mirrors/bookwyrm
1
0
Fork 1
mirror of https://github.com/bookwyrm-social/bookwyrm.git synced 2024-05-23 02:38:04 +00:00
Code Issues Projects Releases Wiki Activity

don't use csrf_exempt everywhere

Browse source
This commit is contained in:
Mouse Reeve 2020-01-29 12:24:50 -08:00
parent f031b46b20
commit 7882bfe1ef
6 changed files with 8 additions and 12 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
fedireads/templates/edit_user.html
View file

@ -6,7 +6,7 @@
<form name="avatar" action="/edit_profile/" method="post" enctype="multipart/form-data">
{% csrf_token %}
{{ form.as_p }}
<button type="submit">Upload</button>
<button type="submit">Update profile</button>
</form>
</div>
</div>

1
fedireads/templates/layout.html
View file

@ -27,6 +27,7 @@
<div id="account">
{% if user.is_authenticated %}
<form name="logout" action="/logout/" method="post">
{% csrf_token %}
Welcome, <a href="/user/{{ request.user.localname }}">{{ request.user.localname }}</a>
<input type="submit" value="Log out"></input>
</form>

1
fedireads/templates/login.html
View file

@ -3,6 +3,7 @@
<div id="content">
<div>
<form name="login" method="post">
{% csrf_token %}
{{ login_form.as_p }}
<button type="submit">Log in</button>
</form>

1
fedireads/templates/register.html
View file

@ -3,6 +3,7 @@
<div id="content">
<div>
<form name="register" method="post">
{% csrf_token %}
{{ register_form.as_p }}
<button type="submit">Create account</button>
</form>

2
fedireads/urls.py
View file

@ -31,7 +31,7 @@ urlpatterns = [
# internal action endpoints
re_path(r'^review/?$', views.review),
re_path(r'^shelve/(?P<shelf_id>\w+)/(?P<book_id>\d+)/?$', views.shelve),
re_path(r'^shelve/(?P<shelf_id>[\w_-]+)/(?P<book_id>\d+)/?$', views.shelve),
re_path(r'^follow/?$', views.follow),
re_path(r'^unfollow/?$', views.unfollow),
re_path(r'^search/?$', views.search),

13
fedireads/views.py
View file

@ -52,7 +52,6 @@ def home(request):
return TemplateResponse(request, 'feed.html', data)
@csrf_exempt
def user_login(request):
''' authentication '''
# send user to the login page
@ -75,7 +74,6 @@ def user_login(request):
return TemplateResponse(request, 'login.html')
@csrf_exempt
@login_required
def user_logout(request):
''' done with this place! outa here! '''
@ -83,7 +81,6 @@ def user_logout(request):
return redirect('/')
@csrf_exempt
def register(request):
''' join the server '''
if request.method == 'GET':
@ -140,7 +137,7 @@ def user_profile_edit(request, username):
except models.User.DoesNotExist:
return HttpResponseNotFound()
form = forms.EditUserForm()
form = forms.EditUserForm(instance=request.user)
data = {
'form': form,
'user': user,
@ -148,15 +145,16 @@ def user_profile_edit(request, username):
return TemplateResponse(request, 'edit_user.html', data)
@csrf_exempt
@login_required
def edit_profile(request):
''' les get fancy with images '''
if not request.method == 'POST':
return redirect('/user/%s' % request.user.localname)
form = forms.EditUserForm(request.POST, request.FILES)
if not form.is_valid():
return redirect('/')
request.user.name = form.data['name']
if 'avatar' in form.files:
request.user.avatar = form.files['avatar']
@ -181,7 +179,6 @@ def book_page(request, book_identifier):
return TemplateResponse(request, 'book.html', data)
@csrf_exempt
@login_required
def shelve(request, shelf_id, book_id, reshelve=True):
''' put a book on a user's shelf '''
@ -200,7 +197,6 @@ def shelve(request, shelf_id, book_id, reshelve=True):
return redirect('/')
@csrf_exempt
@login_required
def review(request):
''' create a book review note '''
@ -220,7 +216,6 @@ def review(request):
return redirect(book_identifier)
@csrf_exempt
@login_required
def follow(request):
''' follow another user, here or abroad '''
@ -232,7 +227,6 @@ def follow(request):
return redirect('/user/%s' % to_follow.username)
@csrf_exempt
@login_required
def unfollow(request):
''' unfollow a user '''
@ -243,7 +237,6 @@ def unfollow(request):
return redirect('/user/%s' % followed.username)
@csrf_exempt
@login_required
def search(request):
''' that search bar up top '''