PyPI - platzky - Versions diffs - 0.3.3__py3-none-any.whl → 0.3.5__py3-none-any.whl - Mend

platzky 0.3.3py3-none-any.whl → 0.3.5py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

platzky/admin/fake_login.py +36 -14
platzky/platzky.py +2 -0
{platzky-0.3.3.dist-info → platzky-0.3.5.dist-info}/METADATA +1 -1
{platzky-0.3.3.dist-info → platzky-0.3.5.dist-info}/RECORD +5 -5
{platzky-0.3.3.dist-info → platzky-0.3.5.dist-info}/WHEEL +0 -0

platzky/admin/fake_login.py CHANGED Viewed

@@ -8,7 +8,8 @@ environments as it bypasses proper authentication and authorization controls.
 import os
 from typing import Any, Callable
-from flask import Blueprint, flash, redirect, session, url_for
+from flask import Blueprint, flash, redirect, render_template_string, session, url_for
+from flask_wtf import FlaskForm
 from markupsafe import Markup
 ROLE_ADMIN = "admin"
@@ -16,6 +17,17 @@ ROLE_NONADMIN = "nonadmin"
 VALID_ROLES = [ROLE_ADMIN, ROLE_NONADMIN]
+class FakeLoginForm(FlaskForm):
+    """
+    Empty form class that inherits CSRF protection from FlaskForm.
+    Used specifically for the fake login functionality to enable
+    CSRF token validation on form submissions.
+    """
+    pass
 def get_fake_login_html() -> Callable[[], str]:
     """Return a callable that generates HTML for fake login buttons."""
@@ -23,8 +35,11 @@ def get_fake_login_html() -> Callable[[], str]:
         admin_url = url_for("admin.handle_fake_login", role="admin")
         nonadmin_url = url_for("admin.handle_fake_login", role="nonadmin")
-        # Rest of the code remains the same
-        html = f"""
+        # Create a form instance to get the CSRF token
+        form = FakeLoginForm()
+        html = render_template_string(
+            """
         <div class="col-md-6 mb-4">
           <div class="card">
             <div class="card-header">
@@ -33,19 +48,24 @@ def get_fake_login_html() -> Callable[[], str]:
             <div class="card-body">
               <p class="text-danger"><strong>Warning:</strong> For development only</p>
               <div class="d-flex justify-content-around">
-                <form method="post" action="{admin_url}" style="display: inline;">
-                  <input type="hidden" name="csrf_token" value="{{ csrf_token() }}">
+                <form method="post" action="{{ admin_url }}" style="display: inline;">
+                  {{ form.csrf_token }}
                   <button type="submit" class="btn btn-primary">Login as Admin</button>
                 </form>
-                <form method="post" action="{nonadmin_url}" style="display: inline;">
-                  <input type="hidden" name="csrf_token" value="{{ csrf_token() }}">
+                <form method="post" action="{{ nonadmin_url }}" style="display: inline;">
+                  {{ form.csrf_token }}
                   <button type="submit" class="btn btn-secondary">Login as Non-Admin</button>
                 </form>
               </div>
             </div>
           </div>
         </div>
-        """
+        """,
+            form=form,
+            admin_url=admin_url,
+            nonadmin_url=nonadmin_url,
+        )
         return Markup(html)
     return generate_html
@@ -70,13 +90,15 @@ def setup_fake_login_routes(admin_blueprint: Blueprint) -> Blueprint:
     @admin_blueprint.route("/fake-login/<role>", methods=["POST"])
     def handle_fake_login(role: str) -> Any:
-        if role not in VALID_ROLES:
-            flash(f"Invalid role: {role}. Must be one of: {', '.join(VALID_ROLES)}", "error")
+        form = FakeLoginForm()
+        if form.validate_on_submit() and role in VALID_ROLES:
+            if role == ROLE_ADMIN:
+                session["user"] = {"username": ROLE_ADMIN, "role": ROLE_ADMIN}
+            else:
+                session["user"] = {"username": "user", "role": ROLE_NONADMIN}
             return redirect(url_for("admin.admin_panel_home"))
-        if role == ROLE_ADMIN:
-            session["user"] = {"username": ROLE_ADMIN, "role": ROLE_ADMIN}
-        else:
-            session["user"] = {"username": "user", "role": ROLE_NONADMIN}
+        flash(f"Invalid role: {role}. Must be one of: {', '.join(VALID_ROLES)}", "error")
         return redirect(url_for("admin.admin_panel_home"))
     return admin_blueprint

platzky/platzky.py CHANGED Viewed

@@ -3,6 +3,7 @@ import urllib.parse
 from flask import redirect, render_template, request, session
 from flask_minify import Minify
+from flask_wtf import CSRFProtect
 from platzky.admin import admin
 from platzky.blog import blog
@@ -107,6 +108,7 @@ def create_app_from_config(config: Config) -> Engine:
     engine.register_blueprint(seo_blueprint)
     Minify(app=engine, html=True, js=True, cssless=True)
+    CSRFProtect(app=engine)
     return engine

