From 13378255c02b97184132881599ed47826963f54a Mon Sep 17 00:00:00 2001 From: Roald de Vries Date: Wed, 30 Nov 2016 16:11:27 +0100 Subject: add csrf token to login form --- service/pixelated/resources/login_resource.py | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'service/pixelated/resources/login_resource.py') diff --git a/service/pixelated/resources/login_resource.py b/service/pixelated/resources/login_resource.py index fec4307e..7d61ddce 100644 --- a/service/pixelated/resources/login_resource.py +++ b/service/pixelated/resources/login_resource.py @@ -107,6 +107,11 @@ class LoginWebSite(Element): return tag(self._error_msg) return tag('') + @renderer + def csrftoken(self, request, tag): + tag.fillSlots(csrftoken=IPixelatedSession(request.getSession()).get_csrf_token()) + return tag + @renderer def disclaimer(self, request, tag): return DisclaimerElement(self.disclaimer_banner_file).render(request) @@ -140,6 +145,7 @@ class LoginResource(BaseResource): return NoResource() def render_GET(self, request): + request.getSession() request.setResponseCode(OK) return self._render_template(request) -- cgit v1.2.3