mirror of
https://github.com/bookwyrm-social/bookwyrm.git
synced 2024-11-29 13:01:08 +00:00
don't use csrf_exempt everywhere
This commit is contained in:
parent
f031b46b20
commit
7882bfe1ef
6 changed files with 8 additions and 12 deletions
|
@ -6,7 +6,7 @@
|
||||||
<form name="avatar" action="/edit_profile/" method="post" enctype="multipart/form-data">
|
<form name="avatar" action="/edit_profile/" method="post" enctype="multipart/form-data">
|
||||||
{% csrf_token %}
|
{% csrf_token %}
|
||||||
{{ form.as_p }}
|
{{ form.as_p }}
|
||||||
<button type="submit">Upload</button>
|
<button type="submit">Update profile</button>
|
||||||
</form>
|
</form>
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
|
|
|
@ -27,6 +27,7 @@
|
||||||
<div id="account">
|
<div id="account">
|
||||||
{% if user.is_authenticated %}
|
{% if user.is_authenticated %}
|
||||||
<form name="logout" action="/logout/" method="post">
|
<form name="logout" action="/logout/" method="post">
|
||||||
|
{% csrf_token %}
|
||||||
Welcome, <a href="/user/{{ request.user.localname }}">{{ request.user.localname }}</a>
|
Welcome, <a href="/user/{{ request.user.localname }}">{{ request.user.localname }}</a>
|
||||||
<input type="submit" value="Log out"></input>
|
<input type="submit" value="Log out"></input>
|
||||||
</form>
|
</form>
|
||||||
|
|
|
@ -3,6 +3,7 @@
|
||||||
<div id="content">
|
<div id="content">
|
||||||
<div>
|
<div>
|
||||||
<form name="login" method="post">
|
<form name="login" method="post">
|
||||||
|
{% csrf_token %}
|
||||||
{{ login_form.as_p }}
|
{{ login_form.as_p }}
|
||||||
<button type="submit">Log in</button>
|
<button type="submit">Log in</button>
|
||||||
</form>
|
</form>
|
||||||
|
|
|
@ -3,6 +3,7 @@
|
||||||
<div id="content">
|
<div id="content">
|
||||||
<div>
|
<div>
|
||||||
<form name="register" method="post">
|
<form name="register" method="post">
|
||||||
|
{% csrf_token %}
|
||||||
{{ register_form.as_p }}
|
{{ register_form.as_p }}
|
||||||
<button type="submit">Create account</button>
|
<button type="submit">Create account</button>
|
||||||
</form>
|
</form>
|
||||||
|
|
|
@ -31,7 +31,7 @@ urlpatterns = [
|
||||||
|
|
||||||
# internal action endpoints
|
# internal action endpoints
|
||||||
re_path(r'^review/?$', views.review),
|
re_path(r'^review/?$', views.review),
|
||||||
re_path(r'^shelve/(?P<shelf_id>\w+)/(?P<book_id>\d+)/?$', views.shelve),
|
re_path(r'^shelve/(?P<shelf_id>[\w_-]+)/(?P<book_id>\d+)/?$', views.shelve),
|
||||||
re_path(r'^follow/?$', views.follow),
|
re_path(r'^follow/?$', views.follow),
|
||||||
re_path(r'^unfollow/?$', views.unfollow),
|
re_path(r'^unfollow/?$', views.unfollow),
|
||||||
re_path(r'^search/?$', views.search),
|
re_path(r'^search/?$', views.search),
|
||||||
|
|
|
@ -52,7 +52,6 @@ def home(request):
|
||||||
return TemplateResponse(request, 'feed.html', data)
|
return TemplateResponse(request, 'feed.html', data)
|
||||||
|
|
||||||
|
|
||||||
@csrf_exempt
|
|
||||||
def user_login(request):
|
def user_login(request):
|
||||||
''' authentication '''
|
''' authentication '''
|
||||||
# send user to the login page
|
# send user to the login page
|
||||||
|
@ -75,7 +74,6 @@ def user_login(request):
|
||||||
return TemplateResponse(request, 'login.html')
|
return TemplateResponse(request, 'login.html')
|
||||||
|
|
||||||
|
|
||||||
@csrf_exempt
|
|
||||||
@login_required
|
@login_required
|
||||||
def user_logout(request):
|
def user_logout(request):
|
||||||
''' done with this place! outa here! '''
|
''' done with this place! outa here! '''
|
||||||
|
@ -83,7 +81,6 @@ def user_logout(request):
|
||||||
return redirect('/')
|
return redirect('/')
|
||||||
|
|
||||||
|
|
||||||
@csrf_exempt
|
|
||||||
