Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
S
S
Sergey Nizhny Novgorod2016-01-13 06:15:30
Django
Sergey Nizhny Novgorod, 2016-01-13 06:15:30

How to handle csrf_token?

Guys, hello everyone.
Problem: the form returns {% csrf_token %}, but the view cannot accept it and process it.
The form itself

{% block login1 %}
    <div class="large-offset-3 large-6 columns">
    <form action="/auth/login/" method="post">
      {% csrf_token %}
      <label for="username">Имя пользователя</label>
      <input type="text" name="username" id="username">
      <label for="password">Пароль</label>
      <input type="password" name="password" id="password">
      {% if login_error %}
          <label class="error">{{ login_error }}</label>
      {% endif %}
        <input class="button" type="submit" value="Войти">
    </form>
  </div>
{% endblock %}

The view itself - took the method from the net
def login(request):
    args = {}
    args.update(csrf(request))
    if request.POST:
        username = request.POST.get('username', '')
        password = request.POST.get('password', '')
        user = auth.authenticate(username=username, password=password)
        if user is not None:
            auth.login(request, user)
            return redirect('/')
        else:
            args['login_error'] = "Пользователь не найден"
            return render_to_response('login.html', args)
    else:
        return render_to_response('login.html', args)

As a result, an error appears that there is no token, or it is broken. If, for example, I close the view with the @csrf_exempt decorator (turning off the token), then the form itself works out with a bang. Tell me, plz.
Plus, there is a problem with such a view too (I also don’t know how to process the token):
def addcomment(request, step_id):
    # args = {}
    # args.update(csrf(request))
    if request.POST and ('stop_comment' not in request.session):
        mentionn = Step(id=step_id)
        mention_text = request.POST.get('mention_text', '')
        mention_digit = request.POST.get('mention_digit', '')
        mentionn_obj = Mention(mentionn=mentionn, mention_text=mention_text, mention_digit=mention_digit)
        mentionn_obj.save()
        request.session.set_expiry(864000) #Блок функции сессией на 10 дней.
        request.session['stop_comment'] = True
    return redirect('/step'+ step_id)

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

2 answer(s)
Report
V
Vladimir, 2016-01-13
@vintello

because that's not how they work with forms in jung. You don't need to reinvent your bike. it is already thought up and well integrated.
here there is not boring documentation, but a live example - tutorial.djangogirls.org/ru/django_forms/index.html

Report
Z
zelsky, 2016-01-13
@zelsky

Add if incorrect

def register_user(request):
    if request.method == 'POST':
        form = MyRegistrationForm(request.POST)     # create form object
        if form.is_valid():
            form.save()
            return HttpResponseRedirect('/register/')
        else:
            print (form.errors)
    args = {}
    args.update(csrf(request))
    args['form'] = MyRegistrationForm()
    print (args)
    return render(request, 'register.html', args)

Similar questions
A
Artur Zenkov2016-03-26 14:04:40
How to pass dictionary to message? 1Reply
0
0ldn0mad2020-07-29 14:15:03
What's wrong with Django routes? 2Reply
F
Feraun2020-07-29 22:51:55
About adding images to a django site? 2Reply
H
howuu2018-08-20 10:30:57
Django battle wysiwyg? 2Reply
B
Bobsans2018-08-21 02:30:04
Can you help me convert PostgreSQL query to DjangoORM syntax? 0Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question