summaryrefslogtreecommitdiffstats
path: root/registration/views.py
diff options
context:
space:
mode:
authorWookey <wookey@wookware.org>2013-07-02 18:10:45 +0100
committerWookey <wookey@wookware.org>2013-07-02 18:10:45 +0100
commited13cca2613be9aa5b708ead5efb6f9c9075f93c (patch)
treeeedde220772fc9332acfdd360b5f665b2672c1f5 /registration/views.py
parentca1a1dfb973f3dc7c522dfa39bd84ecba6d8b344 (diff)
downloadtroggle-ed13cca2613be9aa5b708ead5efb6f9c9075f93c.tar.gz
troggle-ed13cca2613be9aa5b708ead5efb6f9c9075f93c.tar.bz2
troggle-ed13cca2613be9aa5b708ead5efb6f9c9075f93c.zip
Add CSRF protection to registration form (and remove annoying second
password)
Diffstat (limited to 'registration/views.py')
-rw-r--r--registration/views.py17
1 files changed, 13 insertions, 4 deletions
diff --git a/registration/views.py b/registration/views.py
index 2d4373a..9603b56 100644
--- a/registration/views.py
+++ b/registration/views.py
@@ -11,7 +11,9 @@ from django.http import HttpResponseRedirect
from django.shortcuts import render_to_response
from django.template import RequestContext
from django.contrib.auth import login
-
+#Add CSRF protection:
+from django.core.context_processors import csrf
+from django.shortcuts import render_to_response
from registration.forms import RegistrationForm
from registration.models import RegistrationProfile
@@ -64,7 +66,10 @@ def activate(request, activation_key,
"""
-
+ # Generate CSRF token
+ c = {}
+ c.update(csrf(request))
+
activation_key = activation_key.lower() # Normalize before trying anything with it.
account = RegistrationProfile.objects.activate_user(activation_key)
try:
@@ -79,7 +84,7 @@ def activate(request, activation_key,
return render_to_response(template_name,
{ 'account': account,
'expiration_days': settings.ACCOUNT_ACTIVATION_DAYS, 'settings':settings},
- context_instance=context)
+ context_instance=context, c)
def register(request, success_url=None,
@@ -140,6 +145,10 @@ def register(request, success_url=None,
argument.
"""
+ # Generate CSRF token
+ c = {}
+ c.update(csrf(request))
+
if request.method == 'POST':
form = form_class(data=request.POST, files=request.FILES)
if form.is_valid():
@@ -160,4 +169,4 @@ def register(request, success_url=None,
context[key] = callable(value) and value() or value
return render_to_response(template_name,
{ 'form': form,'settings':settings },
- context_instance=context)
+ context_instance=context, c)
generated by cgit v1.2.3 (git 2.39.1) at 2025-07-09 04:49:35 +0000