diff options
| author | Chris Jerdonek <chris.jerdonek@gmail.com> | 2021-08-02 14:07:53 -0400 |
|---|---|---|
| committer | Carlton Gibson <carlton@noumenal.es> | 2021-08-17 12:23:54 +0200 |
| commit | 231de683d86374c2b74da2185efc6ddfb5eb3341 (patch) | |
| tree | 9b7719b3cc355859ad13c3a3fc2ab02b27fb16f8 /django/middleware | |
| parent | be1fd6645d4219b5c74152776e74d9e636b08554 (diff) | |
Refs #32800 -- Added _add_new_csrf_cookie() helper function.
This centralizes the logic to use when setting a new cookie. It also
eliminates the need for the _get_new_csrf_token() function, which is now
removed.
Diffstat (limited to 'django/middleware')
| -rw-r--r-- | django/middleware/csrf.py | 41 |
1 files changed, 21 insertions, 20 deletions
diff --git a/django/middleware/csrf.py b/django/middleware/csrf.py index 18edc34f6a..1545014711 100644 --- a/django/middleware/csrf.py +++ b/django/middleware/csrf.py @@ -79,8 +79,14 @@ def _unmask_cipher_token(token): return ''.join(chars[x - y] for x, y in pairs) # Note negative values are ok -def _get_new_csrf_token(): - return _mask_cipher_secret(_get_new_csrf_string()) +def _add_new_csrf_cookie(request): + """Generate a new random CSRF_COOKIE value, and add it to request.META.""" + csrf_secret = _get_new_csrf_string() + request.META.update({ + 'CSRF_COOKIE': _mask_cipher_secret(csrf_secret), + 'CSRF_COOKIE_NEEDS_UPDATE': True, + }) + return csrf_secret def get_token(request): @@ -93,15 +99,14 @@ def get_token(request): header to the outgoing response. For this reason, you may need to use this function lazily, as is done by the csrf context processor. """ - if "CSRF_COOKIE" not in request.META: - csrf_secret = _get_new_csrf_string() - request.META["CSRF_COOKIE"] = _mask_cipher_secret(csrf_secret) - else: + if 'CSRF_COOKIE' in request.META: csrf_secret = _unmask_cipher_token(request.META["CSRF_COOKIE"]) - # Since the cookie is being used, flag to send the cookie in - # process_response() (even if the client already has it) in order to renew - # the expiry timer. - request.META['CSRF_COOKIE_NEEDS_UPDATE'] = True + # Since the cookie is being used, flag to send the cookie in + # process_response() (even if the client already has it) in order to + # renew the expiry timer. + request.META['CSRF_COOKIE_NEEDS_UPDATE'] = True + else: + csrf_secret = _add_new_csrf_cookie(request) return _mask_cipher_secret(csrf_secret) @@ -110,10 +115,7 @@ def rotate_token(request): Change the CSRF token in use for a request - should be done on login for security purposes. """ - request.META.update({ - 'CSRF_COOKIE': _get_new_csrf_token(), - 'CSRF_COOKIE_NEEDS_UPDATE': True, - }) + _add_new_csrf_cookie(request) class InvalidTokenFormat(Exception): @@ -377,12 +379,11 @@ class CsrfViewMiddleware(MiddlewareMixin): try: csrf_token = self._get_token(request) except InvalidTokenFormat: - csrf_token = _get_new_csrf_token() - request.META["CSRF_COOKIE_NEEDS_UPDATE"] = True - - if csrf_token is not None: - # Use same token next time. - request.META['CSRF_COOKIE'] = csrf_token + _add_new_csrf_cookie(request) + else: + if csrf_token is not None: + # Use same token next time. + request.META['CSRF_COOKIE'] = csrf_token def process_view(self, request, callback, callback_args, callback_kwargs): if getattr(request, 'csrf_processing_done', False): |