diff options
author | Alexander Sulfrian <alexander@sulfrian.net> | 2016-01-24 00:38:05 +0100 |
---|---|---|
committer | Alexander Sulfrian <alexander@sulfrian.net> | 2016-01-25 01:56:49 +0100 |
commit | fb5c7adde43014f962e3b03729b358c95ff50e99 (patch) | |
tree | 8be2ffd163a9ddb19c578cf0b2d0631b8c68329b | |
parent | b3ea6ebd5d7ede77a7e500d7c043c47926e5a60e (diff) | |
download | web-fb5c7adde43014f962e3b03729b358c95ff50e99.tar.gz web-fb5c7adde43014f962e3b03729b358c95ff50e99.tar.bz2 web-fb5c7adde43014f962e3b03729b358c95ff50e99.zip |
Do not disbale csrf
-rw-r--r-- | accounts/__init__.py | 10 |
1 files changed, 5 insertions, 5 deletions
diff --git a/accounts/__init__.py b/accounts/__init__.py index ae309ff..a75010b 100644 --- a/accounts/__init__.py +++ b/accounts/__init__.py @@ -57,7 +57,7 @@ def template_default_context(): @templated('index.html') def index(): if not g.user: - form = LoginForm(request.form, csrf_enabled=False) + form = LoginForm(request.form) if form.validate_on_submit(): if login_user(form.username.data, form.password.data): flash(u'Erfolgreich eingeloggt', 'success') @@ -74,7 +74,7 @@ def index(): @templated('register.html') @logout_required def register(): - form = RegisterForm(request.form, csrf_enabled=False) + form = RegisterForm(request.form) if form.validate_on_submit(): send_register_confirmation_mail(form.username.data, form.mail.data) @@ -103,7 +103,7 @@ def register_complete(token): flash(u'Du hast den Benutzer bereits angelegt! Du kannst dich jetzt einfach einloggen:') return redirect(url_for('index')) - form = RegisterCompleteForm(request.form, csrf_enabled=False) + form = RegisterCompleteForm(request.form) if form.validate_on_submit(): password = form.password.data @@ -137,7 +137,7 @@ def register_complete(token): @templated('lost_password.html') @logout_required def lost_password(): - form = LostPasswordForm(request.form, csrf_enabled=False) + form = LostPasswordForm(request.form) if form.validate_on_submit(): #TODO: make the link only usable once (e.g include a hash of the old pw) # atm the only thing we do is make the link valid for only little time @@ -165,7 +165,7 @@ def lost_password(): def lost_password_complete(token): username, = http_verify_confirmation('lost_password', token.encode('ascii'), timeout=4*60*60) - form = RegisterCompleteForm(request.form, csrf_enabled=False) + form = RegisterCompleteForm(request.form) if form.validate_on_submit(): user = app.user_backend.get_by_uid(username) user.change_password(form.password.data) |