From fb5c7adde43014f962e3b03729b358c95ff50e99 Mon Sep 17 00:00:00 2001
From: Alexander Sulfrian <alexander@sulfrian.net>
Date: Sun, 24 Jan 2016 00:38:05 +0100
Subject: Do not disbale csrf

---
 accounts/__init__.py | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/accounts/__init__.py b/accounts/__init__.py
index ae309ff..a75010b 100644
--- a/accounts/__init__.py
+++ b/accounts/__init__.py
@@ -57,7 +57,7 @@ def template_default_context():
 @templated('index.html')
 def index():
     if not g.user:
-        form = LoginForm(request.form, csrf_enabled=False)
+        form = LoginForm(request.form)
         if form.validate_on_submit():
             if login_user(form.username.data, form.password.data):
                 flash(u'Erfolgreich eingeloggt', 'success')
@@ -74,7 +74,7 @@ def index():
 @templated('register.html')
 @logout_required
 def register():
-    form = RegisterForm(request.form, csrf_enabled=False)
+    form = RegisterForm(request.form)
     if form.validate_on_submit():
         send_register_confirmation_mail(form.username.data, form.mail.data)
 
@@ -103,7 +103,7 @@ def register_complete(token):
         flash(u'Du hast den Benutzer bereits angelegt! Du kannst dich jetzt einfach einloggen:')
         return redirect(url_for('index'))
 
-    form = RegisterCompleteForm(request.form, csrf_enabled=False)
+    form = RegisterCompleteForm(request.form)
     if form.validate_on_submit():
         password = form.password.data
 
@@ -137,7 +137,7 @@ def register_complete(token):
 @templated('lost_password.html')
 @logout_required
 def lost_password():
-    form = LostPasswordForm(request.form, csrf_enabled=False)
+    form = LostPasswordForm(request.form)
     if form.validate_on_submit():
         #TODO: make the link only usable once (e.g include a hash of the old pw)
         # atm the only thing we do is make the link valid for only little time
@@ -165,7 +165,7 @@ def lost_password():
 def lost_password_complete(token):
     username, = http_verify_confirmation('lost_password', token.encode('ascii'), timeout=4*60*60)
 
-    form = RegisterCompleteForm(request.form, csrf_enabled=False)
+    form = RegisterCompleteForm(request.form)
     if form.validate_on_submit():
         user = app.user_backend.get_by_uid(username)
         user.change_password(form.password.data)
-- 
cgit v1.2.3-1-g7c22