Files
edx-platform/cms/templates/login.html
Régis Behmo c3c35f076c Fix csrf error on studio login
Context: We have witnessed multiple, seemingly random "CSRF verification
failed" errors while signing in (with valid ID) to the Studio.

Explanation: The login form does not initially include a CSRF field.
The CSRF header of the request is appended to the studio login request
headers by intercepting the form validation. This intercept is performed
by the login.js script. Unfortunately, the login.js script is loaded
pretty late (at the end of the template). So if the login form is
validated sufficiently fast, the login.js script has no time to load and
append the X-CSRFToken header to the request.

Proposed solution: the CSRF token is already passed to the template via
the login view, so we just add a hidden field to the login form to
include the csrf token.
2015-01-29 09:10:59 +01:00

71 lines
3.0 KiB
HTML

<%inherit file="base.html" />
<%def name="online_help_token()"><% return "login" %></%def>
<%!
from django.core.urlresolvers import reverse
from django.utils.translation import ugettext as _
%>
<%block name="title">${_("Sign In")}</%block>
<%block name="bodyclass">not-signedin view-signin</%block>
<%block name="content">
<div class="wrapper-content wrapper">
<section class="content">
<header>
<h1 class="title title-1">${_("Sign In to {studio_name}").format(studio_name=settings.STUDIO_NAME)}</h1>
<a href="${reverse('signup')}" class="action action-signin">${_("Don't have a {studio_name} Account? Sign up!").format(studio_name=settings.STUDIO_SHORT_NAME)}</a>
</header>
<article class="content-primary" role="main">
<form id="login_form" method="post" action="login_post">
<fieldset>
<legend class="sr">${_("Required Information to Sign In to {studio_name}").format(studio_name=settings.STUDIO_NAME)}</legend>
<input type="hidden" name="csrfmiddlewaretoken" value="${ csrf }" />
<ol class="list-input">
<li class="field text required" id="field-email">
<label for="email">${_("E-mail")}</label>
<input id="email" type="email" name="email" placeholder="${_('example: username@domain.com')}"/>
</li>
<li class="field text required" id="field-password">
<a href="${forgot_password_link}" class="action action-forgotpassword" tabindex="-1">${_("Forgot password?")}</a>
<label for="password">${_("Password")}</label>
<input id="password" type="password" name="password" />
</li>
</ol>
</fieldset>
<div class="form-actions">
<button type="submit" id="submit" name="submit" class="action action-primary">${_("Sign In to {studio_name}").format(studio_name=settings.STUDIO_NAME)}</button>
</div>
<!-- no honor code for CMS, but need it because we're using the lms student object -->
<input name="honor_code" type="checkbox" value="true" checked="true" hidden="true">
</form>
</article>
% if settings.TENDER_DOMAIN:
<aside class="content-supplementary" role="complementary">
<h2 class="sr">${_("{studio_name} Support").format(studio_name=settings.STUDIO_SHORT_NAME)}</h2>
<div class="bit">
<h3 class="title-3">${_("Need Help?")}</h3>
<p>${_('Having trouble with your account? Use {link_start}our support center{link_end} to look over self help steps, find solutions others have found to the same problem, or let us know of your issue.').format(
link_start='<a href="http://{domain}" rel="external">'.format(domain=settings.TENDER_DOMAIN),
link_end='</a>',
)}</p>
</div>
</aside>
% endif
</section>
</div>
</%block>
<%block name="requirejs">
require(["js/factories/login"], function(LoginFactory) {
LoginFactory("${reverse('homepage')}");
});
</%block>