def validate_csrf_token(self, field):
if not field.data or '##' not in field.data:
raise ValidationError(field.gettext('CSRF token missing'))
expires, hmac_csrf = field.data.split('##')
check_val = (field.csrf_key + expires).encode('utf8')
hmac_compare = hmac.new(self.SECRET_KEY, check_val, digestmod=sha1)
if hmac_compare.hexdigest() != hmac_csrf:
raise ValidationError(field.gettext('CSRF failed'))
if self.TIME_LIMIT:
now_formatted = datetime.now().strftime(self.TIME_FORMAT)
if now_formatted > expires:
raise ValidationError(field.gettext('CSRF token expired'))
评论列表
文章目录
