almet/ihatemoney
1
0
Fork 0
mirror of https://github.com/spiral-project/ihatemoney.git synced 2025-04-29 01:42:37 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

Use non-deprecated way to disable CSRF for API

Browse source 
See also https://github.com/lepture/flask-wtf/pull/287
This commit is contained in:
Jocelyn Delalande 2017-03-29 14:32:43 +02:00
parent 7380b6f9f7
commit c7f4547d5d
1 changed files with 6 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
budget/api.py
View file

@ -29,7 +29,7 @@ def check_project(*args, **kwargs):
class ProjectHandler(object): class ProjectHandler(object):
def add(self): def add(self):
form = ProjectForm(csrf_enabled=False) form = ProjectForm(meta={'csrf': False})
if form.validate(): if form.validate():
project = form.save() project = form.save()
db.session.add(project) db.session.add(project)
@ -49,7 +49,7 @@ class ProjectHandler(object):
@need_auth(check_project, "project") @need_auth(check_project, "project")
def update(self, project): def update(self, project):
form = EditProjectForm(csrf_enabled=False) form = EditProjectForm(meta={'csrf': False})
if form.validate(): if form.validate():
form.update(project) form.update(project)
db.session.commit() db.session.commit()
@ -69,7 +69,7 @@ class MemberHandler(object):
return 200, project.members return 200, project.members
def add(self, project): def add(self, project):
form = MemberForm(project, csrf_enabled=False) form = MemberForm(project, meta={'csrf': False})
if form.validate(): if form.validate():
member = Person() member = Person()
form.save(project, member) form.save(project, member)
@ -78,7 +78,7 @@ class MemberHandler(object):
return 400, form.errors return 400, form.errors
def update(self, project, member_id): def update(self, project, member_id):
form = MemberForm(project, csrf_enabled=False) form = MemberForm(project, meta={'csrf': False})
if form.validate(): if form.validate():
member = Person.query.get(member_id, project) member = Person.query.get(member_id, project)
form.save(project, member) form.save(project, member)
@ -104,7 +104,7 @@ class BillHandler(object):
return project.get_bills().all() return project.get_bills().all()
def add(self, project): def add(self, project):
form = get_billform_for(project, True, csrf_enabled=False) form = get_billform_for(project, True, meta={'csrf': False})
if form.validate(): if form.validate():
bill = Bill() bill = Bill()
form.save(bill, project) form.save(bill, project)
@ -114,7 +114,7 @@ class BillHandler(object):
return 400, form.errors return 400, form.errors
def update(self, project, bill_id): def update(self, project, bill_id):
form = get_billform_for(project, True, csrf_enabled=False) form = get_billform_for(project, True, meta={'csrf': False})
if form.validate(): if form.validate():
bill = Bill.query.get(project, bill_id) bill = Bill.query.get(project, bill_id)
form.save(bill, project) form.save(bill, project)