plain 0.17.0__py3-none-any.whl → 0.18.0__py3-none-any.whl

plain/csrf/middleware.py

@@ -180,6 +180,9 @@ class CsrfViewMiddleware:
                 # saved anyways.
                 request.META["CSRF_COOKIE"] = csrf_secret
 
+        if csrf_response := self._get_csrf_response(request):
+            return csrf_response
+
         response = self.get_response(request)
 
         if request.META.get("CSRF_COOKIE_NEEDS_UPDATE"):
@@ -395,23 +398,16 @@ class CsrfViewMiddleware:
             reason = self._bad_token_message("incorrect", token_source)
             raise RejectRequest(reason)
 
-    def process_view(self, request, callback, callback_args, callback_kwargs):
+    def _get_csrf_response(self, request):
         # Wait until request.META["CSRF_COOKIE"] has been manipulated before
         # bailing out, so that get_token still works
-        if getattr(callback, "csrf_exempt", False):
+        if getattr(request, "csrf_exempt", True):
             return None
 
         # Assume that anything not defined as 'safe' by RFC 9110 needs protection
         if request.method in ("GET", "HEAD", "OPTIONS", "TRACE"):
             return None
 
-        if getattr(request, "_dont_enforce_csrf_checks", False):
-            # Mechanism to turn off CSRF checks for test suite. It comes after
-            # the creation of CSRF cookies, so that everything else continues
-            # to work exactly the same (e.g. cookies are sent, etc.), but
-            # before any branches that call the _reject method.
-            return None
-
         # Reject the request if the Origin header doesn't match an allowed
         # value.
         if "HTTP_ORIGIN" in request.META:

plain/csrf/views.py

@@ -4,7 +4,28 @@ from plain.views import TemplateView
 class CsrfFailureView(TemplateView):
     template_name = "403.html"
 
-    def get(self):
-        response = super().get()
+    def get_response(self):
+        response = super().get_response()
         response.status_code = 403
         return response
+
+    def post(self):
+        return self.get()
+
+    def put(self):
+        return self.get()
+
+    def patch(self):
+        return self.get()
+
+    def delete(self):
+        return self.get()
+
+    def head(self):
+        return self.get()
+
+    def options(self):
+        return self.get()
+
+    def trace(self):
+        return self.get()

plain/internal/handlers/base.py

@@ -23,7 +23,6 @@ BUILTIN_MIDDLEWARE = [
 
 
 class BaseHandler:
-    _view_middleware = None
     _middleware_chain = None
 
     def load_middleware(self):
@@ -32,8 +31,6 @@ class BaseHandler:
 
         Must be called after the environment is fixed (see __call__ in subclasses).
         """
-        self._view_middleware = []
-
         get_response = self._get_response
         handler = convert_exception_to_response(get_response)
 
@@ -48,12 +45,6 @@ class BaseHandler:
                     f"Middleware factory {middleware_path} returned None."
                 )
 
-            if hasattr(mw_instance, "process_view"):
-                self._view_middleware.insert(
-                    0,
-                    mw_instance.process_view,
-                )
-
             handler = convert_exception_to_response(mw_instance)
 
         # We only assign to this when initialization is complete as it is used
@@ -82,19 +73,9 @@ class BaseHandler:
         template_response middleware. This method is everything that happens
         inside the request/response middleware.
         """
-        response = None
         callback, callback_args, callback_kwargs = self.resolve_request(request)
 
-        # Apply view middleware
-        for middleware_method in self._view_middleware:
-            response = middleware_method(
-                request, callback, callback_args, callback_kwargs
-            )
-            if response:
-                break
-
-        if response is None:
-            response = callback(request, *callback_args, **callback_kwargs)
+        response = callback(request, *callback_args, **callback_kwargs)
 
         # Complain if the view returned None (a common error).
         self.check_response(response, callback)

plain/test/client.py

@@ -177,7 +177,7 @@ class ClientHandler(BaseHandler):
         # CsrfViewMiddleware.  This makes life easier, and is probably
         # required for backwards compatibility with external tests against
         # admin views.
-        request._dont_enforce_csrf_checks = not self.enforce_csrf_checks
+        request.csrf_exempt = not self.enforce_csrf_checks
 
         # Request goes through middleware.
         response = self.get_response(request)

plain/utils/decorators.py

@@ -1,7 +1,5 @@
 "Functions that help with dynamically creating decorators for views."
 
