From c5def877e3baf3a5a5d0c1f0d37b5dd1589c7ca4 Mon Sep 17 00:00:00 2001
From: Gareth Coles <gdude2002@gmail.com>
Date: Wed, 4 Apr 2018 10:45:09 +0100
Subject: CSRF error route for API

---
 pysite/views/api/error_view_csrf.py | 36 ++++++++++++++++++++++++++++++++++++
 1 file changed, 36 insertions(+)
 create mode 100644 pysite/views/api/error_view_csrf.py

(limited to 'pysite/views/api')

diff --git a/pysite/views/api/error_view_csrf.py b/pysite/views/api/error_view_csrf.py
new file mode 100644
index 00000000..bfa29709
--- /dev/null
+++ b/pysite/views/api/error_view_csrf.py
@@ -0,0 +1,36 @@
+# coding=utf-8
+from flask import jsonify
+from flask_wtf.csrf import CSRFError
+from werkzeug.exceptions import HTTPException
+
+from pysite.base_route import ErrorView
+from pysite.constants import ErrorCodes
+
+
+class APIErrorViewCSRF(ErrorView):
+    name = "error_csrf"
+    error_code = CSRFError
+    register_on_app = False
+
+    def __init__(self):
+
+        # Direct errors for all methods at self.return_error
+        methods = [
+            'get', 'post', 'put',
+            'delete', 'patch', 'connect',
+            'options', 'trace'
+        ]
+
+        for method in methods:
+            setattr(self, method, self.return_error)
+
+    def return_error(self, error: CSRFError):
+        """
+        Return a basic JSON object representing the HTTP error,
+        as well as propagating its status code
+        """
+
+        return jsonify({
+            "error_code": ErrorCodes.unauthorized,
+            "error_message": "Bad CSRF token"
+        }), error.code
-- 
cgit v1.2.3