add csrf_protection app with someviews with protection

leonardoleanodev · Nov 11, 2020 · ee9caf9 · ee9caf9
1 parent 0a74526
commit ee9caf9
Show file tree

Hide file tree

Showing 12 changed files with 102 additions and 2 deletions.
diff --git a/csrf_protection/__init__.py b/csrf_protection/__init__.py
diff --git a/csrf_protection/admin.py b/csrf_protection/admin.py
@@ -0,0 +1,3 @@
+from django.contrib import admin
+
+# Register your models here.
diff --git a/csrf_protection/apps.py b/csrf_protection/apps.py
@@ -0,0 +1,5 @@
+from django.apps import AppConfig
+
+
+class CsrfProtectionConfig(AppConfig):
+    name = 'csrf_protection'
diff --git a/csrf_protection/migrations/__init__.py b/csrf_protection/migrations/__init__.py
diff --git a/csrf_protection/models.py b/csrf_protection/models.py
@@ -0,0 +1,3 @@
+from django.db import models
+
+# Create your models here.
diff --git a/csrf_protection/templates/csrf_protection/index.html b/csrf_protection/templates/csrf_protection/index.html
@@ -0,0 +1,27 @@
+<header>
+CSRF INITIAL PAGE
+</header>
+<p>The project is configured with the Middleware:</p>
+<p>django.middleware.csrf.CsrfViewMiddleware</p>
+<div>
+    Submit Without CSRFTOKEN - to view without protection
+    <form action="{% url 'csrf_protection:without_protection' %}" method="post" >
+        <input type="submit" value="Submit">
+    </form>
+<div>
+
+<div>
+    Submit Without CSRFTOKEN - to view with standard protection (should popup a 403)
+    <form action="{% url 'csrf_protection:with_standard_protection' %}" method="post" >
+        <input type="submit" value="Submit">
+    </form>
+<div>
+
+
+<div>
+    Submit With CSRFTOKEN - to view with standard protection
+    <form action="{% url 'csrf_protection:with_standard_protection' %}" method="post" >
+        {% csrf_token %}
+        <input type="submit" value="Submit">
+    </form>
+<div>
diff --git a/csrf_protection/tests.py b/csrf_protection/tests.py
@@ -0,0 +1,3 @@
+from django.test import TestCase
+
+# Create your tests here.
diff --git a/csrf_protection/urls.py b/csrf_protection/urls.py
@@ -0,0 +1,10 @@
+from django.urls import path
+from csrf_protection import views
+
+app_name = 'csrf_protection'
+
+urlpatterns = [
+    path("", views.csrf_index, name='csrf_index'),
+    path("without_protection/", views.without_protection, name='without_protection'),
+    path("with_standard_protection/", views.with_standard_protection, name='with_standard_protection'),
+    ]
diff --git a/csrf_protection/views.py b/csrf_protection/views.py
@@ -0,0 +1,47 @@
+from django.shortcuts import render
+from django.views.decorators.csrf import csrf_exempt
+
+def csrf_index(request):
+    html_data={}
+    return render(request, "csrf_protection/index.html",html_data)
+
+@csrf_exempt
+def without_protection(request):
+    """
+    without_protection
+
+    url: csrf/without_protection/
+    url-shortcut: "csrf_protection:without_protection"
+
+    Parameters
+    ----------
+    request : [type]
+        [description]
+
+    Returns
+    -------
+    [type]
+        [description]
+    """
+    html_data={}
+    return render(request, "csrf_protection/index.html", html_data)
+
+def with_standard_protection(request):
+    """
+    without_protection
+
+    url: csrf/without_protection/
+    url-shortcut: "csrf_protection:with_standard_protection"
+
+    Parameters
+    ----------
+    request : [type]
+        [description]
+
+    Returns
+    -------
+    [type]
+        [description]
+    """
+    html_data={}
+    return render(request, "csrf_protection/index.html", html_data)
diff --git a/django_sandbox/settings.py b/django_sandbox/settings.py
@@ -34,6 +34,7 @@
 INSTALLED_APPS = [
     'http_response.apps.HttpResponseConfig', # add to register http_reponse app
     'forms_examples.apps.FormsExamplesConfig', # add to register forms_examples
+    'csrf_protection.apps.CsrfProtectionConfig', # add to register csrf_protection
     'django.contrib.admin',
     'django.contrib.auth',
     'django.contrib.contenttypes',

diff --git a/django_sandbox/urls.py b/django_sandbox/urls.py
@@ -19,5 +19,6 @@
 urlpatterns = [
     path('admin/', admin.site.urls),
     path('http_response/', include('http_response.urls') ),
-    path('forms/', include('forms_examples.urls') )
+    path('forms/', include('forms_examples.urls') ),
+    path('csrf/',include('csrf_protection.urls') )
 ]
diff --git a/forms_examples/views.py b/forms_examples/views.py
@@ -53,7 +53,7 @@ def form_choicefield_flexible_render(request):
 def form_choice_cascade(request):
     """
     url: /forms/form_choice_cascade
-    url shortcut: 'forms_examples:form_choice_cascade'
+    url-shortcut: 'forms_examples:form_choice_cascade'
 
     Parameters
     ----------
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1,3 @@
		from django.contrib import admin

		# Register your models here.
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1,3 @@
		from django.db import models

		# Create your models here.
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1,3 @@
		from django.test import TestCase

		# Create your tests here.