-from functools import partial, update_wrapper, wraps
-
 
 class classonlymethod(classmethod):
     def __get__(self, instance, cls=None):
@@ -10,81 +8,3 @@ class classonlymethod(classmethod):
                 "This method is available only on the class, not on instances."
             )
         return super().__get__(instance, cls)
-
-
-def _update_method_wrapper(_wrapper, decorator):
-    # _multi_decorate()'s bound_method isn't available in this scope. Cheat by
-    # using it on a dummy function.
-    @decorator
-    def dummy(*args, **kwargs):
-        pass
-
-    update_wrapper(_wrapper, dummy)
-
-
-def _multi_decorate(decorators, method):
-    """
-    Decorate `method` with one or more function decorators. `decorators` can be
-    a single decorator or an iterable of decorators.
-    """
-    if hasattr(decorators, "__iter__"):
-        # Apply a list/tuple of decorators if 'decorators' is one. Decorator
-        # functions are applied so that the call order is the same as the
-        # order in which they appear in the iterable.
-        decorators = decorators[::-1]
-    else:
-        decorators = [decorators]
-
-    def _wrapper(self, *args, **kwargs):
-        # bound_method has the signature that 'decorator' expects i.e. no
-        # 'self' argument, but it's a closure over self so it can call
-        # 'func'. Also, wrap method.__get__() in a function because new
-        # attributes can't be set on bound method objects, only on functions.
-        bound_method = wraps(method)(partial(method.__get__(self, type(self))))
-        for dec in decorators:
-            bound_method = dec(bound_method)
-        return bound_method(*args, **kwargs)
-
-    # Copy any attributes that a decorator adds to the function it decorates.
-    for dec in decorators:
-        _update_method_wrapper(_wrapper, dec)
-    # Preserve any existing attributes of 'method', including the name.
-    update_wrapper(_wrapper, method)
-    return _wrapper
-
-
-def method_decorator(decorator, name=""):
-    """
-    Convert a function decorator into a method decorator
-    """
-
-    # 'obj' can be a class or a function. If 'obj' is a function at the time it
-    # is passed to _dec,  it will eventually be a method of the class it is
-    # defined on. If 'obj' is a class, the 'name' is required to be the name
-    # of the method that will be decorated.
-    def _dec(obj):
-        if not isinstance(obj, type):
-            return _multi_decorate(decorator, obj)
-        if not (name and hasattr(obj, name)):
-            raise ValueError(
-                "The keyword argument `name` must be the name of a method "
-                f"of the decorated class: {obj}. Got '{name}' instead."
-            )
-        method = getattr(obj, name)
-        if not callable(method):
-            raise TypeError(
-                f"Cannot decorate '{name}' as it isn't a callable attribute of "
-                f"{obj} ({method})."
-            )
-        _wrapper = _multi_decorate(decorator, method)
-        setattr(obj, name, _wrapper)
-        return obj
-
-    # Don't worry about making _dec look similar to a list/tuple as it's rather
-    # meaningless.
-    if not hasattr(decorator, "__iter__"):
-        update_wrapper(_dec, decorator)
-    # Change the name to aid debugging.
-    obj = decorator if hasattr(decorator, "__name__") else decorator.__class__
-    _dec.__name__ = f"method_decorator({obj.__name__})"
-    return _dec

plain/views/base.py

@@ -19,6 +19,18 @@ class View:
     url_args: tuple
     url_kwargs: dict
 
+    # By default, any of these are allowed if a method is defined for it.
+    allowed_http_methods = [
+        "get",
+        "post",
+        "put",
+        "patch",
+        "delete",
+        "head",
+        "options",
+        "trace",
+    ]
+
     def __init__(self, *args, **kwargs) -> None:
         # Views can customize their init, which receives
         # the args and kwargs from as_view()
@@ -42,9 +54,6 @@ class View:
             except ResponseException as e:
                 return e.response
 
