forked from expo/troggle
Add csrf token to registration forms
This commit is contained in:
parent
97c7a2fd87
commit
0dfbd1c84f
@ -7,6 +7,7 @@ from django.contrib.auth import authenticate
|
|||||||
|
|
||||||
from django.conf import settings
|
from django.conf import settings
|
||||||
from django.core.urlresolvers import reverse
|
from django.core.urlresolvers import reverse
|
||||||
|
from django.core.context_processors import csrf
|
||||||
from django.http import HttpResponseRedirect
|
from django.http import HttpResponseRedirect
|
||||||
from django.shortcuts import render_to_response
|
from django.shortcuts import render_to_response
|
||||||
from django.template import RequestContext
|
from django.template import RequestContext
|
||||||
@ -64,6 +65,10 @@ def activate(request, activation_key,
|
|||||||
|
|
||||||
"""
|
"""
|
||||||
|
|
||||||
|
# Generate CSRF token
|
||||||
|
c = {}
|
||||||
|
c.update(csrf(request))
|
||||||
|
|
||||||
|
|
||||||
activation_key = activation_key.lower() # Normalize before trying anything with it.
|
activation_key = activation_key.lower() # Normalize before trying anything with it.
|
||||||
account = RegistrationProfile.objects.activate_user(activation_key)
|
account = RegistrationProfile.objects.activate_user(activation_key)
|
||||||
@ -76,9 +81,10 @@ def activate(request, activation_key,
|
|||||||
context = RequestContext(request)
|
context = RequestContext(request)
|
||||||
for key, value in extra_context.items():
|
for key, value in extra_context.items():
|
||||||
context[key] = callable(value) and value() or value
|
context[key] = callable(value) and value() or value
|
||||||
|
# merge local settings dict with csrf token dict and render. (could use render()from django 1.34 onwards)
|
||||||
return render_to_response(template_name,
|
return render_to_response(template_name,
|
||||||
{ 'account': account,
|
c.update({ 'account': account,
|
||||||
'expiration_days': settings.ACCOUNT_ACTIVATION_DAYS, 'settings':settings},
|
'expiration_days': settings.ACCOUNT_ACTIVATION_DAYS, 'settings':settings, }),
|
||||||
context_instance=context)
|
context_instance=context)
|
||||||
|
|
||||||
|
|
||||||
@ -140,6 +146,10 @@ def register(request, success_url=None,
|
|||||||
argument.
|
argument.
|
||||||
|
|
||||||
"""
|
"""
|
||||||
|
# Generate CSRF token
|
||||||
|
c = {}
|
||||||
|
c.update(csrf(request))
|
||||||
|
|
||||||
if request.method == 'POST':
|
if request.method == 'POST':
|
||||||
form = form_class(data=request.POST, files=request.FILES)
|
form = form_class(data=request.POST, files=request.FILES)
|
||||||
if form.is_valid():
|
if form.is_valid():
|
||||||
@ -158,6 +168,7 @@ def register(request, success_url=None,
|
|||||||
context = RequestContext(request)
|
context = RequestContext(request)
|
||||||
for key, value in extra_context.items():
|
for key, value in extra_context.items():
|
||||||
context[key] = callable(value) and value() or value
|
context[key] = callable(value) and value() or value
|
||||||
|
# merge local settings dict with csrf token dict and render. (could use render()from django 1.34 onwards)
|
||||||
return render_to_response(template_name,
|
return render_to_response(template_name,
|
||||||
{ 'form': form,'settings':settings },
|
c.update({ 'form': form,'settings':settings }),
|
||||||
context_instance=context)
|
context_instance=context)
|
||||||
|
@ -61,17 +61,12 @@ TEMPLATE_CONTEXT_PROCESSORS = ( "django.core.context_processors.auth", "core.con
|
|||||||
|
|
||||||
LOGIN_REDIRECT_URL = '/'
|
LOGIN_REDIRECT_URL = '/'
|
||||||
|
|
||||||
if django.VERSION[0] >=1 and django.VERSION[1] > 1:
|
|
||||||
csrfmiddleware = 'django.middleware.csrf.CsrfViewMiddleware'
|
|
||||||
else:
|
|
||||||
csrfmiddleware = 'django.contrib.csrf.middleware.CsrfMiddleware'
|
|
||||||
|
|
||||||
MIDDLEWARE_CLASSES = (
|
MIDDLEWARE_CLASSES = (
|
||||||
'django.middleware.common.CommonMiddleware',
|
'django.middleware.common.CommonMiddleware',
|
||||||
'django.contrib.sessions.middleware.SessionMiddleware',
|
'django.contrib.sessions.middleware.SessionMiddleware',
|
||||||
'django.contrib.auth.middleware.AuthenticationMiddleware',
|
'django.contrib.auth.middleware.AuthenticationMiddleware',
|
||||||
'django.contrib.redirects.middleware.RedirectFallbackMiddleware',
|
'django.contrib.redirects.middleware.RedirectFallbackMiddleware',
|
||||||
csrfmiddleware,
|
'django.middleware.csrf.CsrfViewMiddleware',
|
||||||
'troggle.middleware.SmartAppendSlashMiddleware'
|
'troggle.middleware.SmartAppendSlashMiddleware'
|
||||||
)
|
)
|
||||||
|
|
||||||
|
@ -9,7 +9,7 @@ registration_form.html | {{ block.super }}
|
|||||||
{% endblock %}
|
{% endblock %}
|
||||||
|
|
||||||
{% block content %}
|
{% block content %}
|
||||||
<form action="{% url registration_register %}" method="POST">
|
<form action="{% url registration_register %}" method="POST">{% csrf_token %}
|
||||||
{% for error in form.non_field_errors %}
|
{% for error in form.non_field_errors %}
|
||||||
<span style="color:red">{{ error }}</span>
|
<span style="color:red">{{ error }}</span>
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
|
Loading…
Reference in New Issue
Block a user