From c30a0cdf867494d6fca9d12d8f3e3c85f6646fb1 Mon Sep 17 00:00:00 2001 From: Yohann D'ANELLO Date: Mon, 13 Jul 2020 20:29:05 +0200 Subject: [PATCH] :see_no_evil: Don't send any password to admins while registering --- apps/member/views.py | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/apps/member/views.py b/apps/member/views.py index 702dc9c..cebde40 100644 --- a/apps/member/views.py +++ b/apps/member/views.py @@ -8,8 +8,10 @@ from django.http import FileResponse, Http404 from django.shortcuts import redirect from django.urls import reverse_lazy from django.utils import timezone +from django.utils.decorators import method_decorator from django.utils.translation import gettext_lazy as _ from django.views import View +from django.views.decorators.debug import sensitive_post_parameters from django.views.generic import CreateView, UpdateView, DetailView, FormView from django_tables2 import SingleTableView from tournament.forms import TeamForm, JoinTeam @@ -29,6 +31,14 @@ class CreateUserView(CreateView): form_class = SignUpForm template_name = "registration/signup.html" + # When errors are reported from the signup view, don't send passwords to admins + @method_decorator(sensitive_post_parameters('password1', 'password2',)) + def dispatch(self, request, *args, **kwargs): + return super().dispatch(request, *args, **kwargs) + + def get_success_url(self): + return reverse_lazy('index') + class MyAccountView(LoginRequiredMixin, UpdateView): """