Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Render CSRF token info in form content #3056

Merged
merged 4 commits into from
Oct 2, 2024

Conversation

podliashanyk
Copy link
Contributor

@podliashanyk podliashanyk commented Sep 30, 2024

For #3055

This is to match the crispy forms behaviour in NAV 1:1. Ref https://github.com/django-crispy-forms/django-crispy-forms/blob/baf94397a011b3f15a9899097234caa68b86a65e/crispy_forms/templates/uni_form/whole_uni_form.html#L2 where csrf_token is always included in POST-forms since in NAV we never set disable_csrf to True in code or context.

@podliashanyk podliashanyk requested a review from a team September 30, 2024 14:36
@podliashanyk podliashanyk self-assigned this Sep 30, 2024
Copy link

github-actions bot commented Sep 30, 2024

🦙 MegaLinter status: ✅ SUCCESS

Descriptor Linter Files Fixed Errors Elapsed time
✅ PYTHON black 992 0 11.42s
✅ PYTHON ruff 987 0 0.1s

See detailed report in MegaLinter reports

MegaLinter is graciously provided by OX Security

Copy link

github-actions bot commented Sep 30, 2024

Test results

    9 files      9 suites   8m 24s ⏱️
2 136 tests 2 136 ✅ 0 💤 0 ❌
4 011 runs  4 011 ✅ 0 💤 0 ❌

Results for commit f0f0b1e.

♻️ This comment has been updated with latest results.

Copy link

codecov bot commented Sep 30, 2024

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 60.47%. Comparing base (a7246a2) to head (f0f0b1e).
Report is 366 commits behind head on master.

Additional details and impacted files
@@           Coverage Diff           @@
##           master    #3056   +/-   ##
=======================================
  Coverage   60.47%   60.47%           
=======================================
  Files         605      605           
  Lines       43823    43823           
  Branches       48       48           
=======================================
  Hits        26504    26504           
  Misses      17307    17307           
  Partials       12       12           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@hmpf hmpf self-requested a review October 1, 2024 09:12
Copy link
Contributor

@hmpf hmpf left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Needs a changelog because if we turn TEMPLATE_DEBUG on without already having the token in context there will be a lot of exceptions.

@podliashanyk
Copy link
Contributor Author

Needs a changelog because if we turn TEMPLATE_DEBUG on without already having the token in context there will be a lot of exceptions.

Was on my way to add a changelog entry but then realised that this one is a pure refactor. We preserve the behaviour that crispy already provides. Or am I missing something @hmpf?

@hmpf
Copy link
Contributor

hmpf commented Oct 1, 2024

Have you tried with crispy on and TEMPLATE_DEBUG on? If that doesn't lead to noise we're (hopefully) good.

@podliashanyk
Copy link
Contributor Author

Have you tried with crispy on and TEMPLATE_DEBUG on? If that doesn't lead to noise we're (hopefully) good.

What do you mean by "with crispy on"?
Is adding TEMPLATE_DEBUG=True in python/nav/etc/nav.conf enough to turn it on?

@hmpf
Copy link
Contributor

hmpf commented Oct 1, 2024

What do you mean by "with crispy on"?

Try a NAV prior to the uncrispyfying code.

Is adding TEMPLATE_DEBUG=True in python/nav/etc/nav.conf enough to turn it on?

Should be!

@podliashanyk
Copy link
Contributor Author

podliashanyk commented Oct 1, 2024

What do you mean by "with crispy on"?

Try a NAV prior to the uncrispyfying code.

Is adding TEMPLATE_DEBUG=True in python/nav/etc/nav.conf enough to turn it on?

Should be!

Ok, have checked. No exceptions in the browser, or in docker containers. But I guess it doesn't hurt to add a (temporary) changelog fragment.

In order to completely match crispy's original implementation
@podliashanyk podliashanyk force-pushed the add-csrf-token-to-non-crispy-forms branch from 15629a9 to d636a61 Compare October 1, 2024 13:34
@podliashanyk podliashanyk requested review from hmpf, johannaengland and a team October 1, 2024 13:53
@@ -0,0 +1 @@
Ensured that CSRF token info is preserved when refactoring crispy forms to non-crispy equivalents. This means that `flat_form.html` and `_form_content.html` templates will include CSRF token info if form method is set to `POST`.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good changelog, means it will be easy to find where it has been set!

Copy link

sonarqubecloud bot commented Oct 2, 2024

Copy link
Contributor

@stveit stveit left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Seems good, tested before and after and POST data now includes a csrfmiddlewaretoken, same as crispyforms do

@podliashanyk podliashanyk merged commit 1de8f59 into master Oct 2, 2024
14 checks passed
@podliashanyk podliashanyk deleted the add-csrf-token-to-non-crispy-forms branch October 2, 2024 11:50
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants