[Checkins] SVN: Products.PluggableAuthService/trunk/Products/PluggableAuthService/utils.py Do not fail in getCSRFToken when request has no session.
Maurits van Rees
cvs-admin at zope.org
Tue Jan 22 13:15:14 UTC 2013
Log message for revision 129079:
Do not fail in getCSRFToken when request has no session.
This can happen in tests.
At least, I see it when logged in to Testing.ZopeTestCase.utils.startZServer
and trying to visit acl_users/source_users in the ZMI in a Plone Site.
Changed:
U Products.PluggableAuthService/trunk/Products/PluggableAuthService/utils.py
-=-
Modified: Products.PluggableAuthService/trunk/Products/PluggableAuthService/utils.py
===================================================================
--- Products.PluggableAuthService/trunk/Products/PluggableAuthService/utils.py 2013-01-22 10:39:46 UTC (rev 129078)
+++ Products.PluggableAuthService/trunk/Products/PluggableAuthService/utils.py 2013-01-22 13:15:13 UTC (rev 129079)
@@ -195,7 +195,10 @@
return {'keywords': keywords.hexdigest()}
def getCSRFToken(request):
- session = request.SESSION
+ session = getattr(request, 'SESSION', None)
+ if not session:
+ # Can happen in tests.
+ return binascii.hexlify(os.urandom(20))
token = session.get('_csrft_', None)
if token is None:
token = session['_csrft_'] = binascii.hexlify(os.urandom(20))
More information about the checkins
mailing list