MCPcopy
hub / github.com/django/django / _get_secret

Method _get_secret

django/middleware/csrf.py:221–251  ·  view source on GitHub ↗

Return the CSRF secret originally associated with the request, or None if it didn't have one. If the CSRF_USE_SESSIONS setting is false, raises InvalidTokenFormat if the request's secret has invalid characters or an invalid length.

(self, request)

Source from the content-addressed store, hash-verified

219 return response
220
221 def _get_secret(self, request):
222 """
223 Return the CSRF secret originally associated with the request, or None
224 if it didn't have one.
225
226 If the CSRF_USE_SESSIONS setting is false, raises InvalidTokenFormat if
227 the request's secret has invalid characters or an invalid length.
228 """
229 if settings.CSRF_USE_SESSIONS:
230 try:
231 csrf_secret = request.session.get(CSRF_SESSION_KEY)
232 except AttributeError:
233 raise ImproperlyConfigured(
234 "CSRF_USE_SESSIONS is enabled, but request.session is not "
235 "set. SessionMiddleware must appear before CsrfViewMiddleware "
236 "in MIDDLEWARE."
237 )
238 else:
239 try:
240 csrf_secret = request.COOKIES[settings.CSRF_COOKIE_NAME]
241 except KeyError:
242 csrf_secret = None
243 else:
244 # This can raise InvalidTokenFormat.
245 _check_token_format(csrf_secret)
246 if csrf_secret is None:
247 return None
248 # Django versions before 4.0 masked the secret before storing.
249 if len(csrf_secret) == CSRF_TOKEN_LENGTH:
250 csrf_secret = _unmask_cipher_token(csrf_secret)
251 return csrf_secret
252
253 def _set_csrf_cookie(self, request, response):
254 if settings.CSRF_USE_SESSIONS:

Callers 2

_check_tokenMethod · 0.95
process_requestMethod · 0.95

Calls 4

_check_token_formatFunction · 0.85
_unmask_cipher_tokenFunction · 0.85
getMethod · 0.45

Tested by

no test coverage detected