add django csrf token to angular 5 form - django

im working on django-angular5 project i have a login form in angular how should i add csrf token to my form ? without what i get this error
i searched same topic but people are using angular js that will not help me
(i ng build angular app and im using static files)
Forbidden (403)
CSRF verification failed. Request aborted.
Help
Reason given for failure:
CSRF token missing or incorrect.
it is my simple form for login in home.compoenent.html
<form method="post">
<div class="input-field col s6">
<input id="first_name" type="text" name="username" class="validate">
<label for="first_name">نام کاربری</label>
</div>
<div class="input-field col s6">
<input id="first_name" type="password" name="password" class="validate">
<label for="first_name">کلمه عبور</label>
</div>
<input type="submit" class="waves-effect waves-light btn" value="login"/>
<input type="hidden" name="next" value="{{ next }}"/>
</form>

in your form you should just add {% csrf_token %}
you'll have something like this :
<form method="post">
{% csrf_token %}
<div class="input-field col s6">
<input id="first_name" type="text" name="username" class="validate">
<label for="first_name">نام کاربری</label>
</div>
<div class="input-field col s6">
<input id="first_name" type="password" name="password" class="validate">
<label for="first_name">کلمه عبور</label>
</div>
<input type="submit" class="waves-effect waves-light btn" value="login"/>
<input type="hidden" name="next" value="{{ next }}"/>
</form>

Related

Bootstrap not allows to post data from html in django

{% csrf_token %}
User name
</div>
<div class="form-group">
<label class="form-label" for="form2Example2">Password</label>
<input type="password" id="form2Example2" class="form-control" name="password" required/>
</div>
<button type="button" class="btn btn-primary btn-block mb-4">Sign in</button>
i try to post data like email id and password in post method , but it sent through get method . I think there may be problem with bootstrap. can u tell me what are the modifications to be done in the bootstrap for post data method.
thanks
If you want to send it as post, then use button type: "submit". Also you might need form section, if you don't have it. Like this:
<form method="POST">
{% csrf_token %}
<div class="form-group">
(...)
</div>
<button type="submit" class="btn btn-primary btn-block mb-4">Sign in</button>
</form>
You need to add method = "POST" with {% csrf_token %} and submit button
<form method="POST">
{% csrf_token %}
<div class="form-group">
<label>Email address</label>
<input type="email" class="form-control">
</div>
<div class="form-group">
<label>Password</label>
<input type="password" class="form-control">
</div>
<button type="submit" class="btn btn-primary">Signin</button>
</form>

How to catch errors from form in Django?

I have a collapse div with login/sign-up forms. How I can catch errors if they are and show them on page?
My form in html:
<form method="post" action="{% url 'login' %}">
{% csrf_token %}
<p><label for="id_username">Username:</label> <input
id="id_username" type="text" name="username" maxlength="30" /></p>
<p><label for="id_password">Password:</label> <input
type="password" name="password" id="id_password" /></p>
<input type="submit" value="Log in" />
<input type="hidden" name="next" value="{{ request.get_full_path }}"
/>
</form>
Dude use the inbuilt login, it offers you with encryption of password. the method your using is little messy i would recommend to go with django inbuilt authentication. here's the link,
https://simpleisbetterthancomplex.com/tutorial/2016/06/27/how-to-use-djangos-built-in-login-system.html

Django allauth override default template with custom template

I'm currently trying to override a Django allauth template. So far, I followed all the recommendations on similar questions to mine:
overriding default templates of django-allauth
How to override template in django-allauth?
However, my goal is just change the default Django allauth without making new views or forms. (In previous projects I used to override the default forms constructor classes with the helper of Django Crispy Forms which is not possible in this particular case.)
I believe there is a way to ignore the {{form}} variable and just define a working form from scratch. Currently, I have my template being successfully being displayed when I navigate to 'account_login'. However, when I press Sign In nothing happens.
Here is my myapp/templates/account/login.html file:
{% extends 'base.html' %}
{% load staticfiles %}
{% block title %}
Sign In to {{ SITE_NAME }}
{% endblock %}
{% block body %}
<div class="centered">
<img class="logo" src={% static 'imgs/logo.png' %} alt="" width="100" height="100">
<form id="login_form" class="form-signin" method="post" action="{% url 'account_login'%}">
{% csrf_token %}
<label for="inputLogin" class="sr-only">Email address or Username</label>
<input type="text" id="login" class="form-control" placeholder="Email or Username" required autofocus>
<label for="inputPassword" class="sr-only">Password</label>
<input type="password" id="password" class="form-control" placeholder="Password" required>
<div class="note mb-3">
<label>
<input type="checkbox" value="remember" id="remember"> Remember me
</label>
</div>
<button class="btn btn-lg btn-primary btn-block" type="submit">Sign in</button>
<div class="note mb-3 text-center">
<p>Forgot? Retrieve your login.</p>
<p>Not registered? <a href={% url 'account_signup'%}>Sign Up!</a></p>
</div>
</form>
</div>
{% endblock %}
Yes, you can customize it the way you want. It is rather simple.
When you use {{ form.as_p }} the page renders the form. And if you inspect the form you will notice that the page rendered the following form:
notice the id="" and the name="" you have to name it the exact same.
With that your code should look like this:
<form id="login_form" class="form-signin" method="post" action="{% url 'account_login'%}">
{% csrf_token %}
<label for="inputLogin" class="sr-only">Email address or Username</label>
<input type="text" name="login" id="id_login" class="form-control" placeholder="Email or Username" required autofocus>
<label for="inputPassword" class="sr-only">Password</label>
<input type="password" name="password" id="id_password" class="form-control" placeholder="Password" required>
<div class="note mb-3">
<label>
<input type="checkbox" name="remember" value="remember" id="id_remember"> Remember me
</label>
</div>
<button class="btn btn-lg btn-primary btn-block" type="submit">Sign in</button>
<div class="note mb-3 text-center">
<p>Forgot? Retrieve your login.</p>
<p>Not registered? <a href={% url 'account_signup'%}>Sign Up!</a></p>
</div>
</form>
And you should be good to go.

