entrouvert
/
authentic
16
0
Fork 0
Code Issues Pull Requests 32 Releases Activity

Use csrf token in each form. 

Due to the removal of the CsrfMiddleware in Django 1.4, it is required to
    use {% csrf_token %} in all forms.
This commit is contained in:
Mikaël Ates 2012-04-25 10:24:52 +02:00
parent 172f31e990
commit c2132accd6
23 changed files with 51 additions and 32 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
authentic2/authsaml2/templates/auth/saml2/login_form.html
View File

@ -1,6 +1,7 @@
{% load i18n %}
<div>
<form method="post" action="">
{% csrf_token %}
{{ form.as_p }}
<input type="submit" name="{{ submit_name }}" value="{% trans "Log in" %}"/>
</form>

1
authentic2/authsaml2/templates/profile.html
View File

@ -22,6 +22,7 @@
<p>
<h5>{% trans "Add a federation?" %}</h5>
<form method="post" action="">
{% csrf_token %}
{{ form.as_p }}
<input type="submit" name="{{ submit_name }}" value="{% trans "Log in" %}"/>
</form>

5
authentic2/idp/idp_openid/templates/idp/openid/decide.html
View File

@ -23,7 +23,7 @@
{% endifequal %}
{% ifequal trust_root_valid "DISCOVERY_FAILED" %}
<p>The site <tt>{{ trust_root|escape }}</tt> has requested verification
of your OpenID. However, <tt>{{ trust_root|escape }}</tt> does not
of your OpenID. However, <tt>{{ trust_root|escape }}</tt> does not
implement OpenID 2.0's relying party verification mechanism. Please use
extra caution in deciding whether to release information to this party,
and ask <tt>{{ trust_root|escape }}</tt> to implement relying party
@ -32,7 +32,8 @@
<!-- trust_root_valid is {{ trust_root_valid }} -->
<form method="post" action="{% url openid-provider-decide %}">{% csrf_token %}
<form method="post" action="{% url openid-provider-decide %}">
{% csrf_token %}
{% if required %}
<p>
It requires the following attributes:

1
authentic2/templates/auth/account_linking_ssl.html
View File

@ -9,6 +9,7 @@
<p>* {% trans "Log in to link your certificate with an existing account" %}</p>
<div id="login-actions">
<form id="login-form" method="post" action="post_account_linking">
{% csrf_token %}
<ul class="errorlist">
{% for error in form.non_field_errors %}
<li>{{ error|escape }}</li>

1
authentic2/templates/auth/login_form.html
View File

@ -1,6 +1,7 @@
{% load i18n %}
<div>
<form method="post" action="">
{% csrf_token %}
{{ form.as_p }}
<input type="submit" name="{{ submit_name }}" value="{% trans "Log in" %}"/>
{% if cancel %}

1
authentic2/templates/auth/login_form_oath.html
View File

@ -11,6 +11,7 @@ One Time password authentication method.
<div>
<form method="post" action="">
{% csrf_token %}
{{ form.as_p }}
<input type="submit" name="{{ submit_name }}" value="{% trans "Log in" %}"/>
{% if cancel %}

2
authentic2/templates/auth/login_form_openid.html
View File

@ -7,6 +7,7 @@
{% endif %}
<form id="openid_form" method="post" action="">
{% csrf_token %}
<input type="hidden" name="action" value="verify" />
<div id="openid_choice">
<p>{% trans "Please select your account provider:" %}</p>
@ -30,4 +31,3 @@ $(document).ready(function() {
});
</script>
</div>

1
authentic2/templates/auth/login_form_ssl.html
View File

@ -4,6 +4,7 @@
{% trans "Use a self-generated X509 certificate to log in." %}
</p>
<form method="post" action="">
{% csrf_token %}
{{ form.as_p }}
<input type="submit" name="{{ submit_name }}" value="{% trans "Log in" %}"/>
{% if cancel %}

4
authentic2/templates/authopenid/associate.html
View File

@ -24,6 +24,7 @@
<div class="login">
<h2>{% trans "Dissociate OpenID URL" %}</h2>
<form name = "fopenid" action = "." method= "post" />
{% csrf_token %}
<ul class = "NoBullet">
{% for a_openid in associated_openids %}
<li><input type = "checkbox" name = "a_openids" value = {{ a_openid }} /> {{ a_openid }} </li>
@ -36,6 +37,7 @@
<h2>{% trans "Add a new OpenID account" %}</h2>
<form name="openid_form" id="openid_form" action="." method="post">
{% csrf_token %}
<input type="hidden" name="action" value="verify" />
<input type="hidden" name="next" value="{{ next }}" />
<div id="openid_choice">
@ -46,7 +48,7 @@
<label for="id_openid_url">{% trans "OpenId URL :" %}</label> {{ form.openid_url }}
<input name="openid_submit" type="submit" value="{% trans "Add OpenID" %}">
</div>
</form>
</form>
{% endblock %}
{% block extra_scripts %}

