0001-Use-setting-CSRF_FAILURE_VIEW-to-prevent-user-seeing.patch
src/authentic2/settings.py | ||
---|---|---|
130 | 130 |
# authentication |
131 | 131 |
AUTHENTICATION_BACKENDS = ( |
132 | 132 |
'authentic2.backends.ldap_backend.LDAPBackend', |
133 | 133 |
'authentic2.backends.ldap_backend.LDAPBackendPasswordLost', |
134 | 134 |
'authentic2.backends.models_backend.ModelBackend', |
135 | 135 |
) |
136 | 136 |
AUTHENTICATION_BACKENDS = plugins.register_plugins_authentication_backends( |
137 | 137 |
AUTHENTICATION_BACKENDS) |
138 |
CSRF_FAILURE_VIEW = 'authentic2.views.csrf_failure_view' |
|
139 | ||
138 | 140 | |
139 | 141 |
LOGIN_REDIRECT_URL = '/' |
140 | 142 |
LOGIN_URL = '/login/' |
141 | 143 |
LOGOUT_URL = '/logout/' |
142 | 144 | |
143 | 145 |
# Registration |
144 | 146 |
ACCOUNT_ACTIVATION_DAYS = 2 |
145 | 147 |
src/authentic2/views.py | ||
---|---|---|
467 | 467 |
def get(self, request, *args, **kwargs): |
468 | 468 |
if not self.check_referrer(): |
469 | 469 |
return HttpResponseForbidden() |
470 | 470 |
callback = request.GET.get('callback') |
471 | 471 |
content = u'{0}({1})'.format(callback, int(request.user.is_authenticated())) |
472 | 472 |
return HttpResponse(content, content_type='application/json') |
473 | 473 | |
474 | 474 |
logged_in = never_cache(LoggedInView.as_view()) |
475 | ||
476 |
def csrf_failure_view(request, reason=""): |
|
477 |
messages.warning(request, _('The page is out of date, it was reloaded for you')) |
|
478 |
return HttpResponseRedirect(request.get_full_path()) |
|
475 |
- |