def register(request):
|
def register(request):
|
||||||
''' join the server '''
|
''' join the server '''
|
||||||
if request.method == 'GET':
|
if request.method == 'GET':
|
||||||
|
@ -140,7 +137,7 @@ def user_profile_edit(request, username):
|
||||||
except models.User.DoesNotExist:
|
except models.User.DoesNotExist:
|
||||||
return HttpResponseNotFound()
|
return HttpResponseNotFound()
|
||||||
|
|
||||||
form = forms.EditUserForm()
|
form = forms.EditUserForm(instance=request.user)
|
||||||
data = {
|
data = {
|
||||||
'form': form,
|
'form': form,
|
||||||
'user': user,
|
'user': user,
|
||||||
|
@ -148,15 +145,16 @@ def user_profile_edit(request, username):
|
||||||
return TemplateResponse(request, 'edit_user.html', data)
|
return TemplateResponse(request, 'edit_user.html', data)
|
||||||
|
|
||||||
|
|
||||||
@csrf_exempt
|
|
||||||
@login_required
|
@login_required
|
||||||
def edit_profile(request):
|
def edit_profile(request):
|
||||||
''' les get fancy with images '''
|
''' les get fancy with images '''
|
||||||
if not request.method == 'POST':
|
if not request.method == 'POST':
|
||||||
return redirect('/user/%s' % request.user.localname)
|
return redirect('/user/%s' % request.user.localname)
|
||||||
|
|
||||||
form = forms.EditUserForm(request.POST, request.FILES)
|
form = forms.EditUserForm(request.POST, request.FILES)
|
||||||
if not form.is_valid():
|
if not form.is_valid():
|
||||||
return redirect('/')
|
return redirect('/')
|
||||||
|
|
||||||
request.user.name = form.data['name']
|
request.user.name = form.data['name']
|
||||||
if 'avatar' in form.files:
|
if 'avatar' in form.files:
|
||||||
request.user.avatar = form.files['avatar']
|
request.user.avatar = form.files['avatar']
|
||||||
|
@ -181,7 +179,6 @@ def book_page(request, book_identifier):
|
||||||
return TemplateResponse(request, 'book.html', data)
|
return TemplateResponse(request, 'book.html', data)
|
||||||
|
|
||||||
|
|
||||||
@csrf_exempt
|
|
||||||
@login_required
|
@login_required
|
||||||
def shelve(request, shelf_id, book_id, reshelve=True):
|
def shelve(request, shelf_id, book_id, reshelve=True):
|
||||||
''' put a book on a user's shelf '''
|
''' put a book on a user's shelf '''
|
||||||
|
@ -200,7 +197,6 @@ def shelve(request, shelf_id, book_id, reshelve=True):
|
||||||
return redirect('/')
|
return redirect('/')
|
||||||
|
|
||||||
|
|
||||||
@csrf_exempt
|
|
||||||
@login_required
|
@login_required
|
||||||
def review(request):
|
def review(request):
|
||||||
''' create a book review note '''
|
''' create a book review note '''
|
||||||
|
@ -220,7 +216,6 @@ def review(request):
|
||||||
return redirect(book_identifier)
|
return redirect(book_identifier)
|
||||||
|
|
||||||
|
|
||||||
@csrf_exempt
|
|
||||||
@login_required
|
@login_required
|
||||||
def follow(request):
|
def follow(request):
|
||||||
''' follow another user, here or abroad '''
|
''' follow another user, here or abroad '''
|
||||||
|
@ -232,7 +227,6 @@ def follow(request):
|
||||||
return redirect('/user/%s' % to_follow.username)
|
return redirect('/user/%s' % to_follow.username)
|
||||||
|
|
||||||
|
|
||||||
@csrf_exempt
|
|
||||||
@login_required
|
@login_required
|
||||||
def unfollow(request):
|
def unfollow(request):
|
||||||
''' unfollow a user '''
|
''' unfollow a user '''
|
||||||
|
@ -243,7 +237,6 @@ def unfollow(request):
|
||||||
return redirect('/user/%s' % followed.username)
|
return redirect('/user/%s' % followed.username)
|
||||||
|
|
||||||
|
|
||||||
@csrf_exempt
|
|
||||||
@login_required
|
@login_required
|
||||||
def search(request):
|
def search(request):
|
||||||
''' that search bar up top '''
|
''' that search bar up top '''
|
||||||
|
|
Loading…
Reference in a new issue