use a prefix for cache keys

2012-01-26 12:10:03 -08:00 · 2012-01-26 12:10:03 -08:00 · af159ac3ff
--- a/session_csrf/init.py
+++ b/session_csrf/init.py
@ -11,6 +11,7 @@ from django.utils.cache import patch_vary_headers
 ANON_COOKIE = getattr(settings, 'ANON_COOKIE', 'anoncsrf')
 ANON_TIMEOUT = getattr(settings, 'ANON_TIMEOUT', 60 * 60 * 2)  # 2 hours.
 ANON_ALWAYS = getattr(settings, 'ANON_ALWAYS', False)
+PREFIX = 'sessioncsrf:'


 # This overrides django.core.context_processors.csrf to dump our csrf_token
@ -49,14 +50,14 @@ class CsrfMiddleware(object):
            token = ''
            if ANON_COOKIE in request.COOKIES:
                key = request.COOKIES[ANON_COOKIE]
-                token = cache.get(key, '')
+                token = cache.get(PREFIX + key, '')
            if ANON_ALWAYS:
                if not key:
                    key = django_csrf._get_new_csrf_key()
                if not token:
                    token = django_csrf._get_new_csrf_key()
                request._anon_csrf_key = key
-                cache.set(key, token, ANON_TIMEOUT)
+                cache.set(PREFIX + key, token, ANON_TIMEOUT)
            request.csrf_token = token

    def process_view(self, request, view_func, args, kwargs):
@ -117,11 +118,11 @@ def anonymous_csrf(f):
        if use_anon_cookie:
            if ANON_COOKIE in request.COOKIES:
                key = request.COOKIES[ANON_COOKIE]
-                token = cache.get(key) or django_csrf._get_new_csrf_key()
+                token = cache.get(PREFIX + key) or django_csrf._get_new_csrf_key()
            else:
                key = django_csrf._get_new_csrf_key()
                token = django_csrf._get_new_csrf_key()
-            cache.set(key, token, ANON_TIMEOUT)
+            cache.set(PREFIX + key, token, ANON_TIMEOUT)
            request.csrf_token = token
        response = f(request, *args, **kw)
        if use_anon_cookie:
--- a/session_csrf/tests.py
+++ b/session_csrf/tests.py
@ -13,7 +13,8 @@ from django.template import context
 import mock

 import session_csrf
-from session_csrf import CsrfMiddleware, anonymous_csrf, anonymous_csrf_exempt
+from session_csrf import (anonymous_csrf, anonymous_csrf_exempt,
+                          CsrfMiddleware, PREFIX)


 urlpatterns = patterns('',
@ -83,7 +84,7 @@ class TestCsrfMiddleware(django.test.TestCase):
    def test_anon_token_from_cookie(self):
        rf = django.test.RequestFactory()
        rf.cookies['anoncsrf'] = self.token
-        cache.set(self.token, 'woo')
+        cache.set(PREFIX + self.token, 'woo')
        request = rf.get('/')
        request.session = {}
        r = {
@ -208,7 +209,7 @@ class TestAnonymousCsrf(django.test.TestCase):
        response = self.client.get('/anon')
        # Get the key from the cookie and find the token in the cache.
        key = response.cookies['anoncsrf'].value
-        self.assertEqual(response._request.csrf_token, cache.get(key))
+        self.assertEqual(response._request.csrf_token, cache.get(PREFIX + key))

    def test_existing_anon_cookie_on_request(self):
        # We reuse an existing anon cookie key+token.
@ -218,7 +219,7 @@ class TestAnonymousCsrf(django.test.TestCase):
        # Now check that subsequent requests use that cookie.
        response = self.client.get('/anon')
        self.assertEqual(response.cookies['anoncsrf'].value, key)
-        self.assertEqual(response._request.csrf_token, cache.get(key))
+        self.assertEqual(response._request.csrf_token, cache.get(PREFIX + key))

    def test_new_anon_token_on_response(self):
        # The anon cookie is sent and we vary on Cookie.
@ -307,7 +308,7 @@ class TestAnonAlways(django.test.TestCase):
        response = self.client.get('/')
        # Get the key from the cookie and find the token in the cache.
        key = response.cookies['anoncsrf'].value
-        self.assertEqual(response._request.csrf_token, cache.get(key))
+        self.assertEqual(response._request.csrf_token, cache.get(PREFIX + key))

    def test_existing_anon_cookie_on_request(self):
        # We reuse an existing anon cookie key+token.
@ -317,7 +318,7 @@ class TestAnonAlways(django.test.TestCase):
        # Now check that subsequent requests use that cookie.
        response = self.client.get('/')
        self.assertEqual(response.cookies['anoncsrf'].value, key)
-        self.assertEqual(response._request.csrf_token, cache.get(key))
+        self.assertEqual(response._request.csrf_token, cache.get(PREFIX + key))
        self.assertEqual(response['Vary'], 'Cookie')

    def test_anon_csrf_logout(self):