17
authentic2/templates/authopenid/complete.html
View File

@ -25,23 +25,23 @@
{% endblocktrans %}
</div>
{% if form1.errors %}
<p class="errors">{% trans "Please correct errors below:" %}
{% if form1.username.errors %}
{% if form1.username.errors %}
<ul class="errorlist">{{ form1.username.errors|join:", " }}</ul>
{% endif %}
{% if form1.email.errors %}
{% if form1.email.errors %}
<ul class="errorlist">{{ form1.email.errors|join:", " }}</ul>
{% endif %}
</p>
{% endif %}
{% if form2.errors %}
<p class="errors">{% trans "Please correct errors below:" %}
{% if form2.username.errors %}
{% if form2.username.errors %}
<ul class="errorlist">{{ form2.username.errors|join:", " }}</ul>
{% endif %}
{% if form2.password.errors %}
{% if form2.password.errors %}
<ul class="errorlist">{{ form2.password.errors|join:", " }}</ul>
{% endif %}
</p>
@ -49,6 +49,7 @@
<div class="login">
<form name="fregister" action="{% url user_register %}" method="POST">
{% csrf_token %}
<input type="hidden" name="next" value="{{ next }}" />
<fieldset>
<legend>{% trans "A new account" %}</legend>
@ -60,10 +61,11 @@
</form>
</div>
<div class="login">
<form name="fverify" action="{% url user_register %}" method="POST">
{% csrf_token %}
<input type="hidden" name="next" value="{{ next }}" />
<fieldset>
<legend>{% trans "An existing account" %}</legend>
@ -74,6 +76,3 @@
</form>
</div>
{% endblock %}

8
authentic2/templates/authopenid/dissociate.html
View File

@ -25,13 +25,13 @@
<h2>{% trans "Dissociate OpenID URL" %}</h2>
<form name="fopenid" action="{% url user-dissociate %}" method="post">
{% csrf_token %}
<input type="hidden" name="next" value="{{ next }}" />
{{ form.openid_url }}
<p>Confirm to dissociate {% for a_oi in a_openids %} {{ a_oi }} <input type="hidden" name="a_openids_remove" value="{{ a_oi }}" /> {% endfor %} from your account</p>
<div class="submit-row "><input name="bdissociate" type="submit" value="{% trans "Dissociate OpenID" %}">
<input name="bdissociate_cancel" type="submit" value="{% trans "Cancel" %}"></div>
</form>
</div>
{% endblock %}
</form>
</div>
{% endblock %}

5
authentic2/templates/authopenid/password_change_form.html
View File

@ -26,6 +26,7 @@
<p>{% trans "Please enter your new password twice so we can verify you typed it in correctly." %}</p>
<form action="." method="post">
{% csrf_token %}
{{ form.new_password1.errors }}
<p class="aligned wide"><label for="id_new_password1">{% trans 'New password:' %}</label>{{ form.new_password1 }}</p>
{{ form.new_password2.errors }}
@ -39,7 +40,7 @@
<p>{% trans "Please enter your old password, for security's sake, and then enter your new password twice so we can verify you typed it in correctly." %}</p>
<form action="." method="post">
{% csrf_token %}
{{ form.old_password.errors }}
<p class="aligned wide"><label for="id_old_password">{% trans 'Old password:' %}</label>{{ form.old_password }}</p>
{{ form.new_password1.errors }}
@ -53,4 +54,4 @@
{% endif %}
{% endblock %}
{% endblock %}

12
authentic2/templates/authopenid/signin-iframe.html
View File

@ -14,10 +14,10 @@
{% endif %}
{% if form2.errors %}
<div class="errors"><p>{% trans "Please correct errors below:" %}
{% if form2.username.errors %}
{% if form2.username.errors %}
<span class="error">{{ form2.username.errors|join:", " }}</span>
{% endif %}
{% if form2.password.errors %}
{% if form2.password.errors %}
<span class="error">{{ form2.password.errors|join:", " }}</span>
{% endif %}
</p></div>
@ -32,6 +32,7 @@
<div class="login">
<form id="openid_form" name="openid_form" action="{% url user_signin %}" method="post">
{% csrf_token %}
<input type="hidden" name="action" value="verify" />
<input type="hidden" name="next" value="{{ next }}" />
<div id="openid_choice">
@ -43,8 +44,8 @@
<label for="id_openid_url">{% trans "OpenId URL :" %}</label>{{ form1.openid_url }}
<input name="openid_submit" type="submit" value="{% trans "Sign in with OpenID" %}">
</div>
</form>
</div>
</form>
</div>
{% endblock %}
{% block extra_scripts %}
@ -56,6 +57,5 @@ $(document).ready(function() {
});
</script>
<!-- /Simple OpenID Selector -->
{% endblock %}
{% endblock %}

