0

I'm running a really basic django login app (I thought) based on the official docs and...it's still not working no matter what I'm doing, and I've been looking through every single question on StackOverflow and not finding the answer. I'm running django.VERSION 1.5.0.

Every single thing I add or do to the code, I still get a CSRF verification failed error.

Inside my portal/views.py:

@cache_page(60 * 15)
@csrf_protect
def index(request, id=None):
    return render_to_response('undercovercoders/index.html',     context_instance=RequestContext(request))

@cache_page(60 * 15)
def login_user(request):
    if request.POST:
        username = request.POST.get['username']
        password = request.POST.get['password']
        user = authenticate(username=username, password=password)
        if user is not None:
            if user.is_active:
                login(request, user)            
                state = "You're successfully logged in!"
            else:
                state = "Your account is not active, please contact the site admin."
        else:
            state = "Your username and/or password were incorrect."
    return render_to_response('undercovercoders/index.html', {'state':state, 'username':username}, context_instance=RequestContext(request))

Inside my portal/templates/index.html:

 <div id="login-box">
            {% if form.errors %} 
            <p>Your username and password didn't match! Please try again!</p>
            {% endif %}
            {{ state }}
            <form class="login-widgets" action="/login/" method="post">{% csrf_token %}
                Username : 
                <input class="login-widgets-text" type="text" name="username" value="{{ username }}" />
                {{ form.username }}<br />
                Password :
                <input type="password" name="password" value="{{ password }}" />
                {{ form.password }}<br />
                <input class="login-button" type="submit" value="login" />
                <input type="hidden" name="next" value="{{ next }}" />
            </form>

In my urls.py /login/ is defined with the following 

(r'^login/$', 'portal.views.login'),

My settings.py is the following:

MIDDLEWARE_CLASSES = (
    'django.middleware.common.CommonMiddleware',
    'django.contrib.sessions.middleware.SessionMiddleware',
    'django.middleware.csrf.CsrfViewMiddleware',
    'django.contrib.auth.middleware.AuthenticationMiddleware',
    'django.contrib.messages.middleware.MessageMiddleware',
    # Uncomment the next line for simple clickjacking protection:
    # 'django.middleware.clickjacking.XFrameOptionsMiddleware',
)

Please help, I've been wrestling with this error all evening.

EDIT: My console returns this to me when I added the changed to my render :

/Library/Python/2.7/site-packages/django/template/defaulttags.py:59: UserWarning: A {% csrf_token %} was used in a template, but the context did not provide the value.  This is usually caused by not using RequestContext.
  warnings.warn("A {% csrf_token %} was used in a template, but the context did not provide the value.  This is usually caused by not using RequestContext.")

[07/Aug/2013 21:44:25] "GET / HTTP/1.1" 200 2881
[07/Aug/2013 21:44:25] "GET /static/css/screen.css HTTP/1.1" 304 0
[07/Aug/2013 21:44:29] "POST /login/ HTTP/1.1" 403 2282
gersande
  • 465
  • 1
  • 8
  • 25
  • 1
    You wrote a custom login view, but then your url points to the built in django login view. So you might want to change that. Also look into including {% csrf_token %} in your html. – Zack Argyle Aug 08 '13 at 01:56
  • Thanks for looking through. The token is in the html. It doesn't matter if I change it to the custom, or use built-in, it doesn't work. – gersande Aug 08 '13 at 01:58
  • 1
    @csrf_exempt is a workaround, don't use it often tho – Bit68 Aug 08 '13 at 02:02
  • @Ibrahim You mean add @csrf_exempt? – gersande Aug 08 '13 at 02:03
  • import the csrf_exempt decorator from django.views.decorators.csrf import csrf_exempt and place the @csrf_exempt decorator before the "def login_user(request):" statement. – Bit68 Aug 08 '13 at 02:06
  • I'm still getting the 'CSRF cookie not set' error, even with the decorator. – gersande Aug 08 '13 at 02:08

1 Answers1

1

In your views

return render(request, 'template/index.html', {'state':state, 'username':username}, c)

you should do

return render(request, 'template/index.html', {'state':state, 'username':username})

Right now you are passing c in place of context_instance argument that forces the use of a RequestContext.

user710907
  • 762
  • 5
  • 12
  • I'm still getting the error. Should I be using context_instance instead of c ? – gersande Aug 08 '13 at 02:44
  • I just saw that you added {...} I'll put that in and see – gersande Aug 08 '13 at 02:50
  • The moment I added `from django.template import RequestContext` to views.py the error went away, and your edit worked. Brilliant. Thank you! – gersande Aug 08 '13 at 03:11
  • @gersande it should have worked with render you shouldn't have to change it to render_to_response as render adds RequestContext you don't have to explicitly add it unless you are trying to provide 'context_instance' in your kwargs – user710907 Aug 08 '13 at 05:04