Add CSRF protection to registration form (and remove annoying second

password)

registration/forms.py

@@ -15,15 +15,15 @@ from registration.models import RegistrationProfile
 # on them with CSS or JavaScript if they have a class of "required"
 # in the HTML. Your mileage may vary. If/when Django ticket #3515
 # lands in trunk, this will no longer be necessary.
-attrs_dict = { 'class': 'required' }
+# This was fixed in 2007, so I guess we don't need this any more. [W]
+#attrs_dict = { 'class': 'required' }
 
 
 class RegistrationForm(forms.Form):
     """
     Form for registering a new user account.
     
-    Validates that the requested username is not already in use, and
-    requires the password to be entered twice to catch typos.
+    Validates that the requested username is not already in use.
     
     Subclasses should feel free to add any additional validation they
     need, but should either preserve the base ``save()`` or implement
@@ -39,8 +39,7 @@ class RegistrationForm(forms.Form):
                              label=_(u'email address'))
     password1 = forms.CharField(widget=forms.PasswordInput(attrs=attrs_dict, render_value=False),
                                 label=_(u'password'))
-    password2 = forms.CharField(widget=forms.PasswordInput(attrs=attrs_dict, render_value=False),
-                                label=_(u'password (again)'))
+    
     
     def clean_username(self):
         """
@@ -62,9 +61,7 @@ class RegistrationForm(forms.Form):
         field.
         
         """
-        if 'password1' in self.cleaned_data and 'password2' in self.cleaned_data:
-            if self.cleaned_data['password1'] != self.cleaned_data['password2']:
-                raise forms.ValidationError(_(u'You must type the same password each time'))
+        if 'password1' in self.cleaned_data:
             if len(self.cleaned_data['password1']) < 6:
                 raise forms.ValidationError(_(u'Your password must be at least 6 characters'))
         return self.cleaned_data