-        # Copy possible attributes set by decorators, e.g. @csrf_exempt, from
-        # the dispatch method.
-        view.__dict__.update(cls.get_response.__dict__)
         view.view_class = cls
 
         return view
@@ -57,7 +66,7 @@ class View:
 
         handler = getattr(self, self.request.method.lower(), None)
 
-        if not handler:
+        if not handler or self.request.method.lower() not in self.allowed_http_methods:
             logger.warning(
                 "Method Not Allowed (%s): %s",
                 self.request.method,
@@ -100,14 +109,4 @@ class View:
         return response
 
     def _allowed_methods(self) -> list[str]:
-        known_http_method_names = [
-            "get",
-            "post",
-            "put",
-            "patch",
-            "delete",
-            "head",
-            "options",
-            "trace",
-        ]
-        return [m.upper() for m in known_http_method_names if hasattr(self, m)]
+        return [m.upper() for m in self.allowed_http_methods if hasattr(self, m)]

plain/views/csrf.py

@@ -1,24 +1,4 @@
-from functools import wraps
-
-from plain.utils.decorators import method_decorator
-
-
-def csrf_exempt(view_func):
-    """Mark a view function as being exempt from the CSRF view protection."""
-
-    # view_func.csrf_exempt = True would also work, but decorators are nicer
-    # if they don't have side effects, so return a new function.
-    @wraps(view_func)
-    def wrapper_view(*args, **kwargs):
-        return view_func(*args, **kwargs)
-
-    wrapper_view.csrf_exempt = True
-    return wrapper_view
-
-
-@method_decorator(csrf_exempt, name="get_response")
 class CsrfExemptViewMixin:
-    """CsrfExemptViewMixin needs to come before View in the class definition"""
-
-    def get_response(self):
-        return super().get_response()
+    def setup(self, *args, **kwargs):
+        super().setup(*args, **kwargs)
+        self.request.csrf_exempt = True

{plain-0.17.0.dist-info → plain-0.18.0.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: plain
-Version: 0.17.0
+Version: 0.18.0
 Summary: A web framework for building products with Python.
 Author-email: Dave Gaeddert <dave.gaeddert@dropseed.dev>
 License-File: LICENSE

