Skip to content

Commit

Permalink
capitalize CSRFProtect
Browse files Browse the repository at this point in the history
  • Loading branch information
davidism committed Jan 4, 2017
1 parent b16ba41 commit 53d39fd
Show file tree
Hide file tree
Showing 6 changed files with 36 additions and 15 deletions.
4 changes: 3 additions & 1 deletion docs/api.rst
Original file line number Diff line number Diff line change
Expand Up @@ -31,9 +31,11 @@ CSRF Protection

.. module:: flask_wtf.csrf

.. autoclass:: CsrfProtect
.. autoclass:: CSRFProtect
:members:

.. autoclass:: CsrfProtect(...)

.. autoclass:: CSRFError
:members:

Expand Down
14 changes: 7 additions & 7 deletions docs/csrf.rst
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@
CSRF Protection
===============

Any view using :class:`flask_wtf.FlaskForm` to process the request is already
Any view using :class:`~flask_wtf.FlaskForm` to process the request is already
getting CSRF protection. If you have views that don't use ``FlaskForm`` or make
AJAX requests, use the provided CSRF extension to protect those requests as
well.
Expand All @@ -14,15 +14,15 @@ Setup
-----

To enable CSRF protection globally for a Flask app, register the
:class:`CsrfProtect` extension. ::
:class:`CSRFProtect` extension. ::

from flask_wtf.csrf import CsrfProtect
from flask_wtf.csrf import CSRFProtect

csrf = CsrfProtect(app)
csrf = CSRFProtect(app)

Like other Flask extensions, you can apply it lazily::

csrf = CsrfProtect()
csrf = CSRFProtect()

def create_app():
app = Flask(__name__)
Expand Down Expand Up @@ -82,7 +82,7 @@ By default this returns a response with the failure reason and a 400 code.
You can customize the error response using Flask's
:meth:`~flask.Flask.errorhandler`. ::

from flask_wtf.csrf import CsrfError
from flask_wtf.csrf import CSRFError

@app.errorhandler(CsrfError)
def handle_csrf_error(e):
Expand All @@ -106,7 +106,7 @@ You can exclude all the views of a blueprint. ::

You can disable CSRF protection in all views by default, by setting
``WTF_CSRF_CHECK_DEFAULT`` to ``False``, and selectively call
``csrf.protect()`` only when you need. This also enables you to do some
:meth:`~flask_wtf.csrf.CSRFProtect.protect` only when you need. This also enables you to do some
pre-processing on the requests before checking for the CSRF token. ::

@app.before_request
Expand Down
2 changes: 1 addition & 1 deletion flask_wtf/__init__.py
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@
# flake8: noqa
from __future__ import absolute_import

from .csrf import CsrfProtect
from .csrf import CSRFProtect, CsrfProtect
from .form import FlaskForm, Form
from .recaptcha import *

Expand Down
18 changes: 16 additions & 2 deletions flask_wtf/csrf.py
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@

from ._compat import FlaskWTFDeprecationWarning, string_types, urlparse

__all__ = ('generate_csrf', 'validate_csrf', 'CsrfProtect')
__all__ = ('generate_csrf', 'validate_csrf', 'CSRFProtect')
logger = logging.getLogger(__name__)


Expand Down Expand Up @@ -147,7 +147,7 @@ def validate_csrf_token(self, form, field):
raise


class CsrfProtect(object):
class CSRFProtect(object):
"""Enable CSRF protection globally for a Flask app.
::
Expand Down Expand Up @@ -324,6 +324,20 @@ def handler(reason):
return view


class CsrfProtect(CSRFProtect):
"""
.. deprecated:: 0.14
Renamed to :class:`~flask_wtf.csrf.CSRFProtect`.
"""

def __init__(self, app=None):
warnings.warn(FlaskWTFDeprecationWarning(
'"flask_wtf.CsrfProtect" has been renamed to "CSRFProtect" '
'and will be removed in 1.0.'
), stacklevel=2)
super(CsrfProtect, self).__init__(app=app)


class CSRFError(BadRequest):
"""Raise if the client sends invalid CSRF data with the request.
Expand Down
4 changes: 2 additions & 2 deletions tests/test_csrf.py
Original file line number Diff line number Diff line change
Expand Up @@ -7,15 +7,15 @@
from wtforms import ValidationError

from flask_wtf._compat import FlaskWTFDeprecationWarning
from flask_wtf.csrf import CSRFError, CsrfProtect, generate_csrf, validate_csrf
from flask_wtf.csrf import CSRFError, CSRFProtect, generate_csrf, validate_csrf
from .base import MyForm, TestCase


class TestCSRF(TestCase):
def setUp(self):
app = self.create_app()
app.config['WTF_CSRF_SECRET_KEY'] = "a poorly kept secret."
csrf = CsrfProtect(app)
csrf = CSRFProtect(app)
self.csrf = csrf

@csrf.exempt
Expand Down
9 changes: 7 additions & 2 deletions tests/test_form.py → tests/test_deprecated.py
Original file line number Diff line number Diff line change
Expand Up @@ -4,11 +4,11 @@
from wtforms.compat import with_metaclass
from wtforms.form import FormMeta

from flask_wtf import FlaskForm, Form
from flask_wtf import CsrfProtect, FlaskForm, Form
from flask_wtf._compat import FlaskWTFDeprecationWarning


class TestForm(TestCase):
class TestDeprecated(TestCase):
def test_deprecated_form(self):
with warnings.catch_warnings():
warnings.simplefilter('error', FlaskWTFDeprecationWarning)
Expand Down Expand Up @@ -38,3 +38,8 @@ class F(FlaskForm):
with warnings.catch_warnings():
warnings.simplefilter('error', FlaskWTFDeprecationWarning)
self.assertRaises(FlaskWTFDeprecationWarning, F, csrf_enabled=False)

def test_deprecated_csrfprotect(self):
with warnings.catch_warnings():
warnings.simplefilter('error', FlaskWTFDeprecationWarning)
self.assertRaises(FlaskWTFDeprecationWarning, CsrfProtect)

0 comments on commit 53d39fd

Please sign in to comment.