Add CSRF protection to registration form (and remove annoying second

password)
author: Wookey <wookey@wookware.org> 2013-07-02 18:10:45 +0100
committer: Wookey <wookey@wookware.org> 2013-07-02 18:10:45 +0100
commit: d1ad8730d7e43275c7c6dc6a8b10c279b8e4cdbd (patch)
tree: a46680958c03a10630bf3f72eef53c2e19fc8741 /registration/views.py
parent: f626d3304dc88cb54ee86ef3c964110a69082134 (diff)
download: troggle-d1ad8730d7e43275c7c6dc6a8b10c279b8e4cdbd.tar.gz
troggle-d1ad8730d7e43275c7c6dc6a8b10c279b8e4cdbd.tar.bz2
troggle-d1ad8730d7e43275c7c6dc6a8b10c279b8e4cdbd.zip
1 files changed, 13 insertions, 4 deletions
diff --git a/registration/views.py b/registration/views.py
index 2d4373a..9603b56 100644
--- a/registration/views.py
+++ b/registration/views.py
@@ -11,7 +11,9 @@ from django.http import HttpResponseRedirect
 from django.shortcuts import render_to_response
 from django.template import RequestContext
 from django.contrib.auth import login
-
+#Add CSRF protection:
+from django.core.context_processors import csrf
+from django.shortcuts import render_to_response
 
 from registration.forms import RegistrationForm
 from registration.models import RegistrationProfile
@@ -64,7 +66,10 @@ def activate(request, activation_key,
     
     """
 
-    
+    # Generate CSRF token
+    c = {}
+    c.update(csrf(request))
+
     activation_key = activation_key.lower() # Normalize before trying anything with it.
     account = RegistrationProfile.objects.activate_user(activation_key)
     try:
@@ -79,7 +84,7 @@ def activate(request, activation_key,
     return render_to_response(template_name,
                               { 'account': account,
                                 'expiration_days': settings.ACCOUNT_ACTIVATION_DAYS, 'settings':settings},
-                              context_instance=context)
+                              context_instance=context, c)
 
 
 def register(request, success_url=None,
@@ -140,6 +145,10 @@ def register(request, success_url=None,
     argument.
     
     """
+    # Generate CSRF token
+    c = {}
+    c.update(csrf(request))
+
     if request.method == 'POST':
         form = form_class(data=request.POST, files=request.FILES)
         if form.is_valid():
@@ -160,4 +169,4 @@ def register(request, success_url=None,
         context[key] = callable(value) and value() or value
     return render_to_response(template_name,
                               { 'form': form,'settings':settings },
-                              context_instance=context)
+                              context_instance=context, c)
author	Wookey <wookey@wookware.org>	2013-07-02 18:10:45 +0100
committer	Wookey <wookey@wookware.org>	2013-07-02 18:10:45 +0100
commit	d1ad8730d7e43275c7c6dc6a8b10c279b8e4cdbd (patch)
tree	a46680958c03a10630bf3f72eef53c2e19fc8741 /registration/views.py
parent	f626d3304dc88cb54ee86ef3c964110a69082134 (diff)
download	troggle-d1ad8730d7e43275c7c6dc6a8b10c279b8e4cdbd.tar.gz troggle-d1ad8730d7e43275c7c6dc6a8b10c279b8e4cdbd.tar.bz2 troggle-d1ad8730d7e43275c7c6dc6a8b10c279b8e4cdbd.zip