Return the CSRF secret originally associated with the request, or None if it didn't have one. If the CSRF_USE_SESSIONS setting is false, raises InvalidTokenFormat if the request's secret has invalid characters or an invalid length.
(self, request)
| 219 | return response |
| 220 | |
| 221 | def _get_secret(self, request): |
| 222 | """ |
| 223 | Return the CSRF secret originally associated with the request, or None |
| 224 | if it didn't have one. |
| 225 | |
| 226 | If the CSRF_USE_SESSIONS setting is false, raises InvalidTokenFormat if |
| 227 | the request's secret has invalid characters or an invalid length. |
| 228 | """ |
| 229 | if settings.CSRF_USE_SESSIONS: |
| 230 | try: |
| 231 | csrf_secret = request.session.get(CSRF_SESSION_KEY) |
| 232 | except AttributeError: |
| 233 | raise ImproperlyConfigured( |
| 234 | "CSRF_USE_SESSIONS is enabled, but request.session is not " |
| 235 | "set. SessionMiddleware must appear before CsrfViewMiddleware " |
| 236 | "in MIDDLEWARE." |
| 237 | ) |
| 238 | else: |
| 239 | try: |
| 240 | csrf_secret = request.COOKIES[settings.CSRF_COOKIE_NAME] |
| 241 | except KeyError: |
| 242 | csrf_secret = None |
| 243 | else: |
| 244 | # This can raise InvalidTokenFormat. |
| 245 | _check_token_format(csrf_secret) |
| 246 | if csrf_secret is None: |
| 247 | return None |
| 248 | # Django versions before 4.0 masked the secret before storing. |
| 249 | if len(csrf_secret) == CSRF_TOKEN_LENGTH: |
| 250 | csrf_secret = _unmask_cipher_token(csrf_secret) |
| 251 | return csrf_secret |
| 252 | |
| 253 | def _set_csrf_cookie(self, request, response): |
| 254 | if settings.CSRF_USE_SESSIONS: |
no test coverage detected