Commit f04ab603 authored by Olga Brani's avatar Olga Brani
Browse files

astakos: Change auth provider remove HTTP method

Convert provider removal links to forms (using POST), in order to be able 
to remove GET from the remove view allowed HTTP methods.

Refs #3793
parent 47bdd0a3
......@@ -595,6 +595,9 @@ form.withlabels.hidden-submit { margin-bottom:4em; }
.auth_methods .assigned,
.auth_methods .notassigned { margin-bottom:40px; }
.auth_methods .assigned span.details { color:grey; display:inline-block; max-width:400px; vertical-align:middle; position:absolute; left:140px; top:13px;}
.auth_methods .dialog-wrap form { display: inline-block;}
.auth_methods .dialog-wrap form input[type="submit"] { margin:0 20px 0 0;}
.auth_methods .dialog-wrap form +.submit { height:23px; position: relative;top:-1px;}
#token-confirm { display:none; position:absolute; left:550px; top:-10px; }
/* login section */
.login-section {}
......
......@@ -30,10 +30,10 @@
<p>Are you sure you want to change {{ userauthprovider.get_method_prompt_msg }}?</p>
{% endif %}
{% if userauthprovider.get_remove_policy %}
<p><a href="{{ userauthprovider.get_remove_url }}"
class="submit">Yes</a>
<form action="{{ userauthprovider.get_remove_url }}" method="post">{% csrf_token %}
<input type="submit" value="YES" />
</form>
<a href="#" class="no submit">No</a>
</p>
{% else %}
<p><a href="{{ userauthprovider.get_switch_url }}"
class="submit">Yes</a>
......@@ -77,10 +77,10 @@
</span>
<div class="dialog-wrap">
<p>Are you sure you want to remove {{ userauthprovider.get_method_prompt_msg }}?</p>
<p><a href="{{ userauthprovider.get_remove_url }}"
class="submit">Yes</a>
<form action="{{ userauthprovider.get_remove_url }}" method="post">{% csrf_token %}
<input type="submit" value="YES" />
</form>
<a href="#" class="no submit">No</a>
</p>
</div>
{% else %}
<a href="javascript:void(0);" class="noaction"
......
......@@ -782,7 +782,7 @@ def resource_usage(request):
# TODO: action only on POST and user should confirm the removal
@require_http_methods(["GET", "POST"])
@require_http_methods(["POST"])
@cookie_fix
@valid_astakos_user_required
def remove_auth_provider(request, pk):
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment