Added CSRF token to login page
authorThierry Florac <thierry.florac@onf.fr>
Thu, 14 Dec 2017 12:19:33 +0100
changeset 102 44393819638c
parent 101 5b2886afb9d4
child 103 cd0086f5b00b
Added CSRF token to login page
src/pyams_security/views/login.py
--- a/src/pyams_security/views/login.py	Mon Dec 11 15:25:18 2017 +0100
+++ b/src/pyams_security/views/login.py	Thu Dec 14 12:19:33 2017 +0100
@@ -35,6 +35,7 @@
 from pyams_utils.text import text_to_html
 from pyams_utils.traversing import get_parent
 from pyams_viewlet.viewlet import viewlet_config, Viewlet
+from pyramid.csrf import new_csrf_token
 from pyramid.events import subscriber
 from pyramid.httpexceptions import HTTPFound
 from pyramid.response import Response
@@ -101,6 +102,10 @@
     ajax_handler = 'login.json'
     edit_permission = None
 
+    def update(self):
+        super(LoginForm, self).update()
+        new_csrf_token(self.request)
+
     def updateActions(self):
         super(LoginForm, self).updateActions()
         if 'login' in self.actions: