diff options
| author | Michael Merickel <michael@merickel.org> | 2019-10-17 01:03:04 -0500 |
|---|---|---|
| committer | Michael Merickel <michael@merickel.org> | 2019-10-17 01:03:04 -0500 |
| commit | c67cc8722e3b26b729c3fed75db51395b56ac8a0 (patch) | |
| tree | d9184484868d10967845e0efb1304b7339360966 /src | |
| parent | cee110df1b5cd94938379a27000e32b471c3cb38 (diff) | |
| download | pyramid-c67cc8722e3b26b729c3fed75db51395b56ac8a0.tar.gz pyramid-c67cc8722e3b26b729c3fed75db51395b56ac8a0.tar.bz2 pyramid-c67cc8722e3b26b729c3fed75db51395b56ac8a0.zip | |
remove check_csrf view predicate
Diffstat (limited to 'src')
| -rw-r--r-- | src/pyramid/config/views.py | 53 | ||||
| -rw-r--r-- | src/pyramid/predicates.py | 22 | ||||
| -rw-r--r-- | src/pyramid/view.py | 2 |
3 files changed, 5 insertions, 72 deletions
diff --git a/src/pyramid/config/views.py b/src/pyramid/config/views.py index 1abff0579..afb685f93 100644 --- a/src/pyramid/config/views.py +++ b/src/pyramid/config/views.py @@ -276,7 +276,6 @@ class ViewsConfiguratorMixin(object): mapper=None, http_cache=None, match_param=None, - check_csrf=None, require_csrf=None, exception_only=False, **view_options @@ -709,38 +708,6 @@ class ViewsConfiguratorMixin(object): variable. If the regex matches, this predicate will be ``True``. - check_csrf - - .. deprecated:: 1.7 - Use the ``require_csrf`` option or see :ref:`auto_csrf_checking` - instead to have :class:`pyramid.exceptions.BadCSRFToken` - exceptions raised. - - If specified, this value should be one of ``None``, ``True``, - ``False``, or a string representing the 'check name'. If the value - is ``True`` or a string, CSRF checking will be performed. If the - value is ``False`` or ``None``, CSRF checking will not be performed. - - If the value provided is a string, that string will be used as the - 'check name'. If the value provided is ``True``, ``csrf_token`` will - be used as the check name. - - If CSRF checking is performed, the checked value will be the value of - ``request.params[check_name]``. This value will be compared against - the value of ``policy.get_csrf_token()`` (where ``policy`` is an - implementation of :meth:`pyramid.interfaces.ICSRFStoragePolicy`), and - the check will pass if these two values are the same. If the check - passes, the associated view will be permitted to execute. If the - check fails, the associated view will not be permitted to execute. - - .. versionadded:: 1.4a2 - - .. versionchanged:: 1.9 - This feature requires either a :term:`session factory` to have been - configured, or a :term:`CSRF storage policy` other than the default - to be in use. - - physical_path If specified, this value should be a string or a tuple representing @@ -804,6 +771,10 @@ class ViewsConfiguratorMixin(object): Support setting view deriver options. Previously, only custom view predicate values could be supplied. + .. versionchanged:: 2.0 + + Removed support for the ``check_csrf`` predicate. + """ if custom_predicates: warnings.warn( @@ -820,19 +791,6 @@ class ViewsConfiguratorMixin(object): stacklevel=4, ) - if check_csrf is not None: - warnings.warn( - ( - 'The "check_csrf" argument to Configurator.add_view is ' - 'deprecated as of Pyramid 1.7. Use the "require_csrf" ' - 'option instead or see "Checking CSRF Tokens ' - 'Automatically" in the "Sessions" chapter of the ' - 'documentation for more information.' - ), - DeprecationWarning, - stacklevel=4, - ) - if accept is not None: if is_nonstr_iter(accept): raise ConfigurationError( @@ -903,7 +861,6 @@ class ViewsConfiguratorMixin(object): containment=containment, request_type=request_type, match_param=match_param, - check_csrf=check_csrf, custom=predvalseq(custom_predicates), ) ) @@ -963,7 +920,6 @@ class ViewsConfiguratorMixin(object): header=header, path_info=path_info, match_param=match_param, - check_csrf=check_csrf, http_cache=http_cache, require_csrf=require_csrf, callable=view, @@ -1249,7 +1205,6 @@ class ViewsConfiguratorMixin(object): ('containment', p.ContainmentPredicate), ('request_type', p.RequestTypePredicate), ('match_param', p.MatchParamPredicate), - ('check_csrf', p.CheckCSRFTokenPredicate), ('physical_path', p.PhysicalPathPredicate), ('effective_principals', p.EffectivePrincipalsPredicate), ('custom', p.CustomPredicate), diff --git a/src/pyramid/predicates.py b/src/pyramid/predicates.py index a267a69a0..a09933253 100644 --- a/src/pyramid/predicates.py +++ b/src/pyramid/predicates.py @@ -4,7 +4,6 @@ from zope.deprecation import deprecated from pyramid.exceptions import ConfigurationError -from pyramid.csrf import check_csrf_token from pyramid.traversal import ( find_interface, traversal_path, @@ -252,27 +251,6 @@ class TraversePredicate(object): return True -class CheckCSRFTokenPredicate(object): - - check_csrf_token = staticmethod(check_csrf_token) # testing - - def __init__(self, val, config): - self.val = val - - def text(self): - return 'check_csrf = %s' % (self.val,) - - phash = text - - def __call__(self, context, request): - val = self.val - if val: - if val is True: - val = 'csrf_token' - return self.check_csrf_token(request, val, raises=False) - return True - - class PhysicalPathPredicate(object): def __init__(self, val, config): if is_nonstr_iter(val): diff --git a/src/pyramid/view.py b/src/pyramid/view.py index 7e54a40f6..eeac4e783 100644 --- a/src/pyramid/view.py +++ b/src/pyramid/view.py @@ -174,7 +174,7 @@ class view_config(object): ``request_type``, ``route_name``, ``request_method``, ``request_param``, ``containment``, ``xhr``, ``accept``, ``header``, ``path_info``, ``custom_predicates``, ``decorator``, ``mapper``, ``http_cache``, - ``require_csrf``, ``match_param``, ``check_csrf``, ``physical_path``, and + ``require_csrf``, ``match_param``, ``physical_path``, and ``view_options``. The meanings of these arguments are the same as the arguments passed to |