Revision a0a3da60
b/snf-django-lib/snf_django/lib/api/urls.py | ||
---|---|---|
1 |
# Copyright 2012, 2013 GRNET S.A. All rights reserved. |
|
2 |
# |
|
3 |
# Redistribution and use in source and binary forms, with or |
|
4 |
# without modification, are permitted provided that the following |
|
5 |
# conditions are met: |
|
6 |
# |
|
7 |
# 1. Redistributions of source code must retain the above |
|
8 |
# copyright notice, this list of conditions and the following |
|
9 |
# disclaimer. |
|
10 |
# |
|
11 |
# 2. Redistributions in binary form must reproduce the above |
|
12 |
# copyright notice, this list of conditions and the following |
|
13 |
# disclaimer in the documentation and/or other materials |
|
14 |
# provided with the distribution. |
|
15 |
# |
|
16 |
# THIS SOFTWARE IS PROVIDED BY GRNET S.A. ``AS IS'' AND ANY EXPRESS |
|
17 |
# OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED |
|
18 |
# WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR |
|
19 |
# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL GRNET S.A OR |
|
20 |
# CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, |
|
21 |
# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT |
|
22 |
# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF |
|
23 |
# USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED |
|
24 |
# AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT |
|
25 |
# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN |
|
26 |
# ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE |
|
27 |
# POSSIBILITY OF SUCH DAMAGE. |
|
28 |
# |
|
29 |
# The views and conclusions contained in the software and |
|
30 |
# documentation are those of the authors and should not be |
|
31 |
# interpreted as representing official policies, either expressed |
|
32 |
# or implied, of GRNET S.A. |
|
33 |
|
|
34 |
from django.core import urlresolvers |
|
35 |
from django.views.decorators import csrf |
|
36 |
from django.conf.urls.defaults import patterns |
|
37 |
|
|
38 |
def _patch_pattern(regex_pattern): |
|
39 |
""" |
|
40 |
Patch pattern callback using csrf_exempt. Enforce |
|
41 |
RegexURLPattern callback to get resolved if required. |
|
42 |
""" |
|
43 |
if not regex_pattern._callback: |
|
44 |
# enforce _callback resolving |
|
45 |
regex_pattern._get_callback() |
|
46 |
|
|
47 |
regex_pattern._callback = \ |
|
48 |
csrf.csrf_exempt(regex_pattern._callback) |
|
49 |
|
|
50 |
def _patch_resolver(r): |
|
51 |
""" |
|
52 |
Patch all patterns found in resolver with _patch_pattern |
|
53 |
""" |
|
54 |
if hasattr(r, '_get_url_patterns'): |
|
55 |
entries = r._get_url_patterns() |
|
56 |
else: |
|
57 |
# first level view in patterns ? |
|
58 |
entries = [r] |
|
59 |
|
|
60 |
for entry in entries: |
|
61 |
if isinstance(entry, urlresolvers.RegexURLResolver): |
|
62 |
_patch_resolver(entry) |
|
63 |
#if isinstance(entry, urlresolvers.RegexURLPattern): |
|
64 |
# let it break... |
|
65 |
else: |
|
66 |
_patch_pattern(entry) |
|
67 |
|
|
68 |
def api_patterns(*args, **kwargs): |
|
69 |
""" |
|
70 |
Protect all url patterns from csrf attacks. |
|
71 |
""" |
|
72 |
_patterns = patterns(*args, **kwargs) |
|
73 |
for entry in _patterns: |
|
74 |
_patch_resolver(entry) |
|
75 |
return _patterns |
Also available in: Unified diff