formular._csrf - CSRF Utilities

This module provides the csrf utilities used by Formular.

_get_random_token()

Returns a random token with a size of 10 bytes.

_get_csrf_token(session, url, force_update=False, max_csrf_tokens=4)

Returns a CSRF token for the given url and stores it in the session.

Parameters:

• session –

  An object with a dict-like interface which can be used to store session specific data.

  This function will store a list of tuples as a value under the key "csrf_tokens". Each tuple will contain a string and an integer.

• url – The url under which the form is available.
• force_update – If force_update is True a new token is stored even if one is already available.
• max_csrf_tokens –

  A positive integer specifing the maximum number of tokens stored in the session.

  Note

  If more tokens are stored then specified by this number they won’t be removed unless a new token is created.

_remove_csrf_token(session, url)

Removes every (url_hash, csrf_token) tuple from the session for the given url. If no tuple is found this function does nothing.

This function should be used to remove the csrf token from the session after the form was validated, to ensure that every token can be only used once.

Parameters:

• session –

  An object with a dict-like interface which can be used to store session specific data.

  This function will store a list of tuples as a value under the key "csrf_tokens". Each tuple will contain a string and an integer.

• url – The url under which the form is available.