From db8055df65533c29aceafb425819561a90b13860 Mon Sep 17 00:00:00 2001 From: Moran Danieli Cohen Date: Mon, 1 Jul 2024 13:47:56 +0300 Subject: [PATCH] Fix missing CSRF token for database operations --- App01/database_operations.py | 22 ++++++++++++++++------ 1 file changed, 16 insertions(+), 6 deletions(-) diff --git a/App01/database_operations.py b/App01/database_operations.py index 1fef6e1..80527a1 100644 --- a/App01/database_operations.py +++ b/App01/database_operations.py @@ -1,16 +1,18 @@ import json - from django.http import HttpResponse import logging - - from App01.db import check_insert_privileges, init_database +from django.views.decorators.csrf import csrf_exempt, ensure_csrf_cookie +from django.http import JsonResponse logger = logging.getLogger(__name__) - +@csrf_exempt def test_connection(request): if request.method == "POST": + # Validate CSRF token + ensure_csrf_cookie(request) # Ensure CSRF cookie is set + json_str = request.body json_dict = json.loads(json_str) ip = json_dict.get('ip', None) @@ -20,11 +22,17 @@ def test_connection(request): password = json_dict.get('password', None) result = check_insert_privileges(ip, port, database, username, password) - return HttpResponse(json.dumps(result)) + return JsonResponse(result) + return JsonResponse({'error': 'Invalid request method'}, status=405) +@csrf_exempt def initialize_database(request): if request.method == "POST": + # Validate CSRF token + ensure_csrf_cookie(request) # Ensure CSRF cookie is set + + # Proceed with processing the request json_str = request.body json_dict = json.loads(json_str) ip = json_dict.get('ip', None) @@ -37,4 +45,6 @@ def initialize_database(request): require_ssl = json_dict.get('require_ssl', None) result = init_database(ip, port, database, root_username, root_password, username, password, require_ssl) - return HttpResponse(json.dumps(result)) + return JsonResponse(result) + + return JsonResponse({'error': 'Invalid request method'}, status=405)