mardi 2 juin 2020

how to bypass Django CSRF verification

for bypassing csrf verification I used csrf_exempt. when I use csrf_exempt in a view and when this function will call automatically login user logout. I cant understand the problem. if anyone knows please help me

@csrf_exempt
def checkout_done(request):
    cart_obj,cart_created = Cart.objects.new_or_get(request)
    order_obj = None
    if cart_created or cart_obj.product.count()==0:
        return redirect('carts:home')
    login_form = LoginForm()
    guest_form = GuestForm()
    address_form = AddressForm()
    billing_address_form =AddressForm()
    billing_address_id = request.session.get("billing_address_id", None)
    shipping_address_id = request.session.get("shipping_address_id",None)
    billing_profile, billing_profile_created= BillingProfile.objects.new_or_get(request)
    address_qs = None
    if billing_profile is not None:
        if request.user.is_authenticated:
            address_qs = Address.objects.filter(billing_profile=billing_profile)

        order_obj,order_obj_created = Order.objects.new_or_get(billing_profile, cart_obj)
        if shipping_address_id:
            order_obj.shipping_address  =Address.objects.get(id=shipping_address_id)
            del request.session["shipping_address_id"]
        if billing_address_id:
            order_obj.billing_address = Address.objects.get(id=billing_address_id)
            del request.session["billing_address_id"]
        if shipping_address_id or billing_address_id:
            order_obj.save()
    if request.method == "POST":
        "check that order is done"
        is_done = order_obj.check_done()
        if is_done:
            order_obj.mark_paid()

            request.session['cart_items'] = 0
            del request.session['cart_id']
            entry_obj = Entry.objects.filter(eCart=cart_obj)
            for objects in entry_obj:

                objects.active = False
                objects.save()
            #entry_obj.save()
            return redirect("carts:checkout_done")
    cart_obj ,new_obj = Cart.objects.new_or_get(request)
    products = cart_obj.product.all()
    entry_obj = Entry.objects.filter(eCart=cart_obj)
    quentity_obj = Entry.objects.filter(eCart=cart_obj,active=True)
        return render(request, "carts/checkout_done.html", {})



Aucun commentaire:

Enregistrer un commentaire