From e941b39af7343169e3d9897d64385c4d7e4cc473 Mon Sep 17 00:00:00 2001
From: Benjamin Dauvergne <bdauvergne@entrouvert.com>
Date: Sat, 30 May 2015 01:38:29 +0200
Subject: [PATCH] auth_frontends: build next URL passed to registration by
 adding the nonce

fixes #7388
---
 src/authentic2/auth_frontends.py                             | 3 +++
 src/authentic2/templates/authentic2/login_password_form.html | 2 +-
 src/authentic2/utils.py                                      | 6 ++++++
 3 files changed, 10 insertions(+), 1 deletion(-)

diff --git a/src/authentic2/auth_frontends.py b/src/authentic2/auth_frontends.py
index 5fa3072..ebabd3e 100644
--- a/src/authentic2/auth_frontends.py
+++ b/src/authentic2/auth_frontends.py
@@ -2,10 +2,12 @@ from django.contrib.auth import forms
 from django.utils.translation import gettext_noop
 from django.shortcuts import render
 from django.utils.translation import ugettext as _
+from django.core.urlresolvers import reverse
 
 from . import views, app_settings, utils
 from .exponential_retry_timeout import ExponentialRetryTimeout
 
+
 class LoginPasswordBackend(object):
     submit_name = 'login-password-submit'
 
@@ -32,6 +34,7 @@ class LoginPasswordBackend(object):
         is_secure = request.is_secure
         context = {
             'submit_name': self.submit_name,
+            'registration_url': utils.get_registration_url(request),
         }
         seconds_to_wait = exponential_backoff.seconds_to_wait(request)
         reset = True
diff --git a/src/authentic2/templates/authentic2/login_password_form.html b/src/authentic2/templates/authentic2/login_password_form.html
index b2b4688..e97526a 100644
--- a/src/authentic2/templates/authentic2/login_password_form.html
+++ b/src/authentic2/templates/authentic2/login_password_form.html
@@ -15,7 +15,7 @@
   <p>→ {% trans "Forgot password?" %} <a href="{% url 'password_reset' %}">{% trans "Reset it!" %}</a></p>
 {% endif %}
 {% if registration_authorized %}
-  <p>→ {% trans "Not a member?" %} <a href="{% url 'registration_register' %}?{{ request.GET.urlencode }}">{% trans "Register!" %}</a></p>
+  <p>→ {% trans "Not a member?" %} <a href="{{ registration_url }}">{% trans "Register!" %}</a></p>
 {% endif %}
 </div>
 
diff --git a/src/authentic2/utils.py b/src/authentic2/utils.py
index 6b2accc..be181a7 100644
--- a/src/authentic2/utils.py
+++ b/src/authentic2/utils.py
@@ -485,3 +485,9 @@ else:
             if not field.is_relation or not field.many_to_one:
                 return None
             return field.related_model
+
+
+def get_registration_url(request):
+    next_url = request.GET.get(REDIRECT_FIELD_NAME) or reverse('homepage')
+    next_url = make_url(next_url, request=request, keep_params=True, include=(constants.NONCE_FIELD_NAME,))
+    return make_url('registration_register', params={REDIRECT_FIELD_NAME: next_url})
-- 
2.1.4