OpenSource/quart-imp
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
quart-imp/docs/v1/quart_imp_security-include_csrf.html
David Carmichael cb99c1a99e feat: update docs
2024-08-16 15:36:56 +01:00

265 lines
12 KiB
HTML
Raw Blame History

<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Include_csrf - Quart_imp.security | Quart-Imp</title>
<link rel="stylesheet" href="static/water.css">
<link rel="stylesheet" href="static/pygments.emacs-dull.css">
<link rel="apple-touch-icon" sizes="180x180" href="static/apple-touch-icon.png">
<link rel="icon" type="image/png" sizes="32x32" href="static/favicon-32x32.png">
<link rel="icon" type="image/png" sizes="16x16" href="static/favicon-16x16.png">
<link rel="manifest" href="static/site.webmanifest">
<link rel="mask-icon" href="static/safari-pinned-tab.svg" color="#5bbad5">
<meta name="msapplication-TileColor" content="#da532c">
<meta name="theme-color" content="#ffffff">
</head>
<body>
<aside>
<img src="static/quart-Imp-Medium.png" alt="Quart-Imp Logo" style="margin-top: 20px; width: 50%">
<h1>Quart-Imp</h1>
<div><small>Version: 1.0.x</small></div>
<div><small>Last Updated:</small></div>
<div><small>Fri, 16 Aug 2024</small></div>
<h2>Menu</h2>
<ul>
<li><a href="index.html"><strong>Index</strong></a></li>
</ul>
<ul>
<li><strong>CLI Commands</strong></li>
<ul>
<li><a href="cli_commands-quart-imp_init.html">quart-imp init</a></li>
<li><a href="cli_commands-quart-imp_blueprint.html">quart-imp blueprint</a></li>
</ul>
<li><strong>Imp</strong></li>
<ul>
<li><a href="imp-introduction.html">Introduction</a></li>
<li><a href="imp-init_app-init.html">init_app, __init__</a></li>
<li><a href="imp-init_session.html">init_session</a></li>
<li><a href="imp-import_app_resources.html">import_app_resources</a></li>
<li><a href="imp-import_blueprint.html">import_blueprint</a></li>
<li><a href="imp-import_blueprints.html">import_blueprints</a></li>
</ul>
<li><strong>ImpBlueprint</strong></li>
<ul>
<li><a href="impblueprint-introduction.html">Introduction</a></li>
<li><a href="impblueprint-init.html">__init__</a></li>
<li><a href="impblueprint-import_resources.html">import_resources</a></li>
<li><a href="impblueprint-import_nested_blueprint.html">import_nested_blueprint</a></li>
<li><a href="impblueprint-import_nested_blueprints.html">import_nested_blueprints</a></li>
<li><a href="impblueprint-tmpl.html">tmpl</a></li>
</ul>
<li><strong>quart_imp.config</strong></li>
<ul>
<li><a href="quart_imp_config-quartconfig.html">QuartConfig</a></li>
<li><a href="quart_imp_config-impconfig.html">ImpConfig</a></li>
<li><a href="quart_imp_config-impblueprintconfig.html">ImpBlueprintConfig</a></li>
</ul>
<li><strong>quart_imp.security</strong></li>
<ul>
<li><a href="quart_imp_security-login_check.html">login_check</a></li>
<li><a href="quart_imp_security-permission_check.html">permission_check</a></li>
<li><a href="quart_imp_security-pass_function_check.html">pass_function_check</a></li>
<li><a href="quart_imp_security-api_login_check.html">api_login_check</a></li>
<li><a href="quart_imp_security-include_csrf.html">include_csrf</a></li>
</ul>
<li><strong>quart_imp.auth</strong></li>
<ul>
<li><a href="quart_imp_auth-encrypt_password.html">encrypt_password</a></li>
<li><a href="quart_imp_auth-authenticate_password.html">authenticate_password</a></li>
<li><a href="quart_imp_auth-generate_password.html">generate_password</a></li>
<li><a href="quart_imp_auth-generate_salt.html">generate_salt</a></li>
<li><a href="quart_imp_auth-generate_csrf_token.html">generate_csrf_token</a></li>
<li><a href="quart_imp_auth-generate_private_key.html">generate_private_key</a></li>
<li><a href="quart_imp_auth-generate_email_validator.html">generate_email_validator</a></li>
<li><a href="quart_imp_auth-generate_numeric_validator.html">generate_numeric_validator</a></li>
