Enable CSRF protection

- CSRF is enabled by default for login form
- This commit resolves issue #34
master
Guilherme M. Trein 9 years ago
parent 8e8469e217
commit 8577dc7fd6
  1. 3
      {{cookiecutter.app_name}}/{{cookiecutter.app_name}}/app.py
  2. 2
      {{cookiecutter.app_name}}/{{cookiecutter.app_name}}/extensions.py
  3. 2
      {{cookiecutter.app_name}}/{{cookiecutter.app_name}}/templates/nav.html

@ -4,7 +4,7 @@ from flask import Flask, render_template
from {{cookiecutter.app_name}} import public, user from {{cookiecutter.app_name}} import public, user
from {{cookiecutter.app_name}}.assets import assets from {{cookiecutter.app_name}}.assets import assets
from {{cookiecutter.app_name}}.extensions import bcrypt, cache, db, debug_toolbar, login_manager, migrate from {{cookiecutter.app_name}}.extensions import bcrypt, cache, db, debug_toolbar, csrf_protect, login_manager, migrate
from {{cookiecutter.app_name}}.settings import ProdConfig from {{cookiecutter.app_name}}.settings import ProdConfig
@ -27,6 +27,7 @@ def register_extensions(app):
bcrypt.init_app(app) bcrypt.init_app(app)
cache.init_app(app) cache.init_app(app)
db.init_app(app) db.init_app(app)
csrf_protect.init_app(app)
login_manager.init_app(app) login_manager.init_app(app)
debug_toolbar.init_app(app) debug_toolbar.init_app(app)
migrate.init_app(app, db) migrate.init_app(app, db)

@ -3,11 +3,13 @@
from flask_bcrypt import Bcrypt from flask_bcrypt import Bcrypt
from flask_cache import Cache from flask_cache import Cache
from flask_debugtoolbar import DebugToolbarExtension from flask_debugtoolbar import DebugToolbarExtension
from flask_wtf.csrf import CsrfProtect
from flask_login import LoginManager from flask_login import LoginManager
from flask_migrate import Migrate from flask_migrate import Migrate
from flask_sqlalchemy import SQLAlchemy from flask_sqlalchemy import SQLAlchemy
bcrypt = Bcrypt() bcrypt = Bcrypt()
csrf_protect = CsrfProtect()
login_manager = LoginManager() login_manager = LoginManager()
db = SQLAlchemy() db = SQLAlchemy()
migrate = Migrate() migrate = Migrate()

@ -35,7 +35,7 @@
<li><a href="{{ url_for('public.register') }}">Create account</a></li> <li><a href="{{ url_for('public.register') }}">Create account</a></li>
</ul> </ul>
<form id="loginForm" method="POST" class="navbar-form form-inline navbar-right" action="/" role="login"> <form id="loginForm" method="POST" class="navbar-form form-inline navbar-right" action="/" role="login">
{{ form.hidden_tag() }} <input type="hidden" name="csrf_token" value="{{ csrf_token() }}"/>
<div class="form-group"> <div class="form-group">
{{ form.username(placeholder="Username", class_="form-control") }} {{ form.username(placeholder="Username", class_="form-control") }}
{{ form.password(placeholder="Password", class_="form-control") }} {{ form.password(placeholder="Password", class_="form-control") }}

Loading…
Cancel
Save