mirror of
https://github.com/bookwyrm-social/bookwyrm.git
synced 2024-11-26 03:21:05 +00:00
don't use csrf_exempt everywhere
This commit is contained in:
parent
f031b46b20
commit
7882bfe1ef
6 changed files with 8 additions and 12 deletions
|
@ -6,7 +6,7 @@
|
|||
<form name="avatar" action="/edit_profile/" method="post" enctype="multipart/form-data">
|
||||
{% csrf_token %}
|
||||
{{ form.as_p }}
|
||||
<button type="submit">Upload</button>
|
||||
<button type="submit">Update profile</button>
|
||||
</form>
|
||||
</div>
|
||||
</div>
|
||||
|
|
|
@ -27,6 +27,7 @@
|
|||
<div id="account">
|
||||
{% if user.is_authenticated %}
|
||||
<form name="logout" action="/logout/" method="post">
|
||||
{% csrf_token %}
|
||||
Welcome, <a href="/user/{{ request.user.localname }}">{{ request.user.localname }}</a>
|
||||
<input type="submit" value="Log out"></input>
|
||||
</form>
|
||||
|
|
|
@ -3,6 +3,7 @@
|
|||
<div id="content">
|
||||
<div>
|
||||
<form name="login" method="post">
|
||||
{% csrf_token %}
|
||||
{{ login_form.as_p }}
|
||||
<button type="submit">Log in</button>
|
||||
</form>
|
||||
|
|
|
@ -3,6 +3,7 @@
|
|||
<div id="content">
|
||||
<div>
|
||||
<form name="register" method="post">
|
||||
{% csrf_token %}
|
||||
{{ register_form.as_p }}
|
||||
<button type="submit">Create account</button>
|
||||
</form>
|
||||
|
|
|
@ -31,7 +31,7 @@ urlpatterns = [
|
|||
|
||||
# internal action endpoints
|
||||
re_path(r'^review/?$', views.review),
|
||||
re_path(r'^shelve/(?P<shelf_id>\w+)/(?P<book_id>\d+)/?$', views.shelve),
|
||||
re_path(r'^shelve/(?P<shelf_id>[\w_-]+)/(?P<book_id>\d+)/?$', views.shelve),
|
||||
re_path(r'^follow/?$', views.follow),
|
||||
re_path(r'^unfollow/?$', views.unfollow),
|
||||
re_path(r'^search/?$', views.search),
|
||||
|
|
|
@ -52,7 +52,6 @@ def home(request):
|
|||
return TemplateResponse(request, 'feed.html', data)
|
||||
|
||||
|
||||
@csrf_exempt
|
||||
def user_login(request):
|
||||
''' authentication '''
|
||||
# send user to the login page
|
||||
|
@ -75,7 +74,6 @@ def user_login(request):
|
|||
return TemplateResponse(request, 'login.html')
|
||||
|
||||
|
||||
@csrf_exempt
|
||||
@login_required
|
||||
def user_logout(request):
|
||||
''' done with this place! outa here! '''
|
||||
|
@ -83,7 +81,6 @@ def user_logout(request):
|
|||
return redirect('/')
|
||||
|
||||
|
||||
@csrf_exempt
|
||||
def register(request):
|
||||
''' join the server '''
|
||||
if request.method == 'GET':
|
||||
|
@ -140,7 +137,7 @@ def user_profile_edit(request, username):
|
|||
except models.User.DoesNotExist:
|
||||
return HttpResponseNotFound()
|
||||
|
||||
form = forms.EditUserForm()
|
||||
form = forms.EditUserForm(instance=request.user)
|
||||
data = {
|
||||
'form': form,
|
||||
'user': user,
|
||||
|
@ -148,15 +145,16 @@ def user_profile_edit(request, username):
|
|||
return TemplateResponse(request, 'edit_user.html', data)
|
||||
|
||||
|
||||
@csrf_exempt
|
||||
@login_required
|
||||
def edit_profile(request):
|
||||
''' les get fancy with images '''
|
||||
if not request.method == 'POST':
|
||||
return redirect('/user/%s' % request.user.localname)
|
||||
|
||||
form = forms.EditUserForm(request.POST, request.FILES)
|
||||
if not form.is_valid():
|
||||
return redirect('/')
|
||||
|
||||
request.user.name = form.data['name']
|
||||
if 'avatar' in form.files:
|
||||
request.user.avatar = form.files['avatar']
|
||||
|
@ -181,7 +179,6 @@ def book_page(request, book_identifier):
|
|||
return TemplateResponse(request, 'book.html', data)
|
||||
|
||||
|
||||
@csrf_exempt
|
||||
@login_required
|
||||
def shelve(request, shelf_id, book_id, reshelve=True):
|
||||
''' put a book on a user's shelf '''
|
||||
|
@ -200,7 +197,6 @@ def shelve(request, shelf_id, book_id, reshelve=True):
|
|||
return redirect('/')
|
||||
|
||||
|
||||
@csrf_exempt
|
||||
@login_required
|
||||
def review(request):
|
||||
''' create a book review note '''
|
||||
|
@ -220,7 +216,6 @@ def review(request):
|
|||
return redirect(book_identifier)
|
||||
|
||||
|
||||
@csrf_exempt
|
||||
@login_required
|
||||
def follow(request):
|
||||
''' follow another user, here or abroad '''
|
||||
|
@ -232,7 +227,6 @@ def follow(request):
|
|||
return redirect('/user/%s' % to_follow.username)
|
||||
|
||||
|
||||
@csrf_exempt
|
||||
@login_required
|
||||
def unfollow(request):
|
||||
''' unfollow a user '''
|
||||
|
@ -243,7 +237,6 @@ def unfollow(request):
|
|||
return redirect('/user/%s' % followed.username)
|
||||
|
||||
|
||||
@csrf_exempt
|
||||
@login_required
|
||||
def search(request):
|
||||
''' that search bar up top '''
|
||||
|
|
Loading…
Reference in a new issue