Mercurial > p > roundup > code

view website/issues/extensions/timestamp.py @ 5212:d4cc71beb102

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Added support for SameSite cookie option for CSRF prevention This was an easy addon compared to the complexity of the CSRF nonce support. It only works in chromium browsers (Chrome, Opera...) at the moment. But there is recent activity on implementing it in firefox. Who know when edge/ie will adopt it. So csrf nonce and header analysis will be needed for a while.
author John Rouillard <rouilj@ieee.org>
date Sun, 19 Mar 2017 19:01:41 -0400
parents c2d0d3e9099d
children 35ea9b1efc14
line wrap: on
line source

import time, struct, base64
from roundup.cgi.actions import RegisterAction
from roundup.cgi.exceptions import *

def timestamp():
    return base64.encodestring(struct.pack("i", time.time())).strip()

def unpack_timestamp(s):
    return struct.unpack("i",base64.decodestring(s))[0]

class Timestamped:
    def check(self):
        try:
            created = unpack_timestamp(self.form['opaque'].value)
        except KeyError:
            raise FormError, "somebody tampered with the form"
        if time.time() - created < 4:
            raise FormError, "responding to the form too quickly"
        return True

class TimestampedRegister(Timestamped, RegisterAction):
    def permission(self):
        self.check()
        RegisterAction.permission(self)

def init(instance):
    instance.registerUtil('timestamp', timestamp)
    instance.registerAction('register', TimestampedRegister)
Roundup Issue Tracker: http://roundup-tracker.org/