diff --git a/ckanext/fortify/anti_csrf.old b/ckanext/fortify/anti_csrf.old deleted file mode 100644 index a53e24c..0000000 --- a/ckanext/fortify/anti_csrf.old +++ /dev/null @@ -1,319 +0,0 @@ -# encoding: utf-8 -"""Provides a self-contained filter to prevent Cross-Site Request Forgery, -based on the Double Submit Cookie pattern, -www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)_Prevention_Cheat_Sheet#Double_Submit_Cookie - -The filter can be enabled simply by invoking 'intercept_csrf()'. -""" -import hashlib -import hmac -import random -import re -import time -import ckan.plugins.toolkit as toolkit - -from logging import getLogger -from re import IGNORECASE, MULTILINE -from six.moves.urllib import parse -from flask import make_response -from six import text_type - -config = toolkit.config -request = toolkit.request -abort = toolkit.abort -response = make_response -g = toolkit.g -LOG = getLogger(__name__) -RAW_RENDER_JINJA = toolkit.render - -# RAW_BEFORE = base.BaseController.__before__ - -""" Used as the cookie name and input field name. -""" -TOKEN_FIELD_NAME = 'token' - -""" -This will match a POST form that has whitespace after the opening tag (which all existing forms do). -Once we have injected a token immediately after the opening tag, -it won't match any more, which avoids redundant injection. -""" -POST_FORM = re.compile(r'(