From 7096056f3742c446c40e22c707fd38dc27fcb2fa Mon Sep 17 00:00:00 2001 From: Santiago Lamora Date: Mon, 17 Jan 2022 12:55:42 +0100 Subject: [PATCH] Enable CSRF by blueprint (exclude API views) --- ereuse_devicehub/devicehub.py | 4 ---- examples/app.py | 19 ++++++++++++++++--- 2 files changed, 16 insertions(+), 7 deletions(-) diff --git a/ereuse_devicehub/devicehub.py b/ereuse_devicehub/devicehub.py index b4321e28..f2e30ddc 100644 --- a/ereuse_devicehub/devicehub.py +++ b/ereuse_devicehub/devicehub.py @@ -23,7 +23,6 @@ from ereuse_devicehub.templating import Environment from flask_login import LoginManager -from flask_wtf.csrf import CSRFProtect from ereuse_devicehub.resources.user.models import User @@ -69,9 +68,6 @@ class Devicehub(Teal): self.configure_extensions() def configure_extensions(self): - # configure & enable CSRF of Flask-WTF - CSRFProtect(self) - # configure Flask-Login login_manager = LoginManager() login_manager.init_app(self) diff --git a/examples/app.py b/examples/app.py index 31608a8b..91b48a59 100644 --- a/examples/app.py +++ b/examples/app.py @@ -1,9 +1,22 @@ -from ereuse_devicehub.devicehub import Devicehub - """ Example app with minimal configuration. Use this as a starting point. """ +from flask_wtf.csrf import CSRFProtect -app = Devicehub(inventory='db1') +from ereuse_devicehub.config import DevicehubConfig +from ereuse_devicehub.devicehub import Devicehub +from ereuse_devicehub.inventory.views import devices +from ereuse_devicehub.views import core + +app = Devicehub(inventory=DevicehubConfig.DB_SCHEMA) +app.register_blueprint(core) +app.register_blueprint(devices) + +# configure & enable CSRF of Flask-WTF +# NOTE: enable by blueprint to exclude API views +# TODO(@slamora: enable by default & exclude API views when decouple of Teal is completed +csrf = CSRFProtect(app) +csrf.protect(core) +csrf.protect(devices)