Revision a0a3da60

b/snf-django-lib/snf_django/lib/api/urls.py
1
# Copyright 2012, 2013 GRNET S.A. All rights reserved.
2
#
3
# Redistribution and use in source and binary forms, with or
4
# without modification, are permitted provided that the following
5
# conditions are met:
6
#
7
#   1. Redistributions of source code must retain the above
8
#      copyright notice, this list of conditions and the following
9
#      disclaimer.
10
#
11
#   2. Redistributions in binary form must reproduce the above
12
#      copyright notice, this list of conditions and the following
13
#      disclaimer in the documentation and/or other materials
14
#      provided with the distribution.
15
#
16
# THIS SOFTWARE IS PROVIDED BY GRNET S.A. ``AS IS'' AND ANY EXPRESS
17
# OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
18
# WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
19
# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL GRNET S.A OR
20
# CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
21
# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
22
# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
23
# USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
24
# AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
25
# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
26
# ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
27
# POSSIBILITY OF SUCH DAMAGE.
28
#
29
# The views and conclusions contained in the software and
30
# documentation are those of the authors and should not be
31
# interpreted as representing official policies, either expressed
32
# or implied, of GRNET S.A.
33

  
34
from django.core import urlresolvers
35
from django.views.decorators import csrf
36
from django.conf.urls.defaults import patterns
37

  
38
def _patch_pattern(regex_pattern):
39
    """
40
    Patch pattern callback using csrf_exempt. Enforce 
41
    RegexURLPattern callback to get resolved if required.
42
    """
43
    if not regex_pattern._callback:
44
        # enforce _callback resolving
45
        regex_pattern._get_callback()
46

  
47
    regex_pattern._callback = \
48
            csrf.csrf_exempt(regex_pattern._callback)
49

  
50
def _patch_resolver(r):
51
    """
52
    Patch all patterns found in resolver with _patch_pattern
53
    """
54
    if hasattr(r, '_get_url_patterns'):
55
        entries = r._get_url_patterns()
56
    else:
57
        # first level view in patterns ?
58
        entries = [r]
59

  
60
    for entry in entries:
61
        if isinstance(entry, urlresolvers.RegexURLResolver):
62
            _patch_resolver(entry)
63
        #if isinstance(entry, urlresolvers.RegexURLPattern):
64
        # let it break...
65
        else:
66
            _patch_pattern(entry)
67

  
68
def api_patterns(*args, **kwargs):
69
    """
70
    Protect all url patterns from csrf attacks. 
71
    """
72
    _patterns = patterns(*args, **kwargs)
73
    for entry in _patterns:
74
        _patch_resolver(entry)
75
    return _patterns

Also available in: Unified diff