diff --git a/cms/djangoapps/contentstore/views/assets.py b/cms/djangoapps/contentstore/views/assets.py index f15e8feeb9..3a9907a7d5 100644 --- a/cms/djangoapps/contentstore/views/assets.py +++ b/cms/djangoapps/contentstore/views/assets.py @@ -5,9 +5,8 @@ import json from django.http import HttpResponseBadRequest from django.contrib.auth.decorators import login_required -from django.views.decorators.http import require_http_methods -from django_future.csrf import ensure_csrf_cookie -from django.views.decorators.http import require_POST +from django.views.decorators.csrf import ensure_csrf_cookie +from django.views.decorators.http import require_http_methods, require_POST from django.conf import settings from edxmako.shortcuts import render_to_response diff --git a/cms/djangoapps/contentstore/views/certificates.py b/cms/djangoapps/contentstore/views/certificates.py index 3a7e1a924d..154605dfe5 100644 --- a/cms/djangoapps/contentstore/views/certificates.py +++ b/cms/djangoapps/contentstore/views/certificates.py @@ -25,7 +25,7 @@ import json from django.conf import settings from django.contrib.auth.decorators import login_required -from django_future.csrf import ensure_csrf_cookie +from django.views.decorators.csrf import ensure_csrf_cookie from django.http import HttpResponse from django.utils.translation import ugettext as _ from django.views.decorators.http import require_http_methods diff --git a/cms/djangoapps/contentstore/views/checklist.py b/cms/djangoapps/contentstore/views/checklist.py index 93c4bff9eb..9b40a3d88a 100644 --- a/cms/djangoapps/contentstore/views/checklist.py +++ b/cms/djangoapps/contentstore/views/checklist.py @@ -5,7 +5,7 @@ from util.json_request import JsonResponse from django.http import HttpResponseBadRequest from django.contrib.auth.decorators import login_required from django.views.decorators.http import require_http_methods -from django_future.csrf import ensure_csrf_cookie +from django.views.decorators.csrf import ensure_csrf_cookie from edxmako.shortcuts import render_to_response from django.http import HttpResponseNotFound from django.core.exceptions import PermissionDenied diff --git a/cms/djangoapps/contentstore/views/course.py b/cms/djangoapps/contentstore/views/course.py index 06addcbe0e..6289f61070 100644 --- a/cms/djangoapps/contentstore/views/course.py +++ b/cms/djangoapps/contentstore/views/course.py @@ -30,7 +30,7 @@ from opaque_keys import InvalidKeyError from opaque_keys.edx.locations import Location from opaque_keys.edx.keys import CourseKey -from django_future.csrf import ensure_csrf_cookie +from django.views.decorators.csrf import ensure_csrf_cookie from contentstore.course_info_model import get_course_updates, update_course_updates, delete_course_update from contentstore.course_group_config import ( GroupConfiguration, diff --git a/cms/djangoapps/contentstore/views/entrance_exam.py b/cms/djangoapps/contentstore/views/entrance_exam.py index a6b1f85fc4..320ce3df3a 100644 --- a/cms/djangoapps/contentstore/views/entrance_exam.py +++ b/cms/djangoapps/contentstore/views/entrance_exam.py @@ -7,7 +7,7 @@ import json import logging from django.contrib.auth.decorators import login_required -from django_future.csrf import ensure_csrf_cookie +from django.views.decorators.csrf import ensure_csrf_cookie from django.http import HttpResponse, HttpResponseBadRequest from contentstore.views.helpers import create_xblock, remove_entrance_exam_graders diff --git a/cms/djangoapps/contentstore/views/export_git.py b/cms/djangoapps/contentstore/views/export_git.py index f3cc5d04f3..bb1f1d4c0e 100644 --- a/cms/djangoapps/contentstore/views/export_git.py +++ b/cms/djangoapps/contentstore/views/export_git.py @@ -7,7 +7,7 @@ import logging from django.contrib.auth.decorators import login_required from django.core.exceptions import PermissionDenied -from django_future.csrf import ensure_csrf_cookie +from django.views.decorators.csrf import ensure_csrf_cookie from django.utils.translation import ugettext as _ from student.auth import has_course_author_access diff --git a/cms/djangoapps/contentstore/views/import_export.py