<li><a href="quart_imp_auth-generate_alphanumeric_validator.html">generate_alphanumeric_validator</a></li>
<li><a href="quart_imp_auth-is_email_address_valid.html">is_email_address_valid</a></li>
<li><a href="quart_imp_auth-is_username_valid.html">is_username_valid</a></li>
</ul>
</ul>
<div style="padding-top: 5px; margin-bottom: 20px;"><small>Hosted on GitHub Pages.</small></div>
</aside>
<section>
<h1 style="font-size: 2.6rem; margin: 0;">include_csrf - quart_imp.security</h1>
<div class="highlight"><pre><span></span><span class="kn">from</span> <span class="nn">quart_imp.security</span> <span class="kn">import</span> <span class="n">include_csrf</span>
</pre></div>
<div class="highlight"><pre><span></span><span class="n">include_csrf</span><span class="p">(</span>
<span class="n">session_key</span><span class="p">:</span> <span class="nb">str</span> <span class="o">=</span> <span class="s2">&quot;csrf&quot;</span><span class="p">,</span>
<span class="n">form_key</span><span class="p">:</span> <span class="nb">str</span> <span class="o">=</span> <span class="s2">&quot;csrf&quot;</span><span class="p">,</span>
<span class="n">abort_code</span><span class="p">:</span> <span class="nb">int</span> <span class="o">=</span> <span class="mi">401</span>
<span class="p">)</span>
</pre></div>
<p><code>@include_csrf(...)</code></p>
<hr />
<p>A decorator that handles CSRF protection.</p>
<p>On a <strong>GET</strong> request, a CSRF token is generated and stored in the session key
specified by the session_key parameter.</p>
<p>On a <strong>POST</strong> request, the form_key specified is checked against the session_key
specified.</p>
<ul>
<li>If they match, the request is allowed to continue.</li>
<li>If no match, the response will be abort(abort_code), default 401.</li>
</ul>
<div class="highlight"><pre><span></span><span class="nd">@bp</span><span class="o">.</span><span class="n">route</span><span class="p">(</span><span class="s2">&quot;/admin&quot;</span><span class="p">,</span> <span class="n">methods</span><span class="o">=</span><span class="p">[</span><span class="s2">&quot;GET&quot;</span><span class="p">,</span> <span class="s2">&quot;POST&quot;</span><span class="p">])</span>
<span class="nd">@include_csrf</span><span class="p">(</span><span class="n">session_key</span><span class="o">=</span><span class="s2">&quot;csrf&quot;</span><span class="p">,</span> <span class="n">form_key</span><span class="o">=</span><span class="s2">&quot;csrf&quot;</span><span class="p">)</span>
<span class="k">async</span> <span class="k">def</span> <span class="nf">admin_page</span><span class="p">():</span>
<span class="o">...</span>
<span class="c1"># You must pass in the CSRF token from the session into the template.</span>
<span class="c1"># Then add &lt;input type=&quot;hidden&quot; name=&quot;csrf&quot; value=&quot;{{ csrf }}&quot;&gt; to the form.</span>
<span class="k">return</span> <span class="k">await</span> <span class="n">render_template</span><span class="p">(</span><span class="s2">&quot;admin.html&quot;</span><span class="p">,</span> <span class="n">csrf</span><span class="o">=</span><span class="n">session</span><span class="o">.</span><span class="n">get</span><span class="p">(</span><span class="s2">&quot;csrf&quot;</span><span class="p">))</span>
</pre></div>
<p>Form key:</p>
<div class="highlight"><pre><span></span><span class="p">&lt;</span><span class="nt">input</span> <span class="na">type</span><span class="o">=</span><span class="s">&quot;hidden&quot;</span> <span class="na">name</span><span class="o">=</span><span class="s">&quot;csrf&quot;</span> <span class="na">value</span><span class="o">=</span><span class="s">&quot;{{ csrf }}&quot;</span><span class="p">&gt;</span>
</pre></div>
</section>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink