Mercurial > p > roundup > code
view website/issues/extensions/timestamp.py @ 5211:f4b6a2a3e605
Fix expiration dates and expire csrf tokens properly
In client.py: add explicit expiration of csrf tokens to
handle_csrf. There is a clean_up() that runs on every client
connection before handle)csrf is invoked, but it only cleans every
hour. With short lived tokens this is insufficient. Also remove
debugging.
In templating.py fix values for seconds/week and minutes per week. The
original values were shifted/transposed and an order of magnitude off.
In test_templating.py again fix seconds/week constant.
| author | John Rouillard <rouilj@ieee.org> |
|---|---|
| date | Sun, 19 Mar 2017 17:10:13 -0400 |
| parents | c2d0d3e9099d |
| children | 35ea9b1efc14 |
line wrap: on
line source
import time, struct, base64 from roundup.cgi.actions import RegisterAction from roundup.cgi.exceptions import * def timestamp(): return base64.encodestring(struct.pack("i", time.time())).strip() def unpack_timestamp(s): return struct.unpack("i",base64.decodestring(s))[0] class Timestamped: def check(self): try: created = unpack_timestamp(self.form['opaque'].value) except KeyError: raise FormError, "somebody tampered with the form" if time.time() - created < 4: raise FormError, "responding to the form too quickly" return True class TimestampedRegister(Timestamped, RegisterAction): def permission(self): self.check() RegisterAction.permission(self) def init(instance): instance.registerUtil('timestamp', timestamp) instance.registerAction('register', TimestampedRegister)