Description: Avoid CSRF errors on plugins "csrf_enabled" is deprecated since flask-wtf v0.14, removed in v1.0, replaced by "meta={'csrf': }" Origin: upstream 34faff4927b2427aae6a4b2efd06d87bd642209e Author: Dominik Wombacher Forwarded: not-needed --- a/pagure/api/fork.py +++ b/pagure/api/fork.py @@ -505,7 +505,7 @@ def api_pull_request_update(repo, reques request = _get_request(repo, requestid) _check_pull_request_access(request, assignee=True, allow_author=True) - form = pagure.forms.RequestPullForm(csrf_enabled=False) + form = pagure.forms.RequestPullForm(meta={'csrf': False}) if not form.validate_on_submit(): raise pagure.exceptions.APIError( 400, error_code=APIERROR.EINVALIDREQ, errors=form.errors @@ -943,7 +943,7 @@ def api_pull_request_add_comment( _check_token(repo, project_token=False) request = _get_request(repo, requestid) - form = pagure.forms.AddPullRequestCommentForm(csrf_enabled=False) + form = pagure.forms.AddPullRequestCommentForm(meta={'csrf': False}) if form.validate_on_submit(): comment = form.comment.data commit = form.commit.data or None @@ -1124,9 +1124,9 @@ def api_pull_request_add_flag(repo, requ request = _get_request(repo, requestid) if "status" in get_request_data(): - form = pagure.forms.AddPullRequestFlagForm(csrf_enabled=False) + form = pagure.forms.AddPullRequestFlagForm(meta={'csrf': False}) else: - form = pagure.forms.AddPullRequestFlagFormV1(csrf_enabled=False) + form = pagure.forms.AddPullRequestFlagFormV1(meta={'csrf': False}) if form.validate_on_submit(): username = form.username.data percent = form.percent.data.strip() if form.percent.data else None @@ -1377,7 +1377,7 @@ def api_subscribe_pull_request(repo, req _check_token(repo) request = _get_request(repo, requestid) - form = pagure.forms.SubscribtionForm(csrf_enabled=False) + form = pagure.forms.SubscribtionForm(meta={'csrf': False}) if form.validate_on_submit(): status = is_true(form.status.data) try: @@ -1550,7 +1550,7 @@ def api_pull_request_create(repo, userna _check_pull_request(repo_to) _check_token(repo_from, project_token=False) - form = pagure.forms.RequestPullForm(csrf_enabled=False) + form = pagure.forms.RequestPullForm(meta={'csrf': False}) if not form.validate_on_submit(): raise pagure.exceptions.APIError( 400, error_code=APIERROR.EINVALIDREQ, errors=form.errors @@ -1839,7 +1839,7 @@ def api_pull_request_assign(repo, reques request = _get_request(repo, requestid) _check_pull_request_access(request, assignee=True) - form = pagure.forms.AssignIssueForm(csrf_enabled=False) + form = pagure.forms.AssignIssueForm(meta={'csrf': False}) if form.validate_on_submit(): assignee = form.assignee.data or None # Create our metadata comment object --- a/pagure/api/issue.py +++ b/pagure/api/issue.py @@ -168,7 +168,7 @@ def api_new_issue(repo, username=None, n form = pagure.forms.IssueFormSimplied( priorities=repo.priorities, milestones=repo.milestones, - csrf_enabled=False, + meta={'csrf': False}, ) if form.validate_on_submit(): title = form.title.data @@ -663,7 +663,7 @@ def api_issue_update(repo, issueid, user issue = _get_issue(repo, issue_id, issueuid=issue_uid) _check_private_issue_access(issue) - form = pagure.forms.IssueFormSimplied(csrf_enabled=False) + form = pagure.forms.IssueFormSimplied(meta={'csrf': False}) if form.validate_on_submit(): title = form.title.data.strip() @@ -837,7 +837,7 @@ def api_change_status_issue(repo, issuei status = pagure.lib.query.get_issue_statuses(flask.g.session) form = pagure.forms.StatusForm( - status=status, close_status=repo.close_status, csrf_enabled=False + status=status, close_status=repo.close_status, meta={'csrf': False} ) close_status = None @@ -951,7 +951,7 @@ def api_change_milestone_issue(repo, iss _check_ticket_access(issue, open_access=open_access) form = pagure.forms.MilestoneForm( - milestones=repo.milestones.keys(), csrf_enabled=False + milestones=repo.milestones.keys(), meta={'csrf': False} ) if form.validate_on_submit(): @@ -1049,7 +1049,7 @@ def api_comment_issue(repo, issueid, use issue = _get_issue(repo, issueid) _check_private_issue_access(issue) - form = pagure.forms.CommentForm(csrf_enabled=False) + form = pagure.forms.CommentForm(meta={'csrf': False}) if form.validate_on_submit(): comment = form.comment.data try: @@ -1138,7 +1138,7 @@ def api_assign_issue(repo, issueid, user open_access = repo.settings.get("open_metadata_access_to_all", False) _check_ticket_access(issue, assignee=True, open_access=open_access) - form = pagure.forms.AssignIssueForm(csrf_enabled=False) + form = pagure.forms.AssignIssueForm(meta={'csrf': False}) if