How to show error messages in a custom signup template in Django

I'm trying to show error message in my custom signup template. Just to verify my below codes work, I used the {{ form.as_table }} and it shows error message properly. However, when I use my custom signup template, it doesn't show any error message when I cause an error on purpose on the signup form.
HTML
<form class="form-signin" method="POST">
{% csrf_token %}
<div class="container">
<div class="jumbotron">
<a class="navbar-brand js-scroll-trigger" href="{% url 'boutique:index' %}"><img width="165" height="30" src="{% static 'boutique/img/modvisor_logo_black.png' %}"></a>
<br><br>
<div class="text-center mb-4">
<h1 class="h3 mb-3 font-weight-normal">Join Modvisor</h1>
<p class="error-message">
{% if form.non_field_errors %}
{% for error in form.non_field_errors %}
{{ error }}
{% endfor %}
{% endif %}
</p>
</div>
<div class="form-label-group">
<input type="text" id="inputEmail" class="form-control" name="username" placeholder="Email address" required autofocus>
<label for="inputEmail">Email</label>
</div>
<div class="form-label-group">
<input type="password" id="inputPassword1" class="form-control" name="password1" placeholder="Password" required>
<label for="inputPassword">Password</label>
</div>
<div class="form-label-group">
<input type="password" id="inputPassword2" class="form-control" name="password2" placeholder="Password" required>
<label for="inputPassword">Confirm Password</label>
</div>
<!--
<div class="form-label-group">
<input type="password" id="inputPassword" class="form-control" name="password2" placeholder="Password" required>
<label for="inputPassword">Confirm Password</label>
</div>
<div class="checkbox mb-3">
<label>
<input type="checkbox" value="remember-me"> Remember me
</label>
</div>
-->
<button class="btn btn-success btn-block" type="submit">Sign Up</button>
<br>
<button class="btn btn-secondary btn-block" type="button">Back</button>
<p class="mt-5 mb-3 text-muted text-center">© 2018 Modvisor All Rights Reserved.</p></p>
</div>
</div>
</form>
forms.py
class SignupForm(UserCreationForm):
class Meta(UserCreationForm.Meta):
fields = UserCreationForm.Meta.fields
views.py
def signup(request):
if request.method == 'POST':
form = SignupForm(request.POST)
if form.is_valid():
form.save()
return redirect(settings.LOGIN_URL)
else:
form = SignupForm()
return render(request, 'accounts/register.html', {'form': form})
You should use form.errors.field_name for errors related to specific field. Like for error on username field, it will be form.errors.username
You HTML will look like
<div class='error'>{{form.errors.username}}</div>
<div class="form-label-group">
<input type="text" id="inputEmail" class="form-control" name="username" placeholder="Email address" required autofocus>
<label for="inputEmail">Email</label>
</div>

django allauth: redirecting for invalid passwords

I have a custom page which calls allauth signup view (custom_passcheck.html)
<form action="{% url 'account_signup' %}" method="post" class="form">
{% csrf_token %}
<BR>
<BR>
<BR>
<center>
<div class=signuponepage>
<div class=sign-up>
<div class=signup-box>
<div class="form-element email-address">
<label id="email-address-label">
<strong>
Create a password (it must be 6 characters long)
</strong>
<input type="hidden" name="username" value="{{ pemail }}">
<input type="hidden" name="email" value="{{ email }}">
<input type="text" maxlength="19" name="password1" value="" placeholder="Password">
<input type="text" maxlength="19" name="password2" value="" placeholder="Password (again)">
</label>
</div>
<div class="form-element nextstep-button">
{% buttons %}
<button type="submit" class="btn btn-primary btn-sm">
Finish {% bootstrap_icon "chevron-right" %}
</button>
{% endbuttons %}
</div>
</div>
</div>
</div>
</center>
</form>
Now, if a user puts in password less than 6 chars, it will raise an error and redirect the user to allauth signup page (/account/signup)
Question: instead of redirecting to (/account/signup), how can i redirect to the custom page (custom_passcheck.html) while preserving POST data