b/cms/djangoapps/contentstore/views/import_export.py index 3e6768cd69..64ee42e9ca 100644 --- a/cms/djangoapps/contentstore/views/import_export.py +++ b/cms/djangoapps/contentstore/views/import_export.py @@ -18,9 +18,9 @@ from django.core.files.temp import NamedTemporaryFile from django.core.servers.basehttp import FileWrapper from django.http import HttpResponse, HttpResponseNotFound from django.utils.translation import ugettext as _ +from django.views.decorators.csrf import ensure_csrf_cookie from django.views.decorators.http import require_http_methods, require_GET -from django_future.csrf import ensure_csrf_cookie import dogstats_wrapper as dog_stats_api from edxmako.shortcuts import render_to_response from xmodule.contentstore.django import contentstore diff --git a/cms/djangoapps/contentstore/views/library.py b/cms/djangoapps/contentstore/views/library.py index a5aa09a6f0..7bb3cc1e1a 100644 --- a/cms/djangoapps/contentstore/views/library.py +++ b/cms/djangoapps/contentstore/views/library.py @@ -16,7 +16,7 @@ from django.core.exceptions import PermissionDenied from django.conf import settings from django.utils.translation import ugettext as _ from django.views.decorators.http import require_http_methods -from django_future.csrf import ensure_csrf_cookie +from django.views.decorators.csrf import ensure_csrf_cookie from edxmako.shortcuts import render_to_response from opaque_keys import InvalidKeyError from opaque_keys.edx.keys import CourseKey diff --git a/cms/djangoapps/contentstore/views/public.py b/cms/djangoapps/contentstore/views/public.py index 7bc6545868..e1f2a2f043 100644 --- a/cms/djangoapps/contentstore/views/public.py +++ b/cms/djangoapps/contentstore/views/public.py @@ -1,7 +1,7 @@ """ Public views """ -from django_future.csrf import ensure_csrf_cookie +from django.views.decorators.csrf import ensure_csrf_cookie from django.core.context_processors import csrf from django.core.urlresolvers import reverse from django.shortcuts import redirect diff --git a/cms/djangoapps/contentstore/views/tabs.py b/cms/djangoapps/contentstore/views/tabs.py index eecb80672b..e47e36f767 100644 --- a/cms/djangoapps/contentstore/views/tabs.py +++ b/cms/djangoapps/contentstore/views/tabs.py @@ -8,7 +8,7 @@ from django.http import HttpResponseNotFound from django.conf import settings from django.contrib.auth.decorators import login_required from django.core.exceptions import PermissionDenied -from django_future.csrf import ensure_csrf_cookie +from django.views.decorators.csrf import ensure_csrf_cookie from django.views.decorators.http import require_http_methods from edxmako.shortcuts import render_to_response diff --git a/cms/djangoapps/contentstore/views/user.py b/cms/djangoapps/contentstore/views/user.py index 10373a8dc6..7ee92c0ba4 100644 --- a/cms/djangoapps/contentstore/views/user.py +++ b/cms/djangoapps/contentstore/views/user.py @@ -4,7 +4,7 @@ from django.contrib.auth.decorators import login_required from django.views.decorators.http import require_http_methods from django.utils.translation import ugettext as _ from django.views.decorators.http import require_POST -from django_future.csrf import ensure_csrf_cookie +from django.views.decorators.csrf import ensure_csrf_cookie from edxmako.shortcuts import render_to_response from xmodule.modulestore.django import modulestore diff --git a/common/djangoapps/django_future/__init__.py b/common/djangoapps/django_future/__init__.py deleted file mode 100644 index e69de29bb2..0000000000 diff --git a/common/djangoapps/django_future/csrf.py b/common/djangoapps/django_future/csrf.py deleted file mode 100644 index 151d7f6013..0000000000 --- a/common/djangoapps/django_future/csrf.py +++ /dev/null @@ -1,83 +0,0 @@ -# Taken from Django 1.4 - -import warnings - -from django.middleware.csrf import CsrfViewMiddleware, get_token -from django.utils.decorators import decorator_from_middleware, available_attrs -from functools import wraps - -csrf_protect = decorator_from_middleware(CsrfViewMiddleware) -csrf_protect.__name__ = "csrf_protect" -csrf_protect.