{platzky-0.3.3.dist-info → platzky-0.3.5.dist-info}/METADATA RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.3
 Name: platzky
-Version: 0.3.3
+Version: 0.3.5
 Summary: Not only blog engine
 License: MIT
 Requires-Python: >=3.10,<4.0

{platzky-0.3.3.dist-info → platzky-0.3.5.dist-info}/RECORD RENAMED Viewed

@@ -1,6 +1,6 @@
 platzky/__init__.py,sha256=IhL91rSWxIIJQNfVsqJ1d4yY5D2WyWcefo4Xv2aX_lo,180
 platzky/admin/admin.py,sha256=nQq0IcBhrcX6S4gd71MejOcc2yizVv20UmF4ZRvZnBk,1019
-platzky/admin/fake_login.py,sha256=a9mJFwqk4f5rAcRAY9E_maSd4BYZWvWdf_22IUBcvn4,3011
+platzky/admin/fake_login.py,sha256=tGsdofPyI3P65pol_3Nbj5075xjA_CU090brnBVNjxg,3480
 platzky/admin/templates/admin.html,sha256=4WdatUbuWakR3Yhrr7ClzKlUMXVcYdl_2kMBzW_faM0,813
 platzky/admin/templates/login.html,sha256=oBNuv130iMTwXrtRnDUDcGIGvu0O2VsIbjQxw-Tjd7Y,380
 platzky/admin/templates/module.html,sha256=WuQZxKQDD4INl-QF2uiKHf9Fmf2h7cEW9RLe1nWKC8k,175
@@ -21,7 +21,7 @@ platzky/engine.py,sha256=mweAkMG-DCei84rXfggukcsMyje4rj9rSk5v5AwnF04,1896
 platzky/locale/en/LC_MESSAGES/messages.po,sha256=WaZGlFAegKRq7CSz69dWKic-mKvQFhVvssvExxNmGaU,1400
 platzky/locale/pl/LC_MESSAGES/messages.po,sha256=sUPxMKDeEOoZ5UIg94rGxZD06YVWiAMWIby2XE51Hrc,1624
 platzky/models.py,sha256=-IIlyeLzACeTUpzuzvzJYxtT57E6wRiERoRgXJYMMtY,1502
-platzky/platzky.py,sha256=wy79uXK3qignoRn7jj-bJxSRSGsS_qqsTRzRZihd2UY,3819
+platzky/platzky.py,sha256=o4gvQc6i_fJhMembJ2FXEbfHOgmFyGqub5hgQ6roxDc,3881
 platzky/plugin/plugin.py,sha256=tV8aobIzMDJe1frKUAi4kLbrTAIS0FWE3oYpktSo6Ug,1633
 platzky/plugin/plugin_loader.py,sha256=MeQ8LNbrOomwXgc1ISHuyhjZd2mzYKen70eDShWs-Co,3497
 platzky/seo/seo.py,sha256=N_MmAA4KJZmmrDUh0hYNtD8ycOwpNKow4gVSAv8V3N4,2631
@@ -39,6 +39,6 @@ platzky/templates/post.html,sha256=GSgjIZsOQKtNx3cEbquSjZ5L4whPnG6MzRyoq9k4B8Q,1
 platzky/templates/robots.txt,sha256=2_j2tiYtYJnzZUrANiX9pvBxyw5Dp27fR_co18BPEJ0,116
 platzky/templates/sitemap.xml,sha256=iIJZ91_B5ZuNLCHsRtsGKZlBAXojOTP8kffqKLacgvs,578
 platzky/www_handler.py,sha256=pF6Rmvem1sdVqHD7z3RLrDuG-CwAqfGCti50_NPsB2w,725
-platzky-0.3.3.dist-info/METADATA,sha256=T_xvNjmWYBFSwwgm5MplpGkF0_pUnVQsPlcoiqllbd4,1727
-platzky-0.3.3.dist-info/WHEEL,sha256=b4K_helf-jlQoXBBETfwnf4B04YC67LOev0jo4fX5m8,88
-platzky-0.3.3.dist-info/RECORD,,
+platzky-0.3.5.dist-info/METADATA,sha256=oZaDnSFu_8RO8Cni_bey2UobtQu53XYDq-83Xbw1MS4,1727
+platzky-0.3.5.dist-info/WHEEL,sha256=b4K_helf-jlQoXBBETfwnf4B04YC67LOev0jo4fX5m8,88
+platzky-0.3.5.dist-info/RECORD,,

{platzky-0.3.3.dist-info → platzky-0.3.5.dist-info}/WHEEL RENAMED Viewed

File without changes

platzky 0.3.3__py3-none-any.whl → 0.3.5__py3-none-any.whl

platzky 0.3.3py3-none-any.whl → 0.3.5py3-none-any.whl