{plain-0.17.0.dist-info → plain-0.18.0.dist-info}/RECORD

@@ -22,8 +22,8 @@ plain/cli/packages.py,sha256=FqRJaizaxpQ8lSS4nYNjqIGpYGDbeTmCXCvkGxusGOM,2160
 plain/cli/print.py,sha256=XraUYrgODOJquIiEv78wSCYGRBplHXtXSS9QtFG5hqY,217
 plain/cli/startup.py,sha256=3LIz9JrIZoF52Sa0j0SCypQwEaBDkhvuGaBdtiQLr5Q,680
 plain/csrf/README.md,sha256=RXMWMtHmzf30gVVNOfj0kD4xlSqFIPgJh-n7dIciaEM,163
-plain/csrf/middleware.py,sha256=pD9un9oLK6YNAEPW0rsVDsHyhyxmAA_IDE5hXs6mHiA,17776
-plain/csrf/views.py,sha256=YDgT451X16iUdCxpQ6rcHIy7nD0u7DAvCQl5-Mx5i9Y,219
+plain/csrf/middleware.py,sha256=1szNRF-kKJdjhTw_Jw1Cp2IldtrLtbUqAApJOrVP1qc,17449
+plain/csrf/views.py,sha256=HwQqfI6KPelHP9gSXhjfZaTLQic71PKsoZ6DPhr1rKI,572
 plain/forms/README.md,sha256=fglB9MmHiEgfGGdZmcRstNl6eYaFljrElu2mzapK52M,377
 plain/forms/__init__.py,sha256=UxqPwB8CiYPCQdHmUc59jadqaXqDmXBH8y4bt9vTPms,226
 plain/forms/boundfield.py,sha256=LhydhCVR0okrli0-QBMjGjAJ8-06gTCXVEaBZhBouQk,1741
@@ -47,7 +47,7 @@ plain/internal/files/uploadedfile.py,sha256=JRB7T3quQjg-1y3l1ASPxywtSQZhaeMc45uF
 plain/internal/files/uploadhandler.py,sha256=eEnd5onstypjHYtg367PnVWwCaF1kAPlLPSV7goIf_E,7198
 plain/internal/files/utils.py,sha256=xN4HTJXDRdcoNyrL1dFd528MBwodRlHZM8DGTD_oBIg,2646
 plain/internal/handlers/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-plain/internal/handlers/base.py,sha256=I6549DBZUb-anqox7arzL9wpypH4bUCxZkitO76hljI,4794
+plain/internal/handlers/base.py,sha256=_1aRNrNgqdx8kkUlXYRJNOTnZ_Z236JNYNcTdp7RRjc,4228
 plain/internal/handlers/exception.py,sha256=DH9gh1FyqgetFpMaB8yLIVE6phBTVPKQLA1GIn9MOeI,4555
 plain/internal/handlers/wsgi.py,sha256=estA1QKHTk3ZqziWxenHsw5UO2cwPp3Zr0XjkDeM5TY,7561
 plain/internal/middleware/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
@@ -90,7 +90,7 @@ plain/templates/jinja/filters.py,sha256=3KJKKbxcv9dLzUDWPcaa88k3NU2m1GG3iMIgFhzX
 plain/templates/jinja/globals.py,sha256=qhvQuikkRkOTpHSW5FwdsvoViJNlRgHq3-O7ZyeajsE,669
 plain/test/README.md,sha256=Zso3Ir7a8vQerzKB6egjROQWkpveLAbscn7VTROPAiU,37
 plain/test/__init__.py,sha256=rXe88Y602NP8DBnReSyXb7dUzKoWweLuT43j-qwOUl4,138
-plain/test/client.py,sha256=Z9PQHLY-dg303P0bXJFIpmJuCjyB6oaD4opvla4yh-Q,31365
+plain/test/client.py,sha256=wqypz5iIu28ubaEqMdx4wO7n6IPcBRkgkVXeEdr_qZg,31351
 plain/urls/README.md,sha256=pWnCvgYkWN7rG7hSyBOtX4ZUP3iO7FhqM6lvwwYll6c,33
 plain/urls/__init__.py,sha256=3UzwIufXjIks2K_X_Vms2MV19IqvyPLrXUeHU3WP47c,753
 plain/urls/base.py,sha256=Q1TzI5WvqYkN1U81fDom1q-AID4dXbszEMF6wAeTAI0,3717
@@ -109,7 +109,7 @@ plain/utils/dateformat.py,sha256=nsy71l16QuPN0ozGpVlCU5Et101fhk9L38F-wqT5p5I,102
