github/datasette
1
0
Fork 0
mirror of https://github.com/simonw/datasette.git synced 2025-12-10 16:51:24 +01:00
Code Issues Projects Releases Packages Wiki Activity

csrftoken() now works with .render_template(), closes #863

Browse source
This commit is contained in:
Simon Willison 2020-06-23 20:23:30 -07:00
commit 28bb1c5189
4 changed files with 19 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

1
datasette/app.py
View file

@ -739,6 +739,7 @@ class Datasette:
"extra_css_urls": self._asset_urls("extra_css_urls", template, context), "extra_css_urls": self._asset_urls("extra_css_urls", template, context),
"extra_js_urls": self._asset_urls("extra_js_urls", template, context), "extra_js_urls": self._asset_urls("extra_js_urls", template, context),
"base_url": self.config("base_url"), "base_url": self.config("base_url"),
"csrftoken": request.scope["csrftoken"] if request else lambda: "",
}, },
**extra_template_vars, **extra_template_vars,
} }

1
datasette/views/base.py
View file

@ -103,7 +103,6 @@ class BaseView(AsgiView):
**context, **context,
**{ **{
"database_url": self.database_url, "database_url": self.database_url,
"csrftoken": request.scope["csrftoken"],
"database_color": self.database_color, "database_color": self.database_color,
"show_messages": lambda: self.ds._show_messages(request), "show_messages": lambda: self.ds._show_messages(request),
"select_templates": [ "select_templates": [

6
tests/plugins/my_plugin.py
View file

@ -182,11 +182,17 @@ def register_routes():
else: else:
return Response.json(await request.post_vars()) return Response.json(await request.post_vars())
async def csrftoken_form(request, datasette):
return Response.html(
await datasette.render_template("csrftoken_form.html", request=request)
)
return [ return [
(r"/one/$", one), (r"/one/$", one),
(r"/two/(?P<name>.*)$", two), (r"/two/(?P<name>.*)$", two),
(r"/three/$", three), (r"/three/$", three),
(r"/post/$", post), (r"/post/$", post),
(r"/csrftoken-form/$", csrftoken_form),
] ]

12
tests/test_plugins.py
View file

@ -580,6 +580,18 @@ def test_register_routes_post(app_client):
assert "post data" == response.json["this is"] assert "post data" == response.json["this is"]
def test_register_routes_csrftoken(tmpdir):
templates = tmpdir / "templates"
templates.mkdir()
(templates / "csrftoken_form.html").write_text(
"CSRFTOKEN: {{ csrftoken() }}", "utf-8"
)
with make_app_client(template_dir=templates) as client:
response = client.get("/csrftoken-form/")
expected_token = client.ds._last_request.scope["csrftoken"]()
assert "CSRFTOKEN: {}".format(expected_token) == response.text
def test_register_routes_asgi(app_client): def test_register_routes_asgi(app_client):
response = app_client.get("/three/") response = app_client.get("/three/")
assert {"hello": "world"} == response.json assert {"hello": "world"} == response.json