from django.contrib.auth import authenticate
from django.contrib import messages
from django.utils.translation import ugettext as _
+from django.views.decorators.csrf import csrf_exempt
+from django.views.decorators.http import require_http_methods
-from astakos.im.util import prepare_response
+from astakos.im.util import prepare_response, get_query
from astakos.im.views import requires_anonymous
from astakos.im.models import AstakosUser
from astakos.im.forms import LoginForm
retries = RATELIMIT_RETRIES_ALLOWED-1
rate = str(retries)+'/m'
+@require_http_methods(["GET", "POST"])
+@csrf_exempt
@requires_anonymous
@ratelimit(field='username', method='POST', rate=rate)
def login(request, on_failure='im/login.html'):
"""
was_limited = getattr(request, 'limited', False)
form = LoginForm(data=request.POST, was_limited=was_limited, request=request)
- next = request.POST.get('next')
+ next = get_query(request).get('next', '')
if not form.is_valid():
return render_to_response(on_failure,
{'login_form':form,