html' %} {%- block meta -%} - <meta name="csrf-token" content="{{ csrf_token() }}"> + <meta name="csrf-token" content="{{ csrf_token_r() }}"> {%- endblock %} {%- block title %}{{ page_title|safe }}{%- endblock %} {%- block content %} diff --git a/app/dashboard/templates/boots.html b/app/dashboard/templates/boots.html index 8b0ae1c..f89efa1 100644 --- a/app/dashboard/templates/boots.html +++ b/app/dashboard/templates/boots.html @@ -1,6 +1,6 @@ {% extends 'base.html' %} {%- block meta -%} - <meta name="csrf-token" content="{{ csrf_token() }}"> + <meta name="csrf-token" content="{{ csrf_token_r() }}"> {%- endblock %} {%- block title %}{{ page_title|safe }}{%- endblock %} {%- block head %} diff --git a/app/dashboard/templates/builds-all.html b/app/dashboard/templates/builds-all.html index fb1b895..e3ff931 100644 --- a/app/dashboard/templates/builds-all.html +++ b/app/dashboard/templates/builds-all.html @@ -1,6 +1,6 @@ {% extends 'base.html' %} {%- block meta -%} - <meta name="csrf-token" content="{{ csrf_token() }}"> + <meta name="csrf-token" content="{{ csrf_token_r() }}"> {%- endblock %} {%- block title %}{{ page_title|safe }}{%- endblock %} {%- block head %} diff --git a/app/dashboard/templates/builds-job-kernel-defconf.html b/app/dashboard/templates/builds-job-kernel-defconf.html index 1e7ab1b..5e96d4e 100644 --- a/app/dashboard/templates/builds-job-kernel-defconf.html +++ b/app/dashboard/templates/builds-job-kernel-defconf.html @@ -1,6 +1,6 @@ {% extends 'base.html' %} {%- block meta -%} - <meta name="csrf-token" content="{{ csrf_token() }}"> + <meta name="csrf-token" content="{{ csrf_token_r() }}"> {%- endblock %} {%- block title %}{{ page_title|safe }}{%- endblock %} {%- block content %} diff --git a/app/dashboard/templates/builds-job-kernel.html b/app/dashboard/templates/builds-job-kernel.html index 31b7319..6ef8b79 100644 --- a/app/dashboard/templates/builds-job-kernel.html +++ b/app/dashboard/templates/builds-job-kernel.html @@ -1,6 +1,6 @@ {% extends 'base.html' %} {%- block meta -%} - <meta name="csrf-token" content="{{ csrf_token() }}"> + <meta name="csrf-token" content="{{ csrf_token_r() }}"> {%- endblock %} {%- block title %}{{ page_title|safe }}{%- endblock %} {%- block head %} diff --git a/app/dashboard/templates/index.html b/app/dashboard/templates/index.html index ed6e29a..6a78109 100644 --- a/app/dashboard/templates/index.html +++ b/app/dashboard/templates/index.html @@ -1,6 +1,6 @@ {% extends 'base.html' %} {%- block meta -%} - <meta name="csrf-token" content="{{ csrf_token() }}"> + <meta name="csrf-token" content="{{ csrf_token_r() }}"> {%- endblock %} {%- block title %}{{ page_title|safe }}{%- endblock %} {%- block content %} diff --git a/app/dashboard/templates/jobs-all.html b/app/dashboard/templates/jobs-all.html index 948d3d8..78584ab 100644 --- a/app/dashboard/templates/jobs-all.html +++ b/app/dashboard/templates/jobs-all.html @@ -1,6 +1,6 @@ {% extends 'base.html' %} {%- block meta -%} - <meta name="csrf-token" content="{{ csrf_token() }}"> + <meta name="csrf-token" content="{{ csrf_token_r() }}"> {%- endblock %} {%- block title %}{{ page_title|safe }}{%- endblock %} {%- block head %} diff --git a/app/dashboard/templates/jobs-job.html b/app/dashboard/templates/jobs-job.html index 8700f08..a2affa6 100644 --- a/app/dashboard/templates/jobs-job.html +++ b/app/dashboard/templates/jobs-job.html @@ -1,6 +1,6 @@ {%- extends 'base.html' %} {%- block meta -%} - <meta name="csrf-token" content="{{ csrf_token() }}"> + <meta name="csrf-token" content="{{ csrf_token_r() }}"> {%- endblock %} {%- block title %}{{ page_title|safe }}{%- endblock %} {%- block head %} |