# HG changeset patch
# User Mads Kiilerich <madski@unity3d.com>
# Date 1443227677 -7200
# Node ID ef392737c20317b327c1894825c4cdb0c095337f
# Parent  1346754f185290376f7d1105b2fa4250a4e68d24
auth: validate that the token protecting from CSRF attacks never is leaked

This will partly give some protection if it should happen, partly make sure the
leak doesn't go unnoticed but is found so it can be fixed.

diff -r 1346754f1852 -r ef392737c203 kallithea/lib/auth.py
--- a/kallithea/lib/auth.py	Sat Sep 26 02:34:16 2015 +0200
+++ b/kallithea/lib/auth.py	Sat Sep 26 02:34:37 2015 +0200
@@ -34,7 +34,7 @@
 
 from decorator import decorator
 
-from pylons import url, request
+from pylons import url, request, session
 from pylons.controllers.util import abort, redirect
 from pylons.i18n.translation import _
 from webhelpers.pylonslib import secure_form
@@ -766,6 +766,15 @@
         if request.method not in ['GET', 'HEAD', 'POST', 'PUT']:
             return abort(405)
 
+        # Make sure CSRF token never appears in the URL. If so, invalidate it.
+        if secure_form.token_key in request.GET:
+            log.error('CSRF key leak detected')
+            session.pop(secure_form.token_key, None)
+            session.save()
+            from kallithea.lib import helpers as h
+            h.flash(_("CSRF token leak has been detected - all form tokens have been expired"),
+                    category='error')
+
         # CSRF protection: Whenever a request has ambient authority (whether
         # through a session cookie or its origin IP address), it must include
         # the correct token, unless the HTTP method is GET or HEAD (and thus