Django 4.x: fix csrf reason list

The CSRF reason list has changed in Django 4.0. This fixes it.

Change-Id: I74e2d042db3b7911d9b4e19b5ad44e3f90f22267
This commit is contained in:
Thomas Goirand 2022-06-29 13:59:12 +02:00 committed by Vishal Manchanda
parent 09d0975ee0
commit a55d82da08

View File

@ -14,6 +14,7 @@ import datetime
import functools
import logging
import django
from django.conf import settings
from django.contrib import auth
from django.contrib.auth.decorators import login_required
@ -48,16 +49,32 @@ from openstack_auth import utils
LOG = logging.getLogger(__name__)
if django.VERSION >= (4, 0):
CSRF_REASONS = [
csrf.REASON_BAD_ORIGIN,
csrf.REASON_NO_REFERER,
csrf.REASON_BAD_REFERER,
csrf.REASON_NO_CSRF_COOKIE,
csrf.REASON_CSRF_TOKEN_MISSING,
csrf.REASON_MALFORMED_REFERER,
csrf.REASON_INSECURE_REFERER,
]
else:
CSRF_REASONS = [
csrf.REASON_NO_REFERER,
csrf.REASON_BAD_REFERER,
csrf.REASON_NO_CSRF_COOKIE,
csrf.REASON_BAD_TOKEN,
csrf.REASON_MALFORMED_REFERER,
csrf.REASON_INSECURE_REFERER
]
def get_csrf_reason(reason):
if not reason:
return
if reason not in [csrf.REASON_NO_REFERER,
csrf.REASON_BAD_REFERER,
csrf.REASON_NO_CSRF_COOKIE,
csrf.REASON_BAD_TOKEN,
csrf.REASON_MALFORMED_REFERER,
csrf.REASON_INSECURE_REFERER]:
if reason not in CSRF_REASONS:
reason = ""
else:
reason += " "