From a55d82da08e6ca4304525b0201bc74a008813803 Mon Sep 17 00:00:00 2001 From: Thomas Goirand Date: Wed, 29 Jun 2022 13:59:12 +0200 Subject: [PATCH] Django 4.x: fix csrf reason list The CSRF reason list has changed in Django 4.0. This fixes it. Change-Id: I74e2d042db3b7911d9b4e19b5ad44e3f90f22267 --- openstack_auth/views.py | 29 +++++++++++++++++++++++------ 1 file changed, 23 insertions(+), 6 deletions(-) diff --git a/openstack_auth/views.py b/openstack_auth/views.py index 29f0e654ae..bcefa867cc 100644 --- a/openstack_auth/views.py +++ b/openstack_auth/views.py @@ -14,6 +14,7 @@ import datetime import functools import logging +import django from django.conf import settings from django.contrib import auth from django.contrib.auth.decorators import login_required @@ -48,16 +49,32 @@ from openstack_auth import utils LOG = logging.getLogger(__name__) +if django.VERSION >= (4, 0): + CSRF_REASONS = [ + csrf.REASON_BAD_ORIGIN, + csrf.REASON_NO_REFERER, + csrf.REASON_BAD_REFERER, + csrf.REASON_NO_CSRF_COOKIE, + csrf.REASON_CSRF_TOKEN_MISSING, + csrf.REASON_MALFORMED_REFERER, + csrf.REASON_INSECURE_REFERER, + ] +else: + CSRF_REASONS = [ + csrf.REASON_NO_REFERER, + csrf.REASON_BAD_REFERER, + csrf.REASON_NO_CSRF_COOKIE, + csrf.REASON_BAD_TOKEN, + csrf.REASON_MALFORMED_REFERER, + csrf.REASON_INSECURE_REFERER + ] + + def get_csrf_reason(reason): if not reason: return - if reason not in [csrf.REASON_NO_REFERER, - csrf.REASON_BAD_REFERER, - csrf.REASON_NO_CSRF_COOKIE, - csrf.REASON_BAD_TOKEN, - csrf.REASON_MALFORMED_REFERER, - csrf.REASON_INSECURE_REFERER]: + if reason not in CSRF_REASONS: reason = "" else: reason += " "