mirror of
git://git.yoctoproject.org/layerindex-web.git
synced 2025-07-19 12:29:02 +02:00
23194fc5d4
Extend and override the default views so we can extend and override the default forms to add a CAPTCHA field. This should prevent the automated account creation requests we've been seeing on layers.openembedded.org (luckily failing anyway due to bad domain names), but in any case this also improves security by making it harder to do user enumeration. For the registration page in particular, because Django's forms logic tries to be helpful by showing all errors at once, we need to change it so that if there's an error for the CAPTCHA then you only see that error and no other - in particular you won't see "that username already exists" if that is the case. Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
17 lines
776 B
Python
17 lines
776 B
Python
# layerindex-web - extended authentication forms
|
|
#
|
|
# Copyright (C) 2018 Intel Corporation
|
|
#
|
|
# Licensed under the MIT license, see COPYING.MIT for details
|
|
|
|
from captcha.fields import CaptchaField
|
|
from registration.forms import RegistrationForm
|
|
from django.contrib.auth.forms import PasswordResetForm
|
|
|
|
|
|
class CaptchaRegistrationForm(RegistrationForm):
|
|
captcha = CaptchaField(label='Verification', help_text='Please enter the letters displayed for verification purposes', error_messages={'invalid':'Incorrect entry, please try again'})
|
|
|
|
class CaptchaPasswordResetForm(PasswordResetForm):
|
|
captcha = CaptchaField(label='Verification', help_text='Please enter the letters displayed for verification purposes', error_messages={'invalid':'Incorrect entry, please try again'})
|