CSRF error route for API

author: Gareth Coles <[email protected]> 2018-04-04 10:45:09 +0100
committer: Gareth Coles <[email protected]> 2018-04-04 10:45:09 +0100
commit: c5def877e3baf3a5a5d0c1f0d37b5dd1589c7ca4 (patch)
tree: d57a6b784b456a5e797a544076946f8f46cdf192
parent: Attempting CSRF fixes (diff)
1 files changed, 36 insertions, 0 deletions
diff --git a/pysite/views/api/error_view_csrf.py b/pysite/views/api/error_view_csrf.py
new file mode 100644
index 00000000..bfa29709
--- /dev/null
+++ b/pysite/views/api/error_view_csrf.py
@@ -0,0 +1,36 @@
+# coding=utf-8
+from flask import jsonify
+from flask_wtf.csrf import CSRFError
+from werkzeug.exceptions import HTTPException
+
+from pysite.base_route import ErrorView
+from pysite.constants import ErrorCodes
+
+
+class APIErrorViewCSRF(ErrorView):
+    name = "error_csrf"
+    error_code = CSRFError
+    register_on_app = False
+
+    def __init__(self):
+
+        # Direct errors for all methods at self.return_error
+        methods = [
+            'get', 'post', 'put',
+            'delete', 'patch', 'connect',
+            'options', 'trace'
+        ]
+
+        for method in methods:
+            setattr(self, method, self.return_error)
+
+    def return_error(self, error: CSRFError):
+        """
+        Return a basic JSON object representing the HTTP error,
+        as well as propagating its status code
+        """
+
+        return jsonify({
+            "error_code": ErrorCodes.unauthorized,
+            "error_message": "Bad CSRF token"
+        }), error.code
author	Gareth Coles <[email protected]>	2018-04-04 10:45:09 +0100
committer	Gareth Coles <[email protected]>	2018-04-04 10:45:09 +0100
commit	c5def877e3baf3a5a5d0c1f0d37b5dd1589c7ca4 (patch)
tree	d57a6b784b456a5e797a544076946f8f46cdf192
parent	Attempting CSRF fixes (diff)