Revert "Use return {} idiom for csrf"

This reverts commit 124e722.
gratipay · Feb 26, 2015 · a8bfff5 · a8bfff5
1 parent 84bd5c3
commit a8bfff5
Showing 1 changed file with 2 additions and 4 deletions.
diff --git a/gratipay/security/csrf.py b/gratipay/security/csrf.py
@@ -61,7 +61,7 @@ def _sanitize_token(token):
 
 
 
-def get_csrf_token_from_request(request):
+def get_csrf_token_from_request(request, state):
     """Given a Request object, reject it if it's a forgery.
     """
     if request.line.uri.startswith('/assets/'): return
@@ -72,7 +72,7 @@ def get_csrf_token_from_request(request):
     except KeyError:
         cookie_token = None
 
-    cookie_token or _get_new_csrf_key()
+    state['csrf_token'] = cookie_token or _get_new_csrf_key()
 
     # Assume that anything not defined as 'safe' by RC2616 needs protection
     if request.line.method not in ('GET', 'HEAD', 'OPTIONS', 'TRACE'):
@@ -94,8 +94,6 @@ def get_csrf_token_from_request(request):
         if not constant_time_compare(second_token, cookie_token):
             raise Response(403, REASON_BAD_TOKEN)
 
-        return {'csrf_token': second_token}
-
 
 def add_csrf_token_to_response(response, csrf_token=None):
     """Store the latest CSRF token as a cookie.