Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Pyramid 1.7's new require_csrf view deriver causes issues #248

Closed
digitalresistor opened this issue Apr 16, 2016 · 4 comments
Closed

Pyramid 1.7's new require_csrf view deriver causes issues #248

digitalresistor opened this issue Apr 16, 2016 · 4 comments

Comments

@digitalresistor
Copy link
Member

digitalresistor commented Apr 16, 2016
edited
Loading

I haven't taken a look to figure out what is going on, but I have a feeling we need to teach pyramid_debugtoolbar about the standard view derivations, and or even turn them off.

I turned on pyramid.require_default_csrf = True in my development.ini

Attached is a traceback from a view being activated. I don't currently have an exception view that captures the BadCSRFToken exception.

2016-04-15 23:23:38,472 ERROR [waitress:341][waitress] Exception when serving /api/v1.0/user/login
Traceback (most recent call last):
  File "/Users/xistence/.ve/fulgent/lib/python3.5/site-packages/pyramid/tweens.py", line 20, in excview_tween
    response = handler(request)
  File "/Users/xistence/.ve/fulgent/lib/python3.5/site-packages/pyramid_tm/__init__.py", line 99, in tm_tween
    reraise(*exc_info)
  File "/Users/xistence/.ve/fulgent/lib/python3.5/site-packages/pyramid_tm/compat.py", line 15, in reraise
    raise value
  File "/Users/xistence/.ve/fulgent/lib/python3.5/site-packages/pyramid_tm/__init__.py", line 80, in tm_tween
    response = handler(request)
  File "/Users/xistence/.ve/fulgent/lib/python3.5/site-packages/pyramid/router.py", line 158, in handle_request
    view_name
  File "/Users/xistence/.ve/fulgent/lib/python3.5/site-packages/pyramid/view.py", line 546, in _call_view
    response = view_callable(context, request)
  File "/Users/xistence/.ve/fulgent/lib/python3.5/site-packages/pyramid/viewderivers.py", line 377, in attr_view
    return view(context, request)
  File "/Users/xistence/.ve/fulgent/lib/python3.5/site-packages/pyramid/viewderivers.py", line 355, in predicate_wrapper
    return view(context, request)
  File "/Users/xistence/.ve/fulgent/lib/python3.5/site-packages/pyramid/viewderivers.py", line 338, in _authdebug_view
    return view(context, request)
  File "/Users/xistence/.ve/fulgent/lib/python3.5/site-packages/pyramid/viewderivers.py", line 294, in _secured_view
    return view(context, request)
  File "/Users/xistence/.ve/fulgent/lib/python3.5/site-packages/pyramid/viewderivers.py", line 494, in csrf_view
    check_csrf_token(request, val, raises=True)
  File "/Users/xistence/.ve/fulgent/lib/python3.5/site-packages/pyramid/session.py", line 147, in check_csrf_token
    raise BadCSRFToken('check_csrf_token(): Invalid token')
pyramid.exceptions.BadCSRFToken: check_csrf_token(): Invalid token

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/Users/xistence/.ve/fulgent/lib/python3.5/site-packages/pyramid_debugtoolbar/toolbar.py", line 192, in toolbar_tween
    response = _handler(request)
  File "/Users/xistence/.ve/fulgent/lib/python3.5/site-packages/pyramid_debugtoolbar/panels/performance.py", line 57, in resource_timer_handler
    result = handler(request)
  File "/Users/xistence/.ve/fulgent/lib/python3.5/site-packages/pyramid/tweens.py", line 48, in excview_tween
    request_iface=request_iface.combined
  File "/Users/xistence/.ve/fulgent/lib/python3.5/site-packages/pyramid/view.py", line 546, in _call_view
    response = view_callable(context, request)
  File "/Users/xistence/.ve/fulgent/lib/python3.5/site-packages/pyramid/viewderivers.py", line 377, in attr_view
    return view(context, request)
  File "/Users/xistence/.ve/fulgent/lib/python3.5/site-packages/pyramid/viewderivers.py", line 355, in predicate_wrapper
    return view(context, request)
  File "/Users/xistence/.ve/fulgent/lib/python3.5/site-packages/pyramid/viewderivers.py", line 338, in _authdebug_view
    return view(context, request)
  File "/Users/xistence/.ve/fulgent/lib/python3.5/site-packages/pyramid/viewderivers.py", line 494, in csrf_view
    check_csrf_token(request, val, raises=True)
  File "/Users/xistence/.ve/fulgent/lib/python3.5/site-packages/pyramid/session.py", line 147, in check_csrf_token
    raise BadCSRFToken('check_csrf_token(): Invalid token')
pyramid.exceptions.BadCSRFToken: check_csrf_token(): Invalid token

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/Users/xistence/.ve/fulgent/lib/python3.5/site-packages/waitress/channel.py", line 338, in service
    task.service()
  File "/Users/xistence/.ve/fulgent/lib/python3.5/site-packages/waitress/task.py", line 169, in service
    self.execute()
  File "/Users/xistence/.ve/fulgent/lib/python3.5/site-packages/waitress/task.py", line 399, in execute
    app_iter = self.channel.server.application(env, start_response)
  File "/Users/xistence/.ve/fulgent/lib/python3.5/site-packages/pyramid/router.py", line 236, in __call__
    response = self.invoke_subrequest(request, use_tweens=True)
  File "/Users/xistence/.ve/fulgent/lib/python3.5/site-packages/pyramid/router.py", line 211, in invoke_subrequest
    response = handle_request(request)
  File "/Users/xistence/.ve/fulgent/lib/python3.5/site-packages/pyramid_debugtoolbar/toolbar.py", line 218, in toolbar_tween
    response = request.invoke_subrequest(subrequest)
  File "/Users/xistence/.ve/fulgent/lib/python3.5/site-packages/pyramid/router.py", line 211, in invoke_subrequest
    response = handle_request(request)
  File "/Users/xistence/.ve/fulgent/lib/python3.5/site-packages/pyramid/router.py", line 158, in handle_request
    view_name
  File "/Users/xistence/.ve/fulgent/lib/python3.5/site-packages/pyramid/view.py", line 546, in _call_view
    response = view_callable(context, request)
  File "/Users/xistence/.ve/fulgent/lib/python3.5/site-packages/pyramid/viewderivers.py", line 338, in _authdebug_view
    return view(context, request)
  File "/Users/xistence/.ve/fulgent/lib/python3.5/site-packages/pyramid/viewderivers.py", line 494, in csrf_view
    check_csrf_token(request, val, raises=True)
  File "/Users/xistence/.ve/fulgent/lib/python3.5/site-packages/pyramid/session.py", line 147, in check_csrf_token
    raise BadCSRFToken('check_csrf_token(): Invalid token')
pyramid.exceptions.BadCSRFToken: check_csrf_token(): Invalid token
@mmerickel
Copy link
Member

I think since the toolbar is currently mounted inside the pyramid app using wsgiapp2 we need to set require_csrf=False on that view. The more ideal option is to not mount the toolbar inside the user's app but rather outside. It would reduce the need for solving several subtle issues like this one.

@mmerickel mmerickel mentioned this issue Apr 21, 2016
Merged
@mmerickel
Copy link
Member

Can you please confirm that #253 fixes this for you?

@digitalresistor
Copy link
Member Author

Do you still need me to test?

@mmerickel
Copy link
Member

Well it'd be nice, yeah. I'm pretty confident it's fixed but haven't confirmed it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@mmerickel @digitalresistor