__doc__ = """ -This decorator adds CSRF protection in exactly the same way as -CsrfViewMiddleware, but it can be used on a per view basis. Using both, or -using the decorator multiple times, is harmless and efficient. -""" - - -class _EnsureCsrfToken(CsrfViewMiddleware): - # We need this to behave just like the CsrfViewMiddleware, but not reject - # requests. - def _reject(self, request, reason): - return None - - -requires_csrf_token = decorator_from_middleware(_EnsureCsrfToken) -requires_csrf_token.__name__ = 'requires_csrf_token' -requires_csrf_token.__doc__ = """ -Use this decorator on views that need a correct csrf_token available to -RequestContext, but without the CSRF protection that csrf_protect -enforces. -""" - - -class _EnsureCsrfCookie(CsrfViewMiddleware): - def _reject(self, request, reason): - return None - - def process_view(self, request, callback, callback_args, callback_kwargs): - retval = super(_EnsureCsrfCookie, self).process_view(request, callback, callback_args, callback_kwargs) - # Forces process_response to send the cookie - get_token(request) - return retval - - -ensure_csrf_cookie = decorator_from_middleware(_EnsureCsrfCookie) -ensure_csrf_cookie.__name__ = 'ensure_csrf_cookie' -ensure_csrf_cookie.__doc__ = """ -Use this decorator to ensure that a view sets a CSRF cookie, whether or not it -uses the csrf_token template tag, or the CsrfViewMiddleware is used. -""" - - -def csrf_response_exempt(view_func): - """ - Modifies a view function so that its response is exempt - from the post-processing of the CSRF middleware. - """ - warnings.warn("csrf_response_exempt is deprecated. It no longer performs a " - "function, and calls to it can be removed.", - PendingDeprecationWarning) - return view_func - - -def csrf_view_exempt(view_func): - """ - Marks a view function as being exempt from CSRF view protection. - """ - warnings.warn("csrf_view_exempt is deprecated. Use csrf_exempt instead.", - PendingDeprecationWarning) - return csrf_exempt(view_func) - - -def csrf_exempt(view_func): - """ - Marks a view function as being exempt from the CSRF view protection. - """ - # We could just do view_func.csrf_exempt = True, but decorators - # are nicer if they don't have side-effects, so we return a new - # function. - def wrapped_view(*args, **kwargs): - return view_func(*args, **kwargs) - wrapped_view.csrf_exempt = True - return wraps(view_func, assigned=available_attrs(view_func))(wrapped_view) diff --git a/common/djangoapps/external_auth/views.py b/common/djangoapps/external_auth/views.py index 42d557a3b1..95d9ced656 100644 --- a/common/djangoapps/external_auth/views.py +++ b/common/djangoapps/external_auth/views.py @@ -34,7 +34,7 @@ try: from django.views.decorators.csrf import csrf_exempt except ImportError: from django.contrib.csrf.middleware import csrf_exempt -from django_future.csrf import ensure_csrf_cookie +from django.views.decorators.csrf import ensure_csrf_cookie import django_openid_auth.views as openid_views from django_openid_auth import auth as openid_auth diff --git a/common/djangoapps/student/views.py b/common/djangoapps/student/views.py index cadfafefe1..4337d7b278 100644 --- a/common/djangoapps/student/views.py +++ b/common/djangoapps/student/views.py @@ -26,11 +26,10 @@ from django.http import (HttpResponse, HttpResponseBadRequest, HttpResponseForbi HttpResponseServerError, Http404) from django.shortcuts import redirect from django.utils.translation import ungettext -from django_future.csrf import ensure_csrf_cookie from django.utils.http import cookie_date, base36_to_int from django.utils.translation import ugettext as _, get_language from django.views.decorators.cache import never_cache -from django.views.decorators.csrf import csrf_exempt +from django.views.decorators.csrf import csrf_exempt, ensure_csrf_cookie from django.views.decorators.http import require_POST, require_GET from django.db.models.signals import post_save diff --git a/common/djangoapps/track/views/__init__.py b/common/djangoapps/track/views/__init__.py index 17a0fa8ab8..c9a37963c5 100644 --- a/common/djangoapps/track/views/__init__.py +++ b/common/djangoapps/track/views/__init__.py @@ -7,7 +7,7 @@ from django.contrib.auth.decorators import login_required