 plain/utils/dateparse.py,sha256=u9_tF85YteXSjW9KQzNg_pcCEFDZS3EGorCddcWU0vE,5351
 plain/utils/dates.py,sha256=hSDKz8eIb3W5QjmGiklFZZELB0inYXsfiRUy49Cx-2Q,1226
 plain/utils/deconstruct.py,sha256=7NwEFIDCiadAArUBFmiErzDgfIgDWeKqqQFDXwSgQoQ,1830
-plain/utils/decorators.py,sha256=6pcFQ5TezYZoO5Ys1KnImOsv0nUMsFCdxal-S6brUOc,3468
+plain/utils/decorators.py,sha256=mLHOo2jLdvYRo2z8lkeVn2vQErlj7xC6XoLwZBYf_z8,358
 plain/utils/deprecation.py,sha256=qtj33kHEmJU7mGSrNcKidZsMo5W8MN-zrXzUq3aVVy8,131
 plain/utils/duration.py,sha256=l0Gc41-DeyyAmpdy2XG-YO5UKxMf1NDpWIlQuD5hAn0,1162
 plain/utils/email.py,sha256=puRTBVuz44YvpnqV3LT4nNIKqdqfY3L8zbDJIkqHk2Y,328
@@ -130,16 +130,16 @@ plain/utils/timezone.py,sha256=6u0sE-9RVp0_OCe0Y1KiYYQoq5THWLokZFQYY8jf78g,6221
 plain/utils/tree.py,sha256=wdWzmfsgc26YDF2wxhAY3yVxXTixQYqYDKE9mL3L3ZY,4383
 plain/views/README.md,sha256=qndsXKyNMnipPlLaAvgQeGxqXknNQwlFh31Yxk8rHp8,5994
 plain/views/__init__.py,sha256=a-N1nkklVohJTtz0yD1MMaS0g66HviEjsKydNVVjvVc,392
-plain/views/base.py,sha256=wMkCAbr3XqXyP8dJr-O9atA1-N6K4-cTFflLhSYGOpY,3227
-plain/views/csrf.py,sha256=gO9npd_Ut_LoYF_u7Qb_ZsPRfSeE3aTPG97XlMp4oEo,724
+plain/views/base.py,sha256=HxOOOKZDCCZDmy2cJCEhYswVeIHZ9TukYh1zibeUn6w,3160
+plain/views/csrf.py,sha256=7q6l5xzLWhRnMY64aNj0hR6G-3pxI2yhRwG6k_5j00E,144
 plain/views/errors.py,sha256=Y4oGX4Z6D2COKcDEfINvXE1acE8Ad15KwNNWPs5BCfc,967
 plain/views/exceptions.py,sha256=b4euI49ZUKS9O8AGAcFfiDpstzkRAuuj_uYQXzWNHME,138
 plain/views/forms.py,sha256=RhlaUcZCkeqokY_fvv-NOS-kgZAG4XhDLOPbf9K_Zlc,2691
 plain/views/objects.py,sha256=fRfS6KNehIGqkbPw4nSafj8HStxYExHmbggolBbzcxs,7921
 plain/views/redirect.py,sha256=KLnlktzK6ZNMTlaEiZpMKQMEP5zeTgGLJ9BIkIJfwBo,1733
 plain/views/templates.py,sha256=nF9CcdhhjAyp3LB0RrSYnBaHpHzMfPSw719RCdcXk7o,2007
-plain-0.17.0.dist-info/METADATA,sha256=97ESRcFn2YsQ3VM9sIv5rO7j489XgP70TNssLtu5c08,2518
-plain-0.17.0.dist-info/WHEEL,sha256=qtCwoSJWgHk21S1Kb4ihdzI2rlJ1ZKaIurTj_ngOhyQ,87
-plain-0.17.0.dist-info/entry_points.txt,sha256=DHHprvufgd7xypiBiqMANYRnpJ9xPPYhYbnPGwOkWqE,40
-plain-0.17.0.dist-info/licenses/LICENSE,sha256=m0D5O7QoH9l5Vz_rrX_9r-C8d9UNr_ciK6Qwac7o6yo,3175
-plain-0.17.0.dist-info/RECORD,,
+plain-0.18.0.dist-info/METADATA,sha256=Qik7zQyhLtbB8QcE6qwCar14RSDbiFaalX_6-VejaBc,2518
+plain-0.18.0.dist-info/WHEEL,sha256=qtCwoSJWgHk21S1Kb4ihdzI2rlJ1ZKaIurTj_ngOhyQ,87
+plain-0.18.0.dist-info/entry_points.txt,sha256=DHHprvufgd7xypiBiqMANYRnpJ9xPPYhYbnPGwOkWqE,40
+plain-0.18.0.dist-info/licenses/LICENSE,sha256=m0D5O7QoH9l5Vz_rrX_9r-C8d9UNr_ciK6Qwac7o6yo,3175
+plain-0.18.0.dist-info/RECORD,,