Hi there,
I was looking for some existing CSRF protection for TurboGears2. I found
https://pythonhosted.org/python-fedora/service.html#csrf-protection, but it
does not seem to work with TG 2.3.8:
13:40:40,815 ERROR [gearbox] cookie: An object has failed to implement
interface <InterfaceClass repoze.who.interfaces.IAuthenticator>
The authenticate attribute was not provided.
Traceback (most recent call last):
File
"/home/sbeffa/files/projects/own/csrf_tg2/csrf/local/lib/python2.7/site-packages/gearbox/main.py",
line 167, in _run_subcommand
return cmd.run(parsed_args)
File
"/home/sbeffa/files/projects/own/csrf_tg2/csrf/local/lib/python2.7/site-packages/gearbox/command.py",
line 31, in run
self.take_action(parsed_args)
File
"/home/sbeffa/files/projects/own/csrf_tg2/csrf/local/lib/python2.7/site-packages/gearbox/commands/serve.py",
line 254, in take_action
relative_to=base, global_conf=parsed_vars)
File
"/home/sbeffa/files/projects/own/csrf_tg2/csrf/local/lib/python2.7/site-packages/gearbox/commands/serve.py",
line 289, in loadapp
return loadapp(app_spec, name=name, relative_to=relative_to, **kw)
File
"/home/sbeffa/files/projects/own/csrf_tg2/csrf/local/lib/python2.7/site-packages/paste/deploy/loadwsgi.py",
line 247, in loadapp
return loadobj(APP, uri, name=name, **kw)
File
"/home/sbeffa/files/projects/own/csrf_tg2/csrf/local/lib/python2.7/site-packages/paste/deploy/loadwsgi.py",
line 272, in loadobj
return context.create()
File
"/home/sbeffa/files/projects/own/csrf_tg2/csrf/local/lib/python2.7/site-packages/paste/deploy/loadwsgi.py",
line 710, in create
return self.object_type.invoke(self)
File
"/home/sbeffa/files/projects/own/csrf_tg2/csrf/local/lib/python2.7/site-packages/paste/deploy/loadwsgi.py",
line 146, in invoke
return fix_call(context.object, context.global_conf,
**context.local_conf)
File
"/home/sbeffa/files/projects/own/csrf_tg2/csrf/local/lib/python2.7/site-packages/paste/deploy/util.py",
line 55, in fix_call
val = callable(*args, **kw)
File
"/home/sbeffa/files/projects/own/csrf_tg2/csrf/tg-csrf/tg_csrf/config/middleware.py",
line 34, in make_app
full_stack=full_stack, **app_conf)
File
"/home/sbeffa/files/projects/own/csrf_tg2/csrf/local/lib/python2.7/site-packages/tg/configuration/app_config.py",
line 1229, in make_base_app
app = self._add_auth_middleware(app_config, app)
File
"/home/sbeffa/files/projects/own/csrf_tg2/csrf/local/lib/python2.7/site-packages/tg/configuration/app_config.py",
line 1010, in _add_auth_middleware
app = setup_auth(app, skip_authentication=skip_authentication,
**auth_args)
File
"/home/sbeffa/files/projects/own/csrf_tg2/csrf/local/lib/python2.7/site-packages/tg/configuration/auth/setup.py",
line 183, in setup_auth
return PluggableAuthenticationMiddleware(app, **who_args)
File
"/home/sbeffa/files/projects/own/csrf_tg2/csrf/local/lib/python2.7/site-packages/repoze/who/middleware.py",
line 26, in __init__
challengers, mdproviders)
File
"/home/sbeffa/files/projects/own/csrf_tg2/csrf/local/lib/python2.7/site-packages/repoze/who/middleware.py",
line 447, in make_registries
raise ValueError(str(name) + ': ' + why)
ValueError: cookie: An object has failed to implement interface
<InterfaceClass repoze.who.interfaces.IAuthenticator>
The authenticate attribute was not provided.
Beside this, I found this library quite 'fedora' centred.. It also pulls a
lot of additional libraries..
So my question: Are there other libs to add CSRF protection to TG2 ?
Thanks,
Best regards, Sandro
--
You received this message because you are subscribed to the Google Groups
"TurboGears" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
Visit this group at https://groups.google.com/group/turbogears.
For more options, visit https://groups.google.com/d/optout.
