def generate_csrf_token(self, csrf_context):
if self.SECRET_KEY is None:
raise Exception('must set SECRET_KEY in a subclass of this form for it to work')
if csrf_context is None:
raise TypeError('Must provide a session-like object as csrf context')
session = getattr(csrf_context, 'session', csrf_context)
if 'csrf' not in session:
session['csrf'] = sha1(os.urandom(64)).hexdigest()
self.csrf_token.csrf_key = session['csrf']
if self.TIME_LIMIT:
expires = (datetime.now() + self.TIME_LIMIT).strftime(self.TIME_FORMAT)
csrf_build = '%s%s' % (session['csrf'], expires)
else:
expires = ''
csrf_build = session['csrf']
hmac_csrf = hmac.new(self.SECRET_KEY, csrf_build.encode('utf8'), digestmod=sha1)
return '%s##%s' % (expires, hmac_csrf.hexdigest())
评论列表
文章目录