from django.http import HttpResponse from django.shortcuts import redirect -from django_future.csrf import ensure_csrf_cookie +from django.views.decorators.csrf import ensure_csrf_cookie from edxmako.shortcuts import render_to_response diff --git a/common/djangoapps/track/views/segmentio.py b/common/djangoapps/track/views/segmentio.py index 3c5c809932..fcb0707cee 100644 --- a/common/djangoapps/track/views/segmentio.py +++ b/common/djangoapps/track/views/segmentio.py @@ -8,7 +8,7 @@ from django.conf import settings from django.contrib.auth.models import User from django.http import HttpResponse from django.views.decorators.http import require_POST -from django_future.csrf import csrf_exempt +from django.views.decorators.csrf import csrf_exempt from eventtracking import tracker from opaque_keys.edx.keys import CourseKey diff --git a/lms/djangoapps/branding/views.py b/lms/djangoapps/branding/views.py index 8e950dfb91..398c025f2b 100644 --- a/lms/djangoapps/branding/views.py +++ b/lms/djangoapps/branding/views.py @@ -9,7 +9,7 @@ from django.views.decorators.cache import cache_control from django.http import HttpResponse, Http404 from django.utils import translation from django.shortcuts import redirect -from django_future.csrf import ensure_csrf_cookie +from django.views.decorators.csrf import ensure_csrf_cookie from staticfiles.storage import staticfiles_storage from edxmako.shortcuts import render_to_response diff --git a/lms/djangoapps/ccx/views.py b/lms/djangoapps/ccx/views.py index 339b21256f..d804bc4438 100644 --- a/lms/djangoapps/ccx/views.py +++ b/lms/djangoapps/ccx/views.py @@ -22,7 +22,7 @@ from django.core.validators import validate_email from django.shortcuts import redirect from django.utils.translation import ugettext as _ from django.views.decorators.cache import cache_control -from django_future.csrf import ensure_csrf_cookie # pylint: disable=import-error +from django.views.decorators.csrf import ensure_csrf_cookie from django.contrib.auth.decorators import login_required from django.contrib.auth.models import User diff --git a/lms/djangoapps/courseware/views.py b/lms/djangoapps/courseware/views.py index 7e996a4129..b4baf60894 100644 --- a/lms/djangoapps/courseware/views.py +++ b/lms/djangoapps/courseware/views.py @@ -24,7 +24,7 @@ from django.http import Http404, HttpResponse, HttpResponseBadRequest from django.shortcuts import redirect from certificates import api as certs_api from edxmako.shortcuts import render_to_response, render_to_string, marketing_link -from django_future.csrf import ensure_csrf_cookie +from django.views.decorators.csrf import ensure_csrf_cookie from django.views.decorators.cache import cache_control from django.db import transaction from markupsafe import escape diff --git a/lms/djangoapps/dashboard/sysadmin.py b/lms/djangoapps/dashboard/sysadmin.py index f139a759a3..2b656cecbd 100644 --- a/lms/djangoapps/dashboard/sysadmin.py +++ b/lms/djangoapps/dashboard/sysadmin.py @@ -25,7 +25,7 @@ from django.utils.translation import ugettext as _ from django.views.decorators.cache import cache_control from django.views.generic.base import TemplateView from django.views.decorators.http import condition -from django_future.csrf import ensure_csrf_cookie +from django.views.decorators.csrf import ensure_csrf_cookie from edxmako.shortcuts import render_to_response import mongoengine from path import path diff --git a/lms/djangoapps/debug/views.py b/lms/djangoapps/debug/views.py index 280674efbc..b7d5582eba 100644 --- a/lms/djangoapps/debug/views.py +++ b/lms/djangoapps/debug/views.py @@ -7,7 +7,7 @@ from django.http import Http404, HttpResponse, HttpResponseNotFound from django.contrib.auth.decorators import login_required from django.utils.html import escape -from django_future.csrf import ensure_csrf_cookie +from django.views.decorators.csrf import ensure_csrf_cookie from edxmako.shortcuts import render_to_response from codejail.safe_exec import safe_exec diff --git a/lms/djangoapps/instructor/hint_manager.py b/lms/djangoapps/instructor/hint_manager.py index 1ec82ef6f3..e61a1af479 100644 --- a/lms/djangoapps/instructor/hint_manager.py +++ b/lms/djangoapps/instructor/hint_manager.py @@ -11,7 +11,7 @@ import json import re from django.http import HttpResponse, Http404 -from django_future.csrf import ensure_csrf_cookie +from django.views.decorators.csrf import ensure_csrf_cookie from edxmako.shortcuts import render_to_response, render_to_string diff --git a/lms/djangoapps/instructor/views/api.py b/lms/djangoapps/instructor/views/api.py index d742809fc7..13cb42ab3a 100644 --- a/lms/djangoapps/instructor/views/api.py +++ b/lms/djangoapps/instructor/views/api.py @@ -12,7 +12,7 @@ import re import time import requests from django.conf import settings -from django_future.csrf import ensure_csrf_cookie +from django.views.decorators.csrf import ensure_csrf_cookie from django.views.decorators.http import require_POST from django.views.decorators.cache import cache_control from django.core.exceptions import ValidationError, PermissionDenied diff --git a/lms/djangoapps/instructor/views/instructor_dashboard.py b/lms/djangoapps/instructor/views/instructor_dashboard.py index be24f588c5..4dc436665a 100644 --- a/lms/djangoapps/instructor/views/instructor_dashboard.py +++ b/lms/djangoapps/instructor/views/instructor_dashboard.py @@ -12,7 +12,7 @@ import pytz from django.contrib.auth.decorators import login_required from django.views.decorators.http import require_POST from django.utils.translation import ugettext as _ -from django_future.csrf import ensure_csrf_cookie +from django.views.decorators.csrf import ensure_csrf_cookie from django.views.decorators.cache import cache_control from edxmako.shortcuts import render_to_response from django.core.urlresolvers import reverse diff --git a/lms/djangoapps/instructor/views/legacy.py b/lms/djangoapps/instructor/views/legacy.py index 951291f925..ea186146ce 100644 --- a/lms/djangoapps/instructor/views/legacy.py +++ b/lms/djangoapps/instructor/views/legacy.py @@ -20,7 +20,7 @@ from StringIO import StringIO from django.conf import settings from django.contrib.auth.models import User from django.http import HttpResponse -from django_future.csrf import ensure_csrf_cookie +from django.views.decorators.csrf import ensure_csrf_cookie from django.views.decorators.cache import cache_control from django.core.urlresolvers import reverse from django.core.mail import send_mail diff --git a/lms/djangoapps/static_template_view/views.py b/lms/djangoapps/static_template_view/views.py index ea2639795b..e7c09a459f 100644 --- a/lms/djangoapps/static_template_view/views.py +++ b/lms/djangoapps/static_template_view/views.py @@ -8,7 +8,7 @@ from mako.exceptions import TopLevelLookupException from django.shortcuts import redirect from django.conf import settings from django.http import HttpResponseNotFound, HttpResponseServerError, Http404 -from django_future.csrf import ensure_csrf_cookie +from django.views.decorators.csrf import ensure_csrf_cookie from util.cache import cache_if_anonymous diff --git a/lms/djangoapps/student_account/views.py b/lms/djangoapps/student_account/views.py index faf1c0a84b..19d5b61ce5 100644 --- a/lms/djangoapps/student_account/views.py +++ b/lms/djangoapps/student_account/views.py @@ -15,7 +15,7 @@ from django.http import HttpRequest from django_countries import countries from django.core.urlresolvers import reverse, resolve from django.utils.translation import ugettext as _ -from django_future.csrf import ensure_csrf_cookie +from django.views.decorators.csrf import ensure_csrf_cookie from django.views.decorators.http import require_http_methods from lang_pref.api import released_languages diff --git a/openedx/core/djangoapps/course_groups/views.py b/openedx/core/djangoapps/course_groups/views.py index 699002942f..e6cc061e3d 100644 --- a/openedx/core/djangoapps/course_groups/views.py +++ b/openedx/core/djangoapps/course_groups/views.py @@ -2,7 +2,7 @@ Views related to course groups functionality. """ -from django_future.csrf import ensure_csrf_cookie +from django.views.decorators.csrf import ensure_csrf_cookie from django.views.decorators.http import require_POST from django.contrib.auth.models import User from django.core.paginator import Paginator, EmptyPage