0001-Use-setting-CSRF_FAILURE_VIEW-to-prevent-user-seeing.patch
| src/authentic2/settings.py | ||
|---|---|---|
| 130 | 130 |
# authentication |
| 131 | 131 |
AUTHENTICATION_BACKENDS = ( |
| 132 | 132 |
'authentic2.backends.ldap_backend.LDAPBackend', |
| 133 | 133 |
'authentic2.backends.ldap_backend.LDAPBackendPasswordLost', |
| 134 | 134 |
'authentic2.backends.models_backend.ModelBackend', |
| 135 | 135 |
) |
| 136 | 136 |
AUTHENTICATION_BACKENDS = plugins.register_plugins_authentication_backends( |
| 137 | 137 |
AUTHENTICATION_BACKENDS) |
| 138 |
CSRF_FAILURE_VIEW = 'authentic2.views.csrf_failure_view' |
|
| 139 | ||
| 138 | 140 | |
| 139 | 141 |
LOGIN_REDIRECT_URL = '/' |
| 140 | 142 |
LOGIN_URL = '/login/' |
| 141 | 143 |
LOGOUT_URL = '/logout/' |
| 142 | 144 | |
| 143 | 145 |
# Registration |
| 144 | 146 |
ACCOUNT_ACTIVATION_DAYS = 2 |
| 145 | 147 | |
| src/authentic2/views.py | ||
|---|---|---|
| 467 | 467 |
def get(self, request, *args, **kwargs): |
| 468 | 468 |
if not self.check_referrer(): |
| 469 | 469 |
return HttpResponseForbidden() |
| 470 | 470 |
callback = request.GET.get('callback')
|
| 471 | 471 |
content = u'{0}({1})'.format(callback, int(request.user.is_authenticated()))
|
| 472 | 472 |
return HttpResponse(content, content_type='application/json') |
| 473 | 473 | |
| 474 | 474 |
logged_in = never_cache(LoggedInView.as_view()) |
| 475 | ||
| 476 |
def csrf_failure_view(request, reason=""): |
|
| 477 |
messages.warning(request, _('The page is out of date, it was reloaded for you'))
|
|
| 478 |
return HttpResponseRedirect(request.get_full_path()) |
|
| 475 |
- |
|