CSRF check form

[colevscode]

When using cookies to store JWT tokens, CSRF is necessary. For AJAX requests, the CSRF token can be embedded in the request header. Non AJAX requests, however, cannot set headers, and so need an alternative means to pass the CSRF token to the server. Classically this has been done by sending the token in the form data via a hidden input.

This PR introduces the JWT_CSRF_CHECK_FORM option. When no token can be found in the header, this option instructs the JWTManager to check the form for a CSRF field. The CSRF field defaults to csrf_token but can be overridden by the JWT_ACCESS_CSRF_FIELD_NAME and JWT_REFRESH_CSRF_FIELD_NAME configs.

[pep8speaks]

Hello @colevscode! Thanks for updating this PR. We checked the lines you've touched for PEP 8 issues, and found:

There are currently no PEP 8 issues detected in this Pull Request. Cheers! 🍻

Comment last updated at 2019-08-25 22:51:46 UTC

[coveralls]

Coverage remained the same at 100.0% when pulling b2fb354 on colevscode:csrf_check_form into 574a7dd on vimalloc:master.

[coveralls]

Coverage remained the same at 100.0% when pulling e69d97a on colevscode:csrf_check_form into 574a7dd on vimalloc:master.

[vimalloc]

Sorry in the delay getting to this, been a busy week. Everything looks great! I'll get a new version pushed out with this stat.

Thanks for contributing!