astakos: Change auth provider remove HTTP method

Convert provider removal links to forms (using POST), in order to be able to remove GET from the remove view allowed HTTP methods. Refs #3793

astakos: Change auth provider remove HTTP method
Convert provider removal links to forms (using POST), in order to be able to remove GET from the remove view allowed HTTP methods. Refs #3793
f04ab603 · Olga Brani · 47bdd0a3 · f04ab603 · f04ab603 · f04ab603
Commit f04ab603 authored May 27, 2013 by Olga Brani
--- a/snf-astakos-app/astakos/im/static/im/css/modules.css
+++ b/snf-astakos-app/astakos/im/static/im/css/modules.css
@@ -595,6 +595,9 @@ form.withlabels.hidden-submit					{ margin-bottom:4em; }
 .auth_methods .assigned, 
 .auth_methods .notassigned						{ margin-bottom:40px; }
 .auth_methods .assigned span.details			{   color:grey; display:inline-block; max-width:400px;  vertical-align:middle; position:absolute; left:140px; top:13px;}
+.auth_methods .dialog-wrap form 				{ display: inline-block;}
+.auth_methods .dialog-wrap form input[type="submit"]	{ margin:0 20px 0 0;}
+.auth_methods .dialog-wrap form +.submit 		{ height:23px; position: relative;top:-1px;}
 #token-confirm									{ display:none; position:absolute; left:550px; top:-10px; }
 /* login section */
 .login-section {}

--- a/snf-astakos-app/astakos/im/templates/im/profile_auth_methods.html
+++ b/snf-astakos-app/astakos/im/templates/im/profile_auth_methods.html
@@ -30,10 +30,10 @@
                <p>Are you sure you want to change {{ userauthprovider.get_method_prompt_msg }}?</p> 
                {% endif %}
                {% if userauthprovider.get_remove_policy %}
-                <p><a href="{{ userauthprovider.get_remove_url }}"
-                  class="submit">Yes</a>
+                <form action="{{ userauthprovider.get_remove_url }}" method="post">{% csrf_token %}
+                  <input type="submit" value="YES" />
+                </form>  
                <a href="#" class="no submit">No</a>
-                </p>
                {% else %}
                <p><a href="{{ userauthprovider.get_switch_url }}"
                  class="submit">Yes</a>
@@ -77,10 +77,10 @@
              </span>
              <div class="dialog-wrap">
                <p>Are you sure you want to remove {{ userauthprovider.get_method_prompt_msg }}?</p> 
-                <p><a href="{{ userauthprovider.get_remove_url }}"
-                  class="submit">Yes</a>
+                <form action="{{ userauthprovider.get_remove_url }}" method="post">{% csrf_token %}
+                  <input type="submit" value="YES" />
+                </form>  
                <a href="#" class="no submit">No</a>
-                </p>
              </div>	
              {% else %}
              <a href="javascript:void(0);" class="noaction" 

--- a/snf-astakos-app/astakos/im/views/im.py
+++ b/snf-astakos-app/astakos/im/views/im.py
@@ -782,7 +782,7 @@ def resource_usage(request):


 # TODO: action only on POST and user should confirm the removal
-@require_http_methods(["GET", "POST"])
+@require_http_methods(["POST"])
 @cookie_fix
 @valid_astakos_user_required
 def remove_auth_provider(request, pk):