Add initial support for CSRF token protection

2016-12-14 15:41:15 -06:00 · 2016-12-14 15:41:15 -06:00 · ab09314ed3
commit ab09314ed3
parent 11e78adaab
8 changed files with 61 additions and 6 deletions
--- a/tailbone/views/auth.py
+++ b/tailbone/views/auth.py
@ -101,8 +101,7 @@ class AuthenticationView(View):
            self.request.session.flash("{} is already logged in".format(self.request.user), 'error')
            return self.redirect(referrer)

-        form = Form(self.request, schema=UserLogin)
-        context = {'form': forms.FormRenderer(form), 'referrer': referrer, 'dialog': mobile}
+        form = forms.SimpleForm(self.request, UserLogin)
        if form.validate():
            user = authenticate_user(Session(),
                                     form.data['username'],
@ -115,7 +114,12 @@ class AuthenticationView(View):
                return self.redirect(referrer, headers=headers)
            else:
                self.request.session.flash("Invalid username or password", 'error')
-        return context
+
+        return {
+            'form': forms.FormRenderer(form),
+            'referrer': referrer,
+            'dialog': mobile,
+        }

    def mobile_login(self):
        return self.login(mobile=True)