mirror of
https://github.com/wassname/flask-security.git
synced 2026-07-16 01:20:15 +08:00
Fix CSRF functionality for LoginForm
The login form was not respecting csrf validation. I've adjusted the tests as well to always send a CSRF token along. This now requires all requests to pass a csrf token. If performing plain AJAX requests the token will have to be extracted from the form in some way. Fixes #86
This commit is contained in:
@@ -45,10 +45,7 @@ def valid_user_email(form, field):
|
||||
class Form(BaseForm):
|
||||
def __init__(self, *args, **kwargs):
|
||||
if current_app.testing:
|
||||
csrf_enabled = False
|
||||
else:
|
||||
csrf_enabled = request.json is None
|
||||
kwargs.setdefault('csrf_enabled', csrf_enabled)
|
||||
self.TIME_LIMIT = None
|
||||
super(Form, self).__init__(*args, **kwargs)
|
||||
|
||||
|
||||
@@ -83,6 +80,7 @@ class NewPasswordFormMixin():
|
||||
validators=[password_required,
|
||||
Length(min=6, max=128)])
|
||||
|
||||
|
||||
class PasswordConfirmFormMixin():
|
||||
password_confirm = PasswordField("Retype Password",
|
||||
validators=[EqualTo('password', message="Passwords do not match")])
|
||||
@@ -147,6 +145,7 @@ class PasswordlessLoginForm(Form, UserEmailFormMixin):
|
||||
|
||||
class LoginForm(Form, NextFormMixin):
|
||||
"""The default login form"""
|
||||
|
||||
email = TextField('Email Address')
|
||||
password = PasswordField('Password')
|
||||
remember = BooleanField("Remember Me")
|
||||
@@ -156,7 +155,8 @@ class LoginForm(Form, NextFormMixin):
|
||||
super(LoginForm, self).__init__(*args, **kwargs)
|
||||
|
||||
def validate(self):
|
||||
super(LoginForm, self).validate()
|
||||
if not super(LoginForm, self).validate():
|
||||
return False
|
||||
|
||||
if self.email.data.strip() == '':
|
||||
self.email.errors.append('Email not provided')
|
||||
@@ -187,6 +187,7 @@ class ConfirmRegisterForm(Form, RegisterFormMixin,
|
||||
UniqueEmailFormMixin, NewPasswordFormMixin):
|
||||
pass
|
||||
|
||||
|
||||
class RegisterForm(ConfirmRegisterForm, PasswordConfirmFormMixin):
|
||||
pass
|
||||
|
||||
|
||||
Reference in New Issue
Block a user