TechQA.

Is there a way to renew an existing csrf_token in Django?

277 views Asked by At

Currently I have the following registration form in my django app and I am having problems when I try to reload the registration page, that is, whenever the user types an invalid username, email or password then he/she receives a message about the error but then if he/she types a valid username, email and password, I encounter a 403 Forbidden CSRF verification failed. Request aborted. I believe this happens because a pre-session token is created when the user incorrectly types invalid registration credentials and when new credentials are typed in then there's a mismatch between the new data and what's inside of the csrf_token, so I am thinking I need to destroy the previous created csrf_token and create a new one (please, correct me if I am wrong since most of this stuff is relatively new to me).

views.py

from django.shortcuts import render, redirect, render_to_response    
from .forms import UserRegisterForm
from django.contrib import messages

def register(request):
    form = UserRegisterForm(request.POST)
    if request.method == 'POST':
        if form.is_valid():
            form.save()
            username = form.cleaned_data.get('username')
            messages.success(request, f'Your account {username} has been successfully created!')
            return redirect('login')
        else:
            # display the errors when trying to submit your request
            return render_to_response('accounts/register.html', {'form':form})
    elif request.method == 'GET':    
        form = UserRegisterForm()
    return render(request, 'accounts/register.html', {'form': form})


# register.html
 {% block content %}

    {% if form.errors %}
    {% for field in form %}
        {% for error in field.errors %}
            <div class="alert alert-danger">
                <strong>{{ error|escape }}</strong>
            </div>
        {% endfor %}
    {% endfor %}

    {% for error in form.non_field_errors %}
        <div class="alert alert-danger">
            <strong>{{ error|escape }}</strong>
        </div>
    {% endfor %}
{% endif %}

{% load static %}

<div class="container"> 
<form method="POST"> {% csrf_token %}
    <div class="wrap-login">

        <div class="bar" >
            Email * <br />
            {{form.email}}
        </div>
        <br />

        <div class="bar">
            Username * <br />
            {{form.username}}
        </div>
        <br />

        <div class="bar">
            Password * <br />
            {{form.password1}}
        </div>
        <br />

        <div class="bar">
            Password confirmation * <br />
            {{form.password2}}
        </div>
        <br />

        <div class="form-group">
            <button class="btn btn-outline-info" type="submit">Sign Up</button>
        </div>

        <small class="text-muted">
            Already have an account?<a class="ml-2" href="/login">Log In</a>
        </small>
    </div>
</form>

How can I destroy the previous csrf_token and create a new one? For the record, if the user types in correct registration credentials and then he/she tries to log in, this process goes smoothly.

Any help or contribution to this problem will be greatly appreciated.

django authentication csrf django-csrf django-2.0
Original Q&A
0

There are 0 answers

Related Questions in DJANGO

Related Questions in AUTHENTICATION

Related Questions in CSRF

Related Questions in DJANGO-CSRF

Related Questions in DJANGO-2.0

Popular Questions

Trending Questions