12
authentic2/templates/authopenid/signin.html
View File

@ -20,10 +20,10 @@
{% endif %}
{% if form2.errors %}
<div class="errors"><p>{% trans "Please correct errors below:" %}
{% if form2.username.errors %}
{% if form2.username.errors %}
<span class="error">{{ form2.username.errors|join:", " }}</span>
{% endif %}
{% if form2.password.errors %}
{% if form2.password.errors %}
<span class="error">{{ form2.password.errors|join:", " }}</span>
{% endif %}
</p></div>
@ -38,6 +38,7 @@
<div class="login">
<form id="openid_form" name="openid_form" action="{% url user_signin %}" method="post">
{% csrf_token %}
<input type="hidden" name="action" value="verify" />
<input type="hidden" name="next" value="{{ next }}" />
<div id="openid_choice">
@ -49,8 +50,8 @@
<label for="id_openid_url">{% trans "OpenId URL :" %}</label>{{ form1.openid_url }}
<input name="openid_submit" type="submit" value="{% trans "Sign in with OpenID" %}">
</div>
</form>
</div>
</form>
</div>
{% endblock %}
{% block extra_scripts %}
@ -62,6 +63,5 @@ $(document).ready(function() {
});
</script>
<!-- /Simple OpenID Selector -->
{% endblock %}
{% endblock %}

2
authentic2/templates/django_openid_provider/manage_id.html
View File

@ -25,6 +25,7 @@
You can change your default OpenID by clicking on "Make Default"
</p>
<form action="." id="form1" method="post">
{% csrf_token %}
{% for key,value in openids.items %}
<p> <h4> {{ uri }}{{ oipath }}/{{ value.caption }}/
{% if value.Default %}
@ -51,6 +52,7 @@ You can change your default OpenID by clicking on "Make Default"
<legend>{% trans "Add a new OpenID identity" %} </legend>
<p>
<form action = "/openid/addopenid/" id = "form2" method = "post">
{% csrf_token %}
<p> Leave blank to create an anonymous OpenID</p>
{{ uri }}{{ oipath }}/{{ form.openid }}/
{{ form.Default }}

1
authentic2/templates/django_openid_provider/manage_id_confirm.html
View File

@ -7,6 +7,7 @@
{% block content %}
<form action = "/openid/manageid_confirm/" id = "form" method = "post">
{% csrf_token %}
<p>Are you sure, you want to delete <strong> {{ id }} </strong> and these trusted site:</p>
{% for i in trust %}
{{ i }}

2
authentic2/templates/django_openid_provider/manage_trustroot.html
View File

@ -17,6 +17,7 @@
<legend>{% trans "Your trusted site" %} </legend>
<p>Check the trusted site that you want to remove and click on remove to remove these trusted site from these </p>
<form action="." id="form" method="post">
{% csrf_token %}
{% for key, value in openids.items %}
<p> <h4> {{ uri }}{{ oipath }}/{{ value.caption }}/ </h4>
<ul class="NoBullet">
@ -34,4 +35,3 @@
</form>
</fieldset>
{% endblock %}

1
authentic2/templates/profiles/create_profile.html
View File

@ -5,6 +5,7 @@
{% block content %}
<form method="post">
{% csrf_token %}
{{ form.as_p }}
<input type="submit" value="{% trans "Create" %}"/>
</form>

2
authentic2/templates/registration/login.html
View File

@ -16,6 +16,7 @@
{% endif %}
<form id="login-form" method="post" action=".">
{% csrf_token %}
{{ form.as_p }}
<input type="submit" value="{% trans 'Log in' %}" class="submit" />
@ -39,6 +40,7 @@
</div>
<div>
<form>
{% csrf_token %}
<select name="list_providers" size="1" onChange="redirect_from_list(this.form)">
<option selected="selected">{% trans "Tell me where!" %}</option>
{% for p in providers_list %}

1
authentic2/templates/registration/password_change_form.html
View File

@ -7,6 +7,7 @@
{% block content %}
<form method="post" action=".">
{% csrf_token %}
{{ form.as_p }}
<input type="submit" value="{% trans 'Submit' %}" />

1
authentic2/templates/registration/password_reset_confirm.html
View File

@ -10,6 +10,7 @@
{% if validlink %}
<form method="post" action=".">
{% csrf_token %}
{{ form.as_p }}
<input type="submit" value="{% trans 'Submit' %}" />

1
authentic2/templates/registration/password_reset_form.html
View File

@ -10,6 +10,7 @@
<h2>{% trans "Resetting password" %}</h2>
<form method="post" action=".">
{% csrf_token %}
{{ form.as_p }}
<input type="submit" value="{% trans 'Submit' %}" />

1
authentic2/templates/registration/registration_form.html
View File

@ -16,6 +16,7 @@
<h2>{% trans "Registration" %}</h2>
<form method="post" action=".">
{% csrf_token %}
{{ form.as_p }}
<input type="submit" value="{% trans 'Submit' %}" />