# HG changeset patch
# User Thierry Florac <thierry.florac@onf.fr>
# Date 1513250373 -3600
# Node ID 44393819638c612a57a79ebc4e138d890ce3d164
# Parent  5b2886afb9d4fc00d95c9d8a44102768a7e5fdf7
Added CSRF token to login page

diff -r 5b2886afb9d4 -r 44393819638c src/pyams_security/views/login.py
--- a/src/pyams_security/views/login.py	Mon Dec 11 15:25:18 2017 +0100
+++ b/src/pyams_security/views/login.py	Thu Dec 14 12:19:33 2017 +0100
@@ -35,6 +35,7 @@
 from pyams_utils.text import text_to_html
 from pyams_utils.traversing import get_parent
 from pyams_viewlet.viewlet import viewlet_config, Viewlet
+from pyramid.csrf import new_csrf_token
 from pyramid.events import subscriber
 from pyramid.httpexceptions import HTTPFound
 from pyramid.response import Response
@@ -101,6 +102,10 @@
     ajax_handler = 'login.json'
     edit_permission = None
 
+    def update(self):
+        super(LoginForm, self).update()
+        new_csrf_token(self.request)
+
     def updateActions(self):
         super(LoginForm, self).updateActions()
         if 'login' in self.actions: