Skip to content
Snippets Groups Projects
Commit de88df54 authored by Ben Adida's avatar Ben Adida
Browse files

fixed iacr csrf, upgraded booth to be multi-question able

parent 2f76151a
No related branches found
No related tags found
No related merge requests found
heliosbooth @ baec08ec
Subproject commit ee91b5c4d921848f00f064202b453147fea85f6e
Subproject commit baec08ec0005b3f6e515de3d6c7c8483a265e974
......@@ -22,5 +22,9 @@ def render_template(request, template_name, vars = {}):
vars_with_user['user'] = get_user(request)
vars_with_user['settings'] = settings
# csrf protection
if request.session.has_key('csrf_token'):
vars_with_user['csrf_token'] = request.session['csrf_token']
return render_to_response('iacr/templates/%s.html' % template_name, vars_with_user)
......@@ -9,12 +9,15 @@ from view_utils import *
import helios.views
import helios
from helios.crypto import utils as cryptoutils
from auth.security import *
from django.core.urlresolvers import reverse
from django.http import HttpResponse, HttpResponseRedirect, Http404, HttpResponseNotAllowed
ELECTION_SHORT_NAME = 'iacr09'
def get_election():
return Election.get_by_key_name(ELECTION_SHORT_NAME)
......@@ -66,6 +69,8 @@ def cast_confirm(request):
else:
form = LoginForm(request.POST)
check_csrf(request)
if form.is_valid():
user = User.get_by_type_and_id('password', form.cleaned_data['username'])
if password_check(user, form.cleaned_data['password']):
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment