Added cookie check with nice error message

2026-01-17 05:22:16 +00:00 · 2016-10-09 10:32:58 +01:00
parent 5949ff74ec
commit 2d5f768523
3 changed files with 30 additions and 17 deletions
--- a/RIGS/views.py
+++ b/RIGS/views.py
@@ -12,6 +12,8 @@ from django.contrib import messages
 import datetime, pytz
 import operator
 from registration.views import RegistrationView
+from django.views.decorators.csrf import csrf_exempt
+

 from RIGS import models, forms

@@ -29,21 +31,37 @@ class Index(generic.TemplateView):
 def login(request, **kwargs):
    if request.user.is_authenticated():
        next = request.REQUEST.get('next', '/')
-        return HttpResponseRedirect(request.REQUEST.get('next', '/'))
+        return HttpResponseRedirect(next)
    else:
        from django.contrib.auth.views import login

        return login(request)

+
+# This view should be exempt from requiring CSRF token.
+# Then we can check for it and show a nice error
+# Don't worry, django.contrib.auth.views.login will
+# check for it before logging  the user in
+@csrf_exempt
 def login_embed(request, **kwargs):
+    print("Running LOGIN")
    if request.user.is_authenticated():
        next = request.REQUEST.get('next', '/')
-        return HttpResponseRedirect(request.REQUEST.get('next', '/'))
+        return HttpResponseRedirect(next)
    else:
        from django.contrib.auth.views import login

+        if request.method == "POST":
+            csrf_cookie = request.COOKIES.get('csrftoken', None)
+
+            if csrf_cookie is None:
+                messages.warning(request, 'Cookies do not seem to be enabled. Try logging in using a new tab.')
+                request.method = 'GET'  # Render the page without trying to login
+
        return login(request, template_name="registration/login_embed.html")

+
+
 """
 Called from a modal window (e.g. when an item is submitted to an event/invoice).
 May optionally also include some javascript in a success message to cause a load of
--- a/templates/base_embed.html
+++ b/templates/base_embed.html
@@ -28,6 +28,16 @@

 <div class="embed_container">
    <div class="container-fluid">
+        {% if messages %}
+            {% for message in messages %}
+                <div class="alert alert-{{ message.level_tag }} alert-dismissible" role="alert">
+                    <button type="button" class="close" data-dismiss="alert" aria-label="Close"><span
+                            aria-hidden="true">&times;</span></button>
+                    {{ message }}
+                </div>
+            {% endfor %}
+        {% endif %}
+
        {% block content %}
        {% endblock %}
    </div>
--- a/templates/registration/login_embed.html
+++ b/templates/registration/login_embed.html
@@ -3,18 +3,6 @@

 {% block title %}Login{% endblock %}

-{% block js %}
-    <script>
-        $(document).ready(function(){
-            console.log("Cookies Enabled: " + navigator.cookieEnabled)
-            if(!navigator.cookieEnabled){
-                $('#loginForm').prop("target", "_blank");
-                $('#cookieWarning').removeClass('hidden');
-            }   
-        });
-    </script>
-{% endblock %}
-
 {% block content %}
 <div class="text-center">
 <h1>R<small>ig</small> I<small>nformation</small> G<small>athering</small> S<small>ystem</small></h1>
@@ -36,9 +24,6 @@
            {% render_field form.password class+="form-control" placeholder=form.password.label %}
        </div>
        <div class="text-right">
-            <span id="cookieWarning" class="text-warning hidden">
-              Login will happen in new tab (cookies blocked)
-            </span>
            <input type="submit" value="Login" class="btn btn-primary"/>
        </div>
        <input type="hidden" name="next" value="{{ next }}"/>