merged in proper CSRF changes from server

author: Wookey <wookey@wookware.org> 2013-07-02 20:23:55 +0100
committer: Wookey <wookey@wookware.org> 2013-07-02 20:23:55 +0100
commit: ecfa6b19a0f04a2877d6e9294651e14fda70a0da (patch)
tree: d51ed4540a3fe0d817ae74890890bbdeb6c09330 /registration
parent: 0dfbd1c84f13ee18451f739987f918cb5ac620ab (diff)
parent: 1471abeda79002a69f325f45625ec9feb6be06f2 (diff)
download: troggle-ecfa6b19a0f04a2877d6e9294651e14fda70a0da.tar.gz
troggle-ecfa6b19a0f04a2877d6e9294651e14fda70a0da.tar.bz2
troggle-ecfa6b19a0f04a2877d6e9294651e14fda70a0da.zip
2 files changed, 13 insertions, 18 deletions
diff --git a/registration/forms.py b/registration/forms.py
index 2f591d4..9b68279 100644
--- a/registration/forms.py
+++ b/registration/forms.py
@@ -15,15 +15,15 @@ from registration.models import RegistrationProfile
 # on them with CSS or JavaScript if they have a class of "required"
 # in the HTML. Your mileage may vary. If/when Django ticket #3515
 # lands in trunk, this will no longer be necessary.
-attrs_dict = { 'class': 'required' }
+# This was fixed in 2007, so I guess we don't need this any more. [W]
+#attrs_dict = { 'class': 'required' }
 
 
 class RegistrationForm(forms.Form):
     """
     Form for registering a new user account.
     
-    Validates that the requested username is not already in use, and
-    requires the password to be entered twice to catch typos.
+    Validates that the requested username is not already in use.
     
     Subclasses should feel free to add any additional validation they
     need, but should either preserve the base ``save()`` or implement
@@ -39,8 +39,7 @@ class RegistrationForm(forms.Form):
                              label=_(u'email address'))
     password1 = forms.CharField(widget=forms.PasswordInput(attrs=attrs_dict, render_value=False),
                                 label=_(u'password'))
-    password2 = forms.CharField(widget=forms.PasswordInput(attrs=attrs_dict, render_value=False),
-                                label=_(u'password (again)'))
+    
     
     def clean_username(self):
         """
@@ -62,9 +61,7 @@ class RegistrationForm(forms.Form):
         field.
         
         """
-        if 'password1' in self.cleaned_data and 'password2' in self.cleaned_data:
-            if self.cleaned_data['password1'] != self.cleaned_data['password2']:
-                raise forms.ValidationError(_(u'You must type the same password each time'))
+        if 'password1' in self.cleaned_data:
             if len(self.cleaned_data['password1']) < 6:
                 raise forms.ValidationError(_(u'Your password must be at least 6 characters'))
         return self.cleaned_data
diff --git a/registration/views.py b/registration/views.py
index 5df17b4..9603b56 100644
--- a/registration/views.py
+++ b/registration/views.py
@@ -7,12 +7,13 @@ from django.contrib.auth import authenticate
 
 from django.conf import settings
 from django.core.urlresolvers import reverse
-from django.core.context_processors import csrf
 from django.http import HttpResponseRedirect
 from django.shortcuts import render_to_response
 from django.template import RequestContext
 from django.contrib.auth import login
-
+#Add CSRF protection:
+from django.core.context_processors import csrf
+from django.shortcuts import render_to_response
 
 from registration.forms import RegistrationForm
 from registration.models import RegistrationProfile
@@ -69,7 +70,6 @@ def activate(request, activation_key,
     c = {}
     c.update(csrf(request))
 
-    
     activation_key = activation_key.lower() # Normalize before trying anything with it.
     account = RegistrationProfile.objects.activate_user(activation_key)
     try:
@@ -81,11 +81,10 @@ def activate(request, activation_key,
     context = RequestContext(request)
     for key, value in extra_context.items():
         context[key] = callable(value) and value() or value
-    # merge local settings dict with csrf token dict and render. (could use render()from django 1.34 onwards)
     return render_to_response(template_name,
-                              c.update({ 'account': account,
-                                'expiration_days': settings.ACCOUNT_ACTIVATION_DAYS, 'settings':settings, }),
-                              context_instance=context)
+                              { 'account': account,
+                                'expiration_days': settings.ACCOUNT_ACTIVATION_DAYS, 'settings':settings},
+                              context_instance=context, c)
 
 
 def register(request, success_url=None,
@@ -168,7 +167,6 @@ def register(request, success_url=None,
     context = RequestContext(request)
     for key, value in extra_context.items():
         context[key] = callable(value) and value() or value
-    # merge local settings dict with csrf token dict and render. (could use render()from django 1.34 onwards)
     return render_to_response(template_name,
-                              c.update({ 'form': form,'settings':settings }),
-                              context_instance=context)
+                              { 'form': form,'settings':settings },
+                              context_instance=context, c)
author	Wookey <wookey@wookware.org>	2013-07-02 20:23:55 +0100
committer	Wookey <wookey@wookware.org>	2013-07-02 20:23:55 +0100
commit	ecfa6b19a0f04a2877d6e9294651e14fda70a0da (patch)
tree	d51ed4540a3fe0d817ae74890890bbdeb6c09330 /registration
parent	0dfbd1c84f13ee18451f739987f918cb5ac620ab (diff)
parent	1471abeda79002a69f325f45625ec9feb6be06f2 (diff)
download	troggle-ecfa6b19a0f04a2877d6e9294651e14fda70a0da.tar.gz troggle-ecfa6b19a0f04a2877d6e9294651e14fda70a0da.tar.bz2 troggle-ecfa6b19a0f04a2877d6e9294651e14fda70a0da.zip