Add csrf token to registration forms

author: wookey <devnull@localhost> 2013-07-02 17:26:35 +0100
committer: wookey <devnull@localhost> 2013-07-02 17:26:35 +0100
commit: 0dfbd1c84f13ee18451f739987f918cb5ac620ab (patch)
tree: f7eb592c37835baf0c538a0b71436f9b6d4a78e9 /registration/views.py
parent: 97c7a2fd87b99fe5706517373d378c4190fbe6a4 (diff)
download: troggle-0dfbd1c84f13ee18451f739987f918cb5ac620ab.tar.gz
troggle-0dfbd1c84f13ee18451f739987f918cb5ac620ab.tar.bz2
troggle-0dfbd1c84f13ee18451f739987f918cb5ac620ab.zip
1 files changed, 14 insertions, 3 deletions
diff --git a/registration/views.py b/registration/views.py
index 2d4373a..5df17b4 100644
--- a/registration/views.py
+++ b/registration/views.py
@@ -7,6 +7,7 @@ from django.contrib.auth import authenticate
 
 from django.conf import settings
 from django.core.urlresolvers import reverse
+from django.core.context_processors import csrf
 from django.http import HttpResponseRedirect
 from django.shortcuts import render_to_response
 from django.template import RequestContext
@@ -64,6 +65,10 @@ def activate(request, activation_key,
     
     """
 
+    # Generate CSRF token
+    c = {}
+    c.update(csrf(request))
+
     
     activation_key = activation_key.lower() # Normalize before trying anything with it.
     account = RegistrationProfile.objects.activate_user(activation_key)
@@ -76,9 +81,10 @@ def activate(request, activation_key,
     context = RequestContext(request)
     for key, value in extra_context.items():
         context[key] = callable(value) and value() or value
+    # merge local settings dict with csrf token dict and render. (could use render()from django 1.34 onwards)
     return render_to_response(template_name,
-                              { 'account': account,
-                                'expiration_days': settings.ACCOUNT_ACTIVATION_DAYS, 'settings':settings},
+                              c.update({ 'account': account,
+                                'expiration_days': settings.ACCOUNT_ACTIVATION_DAYS, 'settings':settings, }),
                               context_instance=context)
 
 
@@ -140,6 +146,10 @@ def register(request, success_url=None,
     argument.
     
     """
+    # Generate CSRF token
+    c = {}
+    c.update(csrf(request))
+
     if request.method == 'POST':
         form = form_class(data=request.POST, files=request.FILES)
         if form.is_valid():
@@ -158,6 +168,7 @@ def register(request, success_url=None,
     context = RequestContext(request)
     for key, value in extra_context.items():
         context[key] = callable(value) and value() or value
+    # merge local settings dict with csrf token dict and render. (could use render()from django 1.34 onwards)
     return render_to_response(template_name,
-                              { 'form': form,'settings':settings },
+                              c.update({ 'form': form,'settings':settings }),
                               context_instance=context)
author	wookey <devnull@localhost>	2013-07-02 17:26:35 +0100
committer	wookey <devnull@localhost>	2013-07-02 17:26:35 +0100
commit	0dfbd1c84f13ee18451f739987f918cb5ac620ab (patch)
tree	f7eb592c37835baf0c538a0b71436f9b6d4a78e9 /registration/views.py
parent	97c7a2fd87b99fe5706517373d378c4190fbe6a4 (diff)
download	troggle-0dfbd1c84f13ee18451f739987f918cb5ac620ab.tar.gz troggle-0dfbd1c84f13ee18451f739987f918cb5ac620ab.tar.bz2 troggle-0dfbd1c84f13ee18451f739987f918cb5ac620ab.zip