form.validate_on_submit(): assignee = form.assignee.data or None # Create our metadata comment object @@ -1236,7 +1236,7 @@ def api_subscribe_issue(repo, issueid, u issue = _get_issue(repo, issueid) _check_private_issue_access(issue) - form = pagure.forms.SubscribtionForm(csrf_enabled=False) + form = pagure.forms.SubscribtionForm(meta={'csrf': False}) if form.validate_on_submit(): status = is_true(form.status.data) try: --- a/pagure/api/plugins.py +++ b/pagure/api/plugins.py @@ -109,7 +109,7 @@ def api_install_plugin(repo, plugin, use else: dbobj = plugin.db_object() - form = plugin.form(obj=dbobj, csrf_enabled=False) + form = plugin.form(obj=dbobj, meta={'csrf': False}) form.active.data = True for field in plugin.form_fields: fields.append(getattr(form, field)) --- a/pagure/api/project.py +++ b/pagure/api/project.py @@ -207,7 +207,7 @@ def api_project_tags_new(repo, username= repo = _get_repo(repo, username, namespace) _check_token(repo, project_token=False) - form = pagure.forms.ApiAddIssueTagForm(csrf_enabled=False) + form = pagure.forms.ApiAddIssueTagForm(meta={'csrf': False}) if form.validate_on_submit(): tag_name = form.tag.data tag_description = form.tag_description.data @@ -435,7 +435,7 @@ def api_new_git_tags(repo, username=None flask.request.values.get("with_commits", False) ) - form = pagure.forms.AddGitTagForm(csrf_enabled=False) + form = pagure.forms.AddGitTagForm(meta={'csrf': False}) created = None if form.validate_on_submit(): user_obj = pagure.lib.query.get_user( @@ -1462,7 +1462,7 @@ def api_new_project(): if user: namespaces.extend([grp for grp in user.groups]) - form = pagure.forms.ProjectForm(namespaces=namespaces, csrf_enabled=False) + form = pagure.forms.ProjectForm(namespaces=namespaces, meta={'csrf': False}) if form.validate_on_submit(): name = form.name.data description = form.description.data @@ -1746,7 +1746,7 @@ def api_fork_project(): """ output = {} - form = pagure.forms.ForkRepoForm(csrf_enabled=False) + form = pagure.forms.ForkRepoForm(meta={'csrf': False}) if form.validate_on_submit(): repo = form.repo.data username = form.username.data or None @@ -2440,7 +2440,7 @@ def api_commit_add_flag(repo, commit_has except ValueError: raise pagure.exceptions.APIError(404, error_code=APIERROR.ENOCOMMIT) - form = pagure.forms.AddPullRequestFlagForm(csrf_enabled=False) + form = pagure.forms.AddPullRequestFlagForm(meta={'csrf': False}) if form.validate_on_submit(): username = form.username.data percent = form.percent.data.strip() if form.percent.data else None @@ -2707,7 +2707,7 @@ def api_modify_acls(repo, namespace=None project = _get_repo(repo, username, namespace) _check_token(project, project_token=False) - form = pagure.forms.ModifyACLForm(csrf_enabled=False) + form = pagure.forms.ModifyACLForm(meta={'csrf': False}) if form.validate_on_submit(): acl = form.acl.data group = None @@ -3196,7 +3196,7 @@ def api_project_create_api_token(repo, n ) authorized_acls = pagure_config.get("USER_ACLS", []) - form = pagure.forms.NewTokenForm(csrf_enabled=False, sacls=authorized_acls) + form = pagure.forms.NewTokenForm(meta={'csrf': False}, sacls=authorized_acls) if form.validate_on_submit(): acls = form.acls.data description = form.description.data --- a/pagure/internal/__init__.py +++ b/pagure/internal/__init__.py @@ -228,7 +228,7 @@ def check_ssh_access(): @internal_access_only def pull_request_add_comment(): """Add a comment to a pull-request.""" - pform = pagure.forms.ProjectCommentForm(csrf_enabled=False) + pform = pagure.forms.ProjectCommentForm(meta={'csrf': False}) if not pform.validate_on_submit(): flask.abort(400, description="Invalid request") @@ -242,7 +242,7 @@ def pull_request_add_comment(): if not request: flask.abort(404, description="Pull-request not found") - form = pagure.forms.AddPullRequestCommentForm(csrf_enabled=False) + form = pagure.forms.AddPullRequestCommentForm(meta={'csrf': False}) if not form.validate_on_submit(): flask.abort(400, description="Invalid request") @@ -279,7 +279,7 @@ def pull_request_add_comment(): @internal_access_only def ticket_add_comment(): """Add a comment to an issue.""" - pform = pagure.forms.ProjectCommentForm(csrf_enabled=False) + pform = pagure.forms.ProjectCommentForm(meta={'csrf': False}) if not pform.validate_on_submit(): flask.abort(400, description="Invalid request") @@ -310,7 +310,7 @@ def ticket_add_comment(): "to view it", ) - form = pagure.forms.CommentForm(csrf_enabled=False) + form = pagure.forms.CommentForm(meta={'csrf': False}) if not form.validate_on_submit(): flask.abort(400, description="Invalid request")