Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

use a prefix for cache keys

  • Loading branch information...
commit af159ac3ff991fe566e326f62820445365e0c8c3 1 parent d3ec6a8
Jeff Balogh authored
Showing with 12 additions and 10 deletions.
  1. +5 −4 session_csrf/__init__.py
  2. +7 −6 session_csrf/tests.py
View
9 session_csrf/__init__.py
@@ -11,6 +11,7 @@
ANON_COOKIE = getattr(settings, 'ANON_COOKIE', 'anoncsrf')
ANON_TIMEOUT = getattr(settings, 'ANON_TIMEOUT', 60 * 60 * 2) # 2 hours.
ANON_ALWAYS = getattr(settings, 'ANON_ALWAYS', False)
+PREFIX = 'sessioncsrf:'
# This overrides django.core.context_processors.csrf to dump our csrf_token
@@ -49,14 +50,14 @@ def process_request(self, request):
token = ''
if ANON_COOKIE in request.COOKIES:
key = request.COOKIES[ANON_COOKIE]
- token = cache.get(key, '')
+ token = cache.get(PREFIX + key, '')
if ANON_ALWAYS:
if not key:
key = django_csrf._get_new_csrf_key()
if not token:
token = django_csrf._get_new_csrf_key()
request._anon_csrf_key = key
- cache.set(key, token, ANON_TIMEOUT)
+ cache.set(PREFIX + key, token, ANON_TIMEOUT)
request.csrf_token = token
def process_view(self, request, view_func, args, kwargs):
@@ -117,11 +118,11 @@ def wrapper(request, *args, **kw):
if use_anon_cookie:
if ANON_COOKIE in request.COOKIES:
key = request.COOKIES[ANON_COOKIE]
- token = cache.get(key) or django_csrf._get_new_csrf_key()
+ token = cache.get(PREFIX + key) or django_csrf._get_new_csrf_key()
else:
key = django_csrf._get_new_csrf_key()
token = django_csrf._get_new_csrf_key()
- cache.set(key, token, ANON_TIMEOUT)
+ cache.set(PREFIX + key, token, ANON_TIMEOUT)
request.csrf_token = token
response = f(request, *args, **kw)
if use_anon_cookie:
View
13 session_csrf/tests.py
@@ -13,7 +13,8 @@
import mock
import session_csrf
-from session_csrf import CsrfMiddleware, anonymous_csrf, anonymous_csrf_exempt
+from session_csrf import (anonymous_csrf, anonymous_csrf_exempt,
+ CsrfMiddleware, PREFIX)
urlpatterns = patterns('',
@@ -83,7 +84,7 @@ def process_view(self, request, view=None):
def test_anon_token_from_cookie(self):
rf = django.test.RequestFactory()
rf.cookies['anoncsrf'] = self.token
- cache.set(self.token, 'woo')
+ cache.set(PREFIX + self.token, 'woo')
request = rf.get('/')
request.session = {}
r = {
@@ -208,7 +209,7 @@ def test_new_anon_token_on_request(self):
response = self.client.get('/anon')
# Get the key from the cookie and find the token in the cache.
key = response.cookies['anoncsrf'].value
- self.assertEqual(response._request.csrf_token, cache.get(key))
+ self.assertEqual(response._request.csrf_token, cache.get(PREFIX + key))
def test_existing_anon_cookie_on_request(self):
# We reuse an existing anon cookie key+token.
@@ -218,7 +219,7 @@ def test_existing_anon_cookie_on_request(self):
# Now check that subsequent requests use that cookie.
response = self.client.get('/anon')
self.assertEqual(response.cookies['anoncsrf'].value, key)
- self.assertEqual(response._request.csrf_token, cache.get(key))
+ self.assertEqual(response._request.csrf_token, cache.get(PREFIX + key))
def test_new_anon_token_on_response(self):
# The anon cookie is sent and we vary on Cookie.
@@ -307,7 +308,7 @@ def test_new_anon_token_on_request(self):
response = self.client.get('/')
# Get the key from the cookie and find the token in the cache.
key = response.cookies['anoncsrf'].value
- self.assertEqual(response._request.csrf_token, cache.get(key))
+ self.assertEqual(response._request.csrf_token, cache.get(PREFIX + key))
def test_existing_anon_cookie_on_request(self):
# We reuse an existing anon cookie key+token.
@@ -317,7 +318,7 @@ def test_existing_anon_cookie_on_request(self):
# Now check that subsequent requests use that cookie.
response = self.client.get('/')
self.assertEqual(response.cookies['anoncsrf'].value, key)
- self.assertEqual(response._request.csrf_token, cache.get(key))
+ self.assertEqual(response._request.csrf_token, cache.get(PREFIX + key))
self.assertEqual(response['Vary'], 'Cookie')
def test_anon_csrf_logout(self):
Please sign in to comment.
Something went wrong with that request. Please try again.