-
Notifications
You must be signed in to change notification settings - Fork 22
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Email lockdown #19
Email lockdown #19
Conversation
Tested this with my |
While this technically works, I'm concerned about the silent failure if non-Mozillians attempt to log in. I feel like we need some way to convey "you're not logged in but that's expected". Thoughts? |
fair enough - rather than a redirect to |
Or maybe a query param so that users can still get to the same page when merged with #25? |
oh that's a good idea! |
Updated the PR so that it now does a callback with a |
@@ -21,8 +21,8 @@ def post_validate(request): | |||
nonce = False | |||
|
|||
if request.data: | |||
csrf_token = request.data['csrfmiddlewaretoken'] | |||
nonce = request.data['nonce'] | |||
csrf_token = request.data.get('csrfmiddlewaretoken', False) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Using .get
allows a default? Is this just python behavior?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
yeah, it's a property of Python's dictionaries. You can either do direct access with array notation, or you can use get
with a fallback, https://docs.python.org/2/library/stdtypes.html#dict.get
fixes #16