diff --git a/packages/hidp/hidp/accounts/forms.py b/packages/hidp/hidp/accounts/forms.py index 7061e642..925aa590 100644 --- a/packages/hidp/hidp/accounts/forms.py +++ b/packages/hidp/hidp/accounts/forms.py @@ -59,6 +59,21 @@ class Meta: model = UserModel fields = (UserModel.USERNAME_FIELD,) + def __init__(self, *args, request=None, **kwargs): + super().__init__(*args, **kwargs) + self.request = request + + def get_context(self): + context = super().get_context() + + # the request context processor does not add the request into form contexts + # manually add request into context for form templates to use + # (for example for csp nonce) + if self.request: + context["request"] = self.request + + return context + def _get_validation_exclusions(self): # Exclude email from model validation (unique constraint), # This will make the form valid even if the email is already in use. diff --git a/packages/hidp/hidp/accounts/views.py b/packages/hidp/hidp/accounts/views.py index d9588f62..160435be 100644 --- a/packages/hidp/hidp/accounts/views.py +++ b/packages/hidp/hidp/accounts/views.py @@ -71,6 +71,13 @@ def _build_provider_url_list( label=label or _("Sign up using {provider}"), ) + def get_form_kwargs(self): + kwargs = super().get_form_kwargs() + + # provide request object to form so it can be added to template context + kwargs["request"] = self.request + return kwargs + def get_context_data(self, **kwargs): login_url = resolve_url(settings.LOGIN_URL) + ( f"?{urlencode({'next': redirect_url})}" diff --git a/packages/hidp/hidp/csp/templatetags/csp_nonce.py b/packages/hidp/hidp/csp/templatetags/csp_nonce.py index 616534bf..8f32678b 100644 --- a/packages/hidp/hidp/csp/templatetags/csp_nonce.py +++ b/packages/hidp/hidp/csp/templatetags/csp_nonce.py @@ -5,4 +5,7 @@ @register.simple_tag(takes_context=True) def csp_nonce(context): - return getattr(context.request, "hidp_csp_nonce", None) + # if it's not an attribute on the context object, + # try looking for manually inserted request object + request = getattr(context, "request", None) or context["request"] + return getattr(request, "hidp_csp_nonce", None) diff --git a/packages/hidp/hidp/templates/hidp/accounts/forms/user_creation_form.html b/packages/hidp/hidp/templates/hidp/accounts/forms/user_creation_form.html index 40143548..889557cd 100644 --- a/packages/hidp/hidp/templates/hidp/accounts/forms/user_creation_form.html +++ b/packages/hidp/hidp/templates/hidp/accounts/forms/user_creation_form.html @@ -1 +1,107 @@ {% extends 'hidp/includes/forms/base_form.html' %} + +{% load csp_nonce %} + +{% block form %} + +{% comment %} +the following is a modified version of /django/forms/templates/django/forms/div.html +{% endcomment %} + + +{{ errors }} +{% if errors and not fields %} +
{% for field in hidden_fields %}{{ field }}{% endfor %}
+{% endif %} +{% for field, errors in fields %} +
+ {% if field.use_fieldset %} +
+ {% if field.label %}{{ field.legend_tag }}{% endif %} + {% else %} + {% if field.label %}{{ field.label_tag }}{% endif %} + {% endif %} + + {% if field.name == "password1" %} +
+ + {% comment %} inline svg so stroke can pick up the "currentColor" {% endcomment %} + + + + + + + + + +
{{ field.help_text|safe }}
+
+ + {% elif field.help_text %} +
{{ field.help_text|safe }}
+ {% endif %} + + {{ errors }} + {{ field }} +{% if field.use_fieldset %}
{% endif %} + {% if forloop.last %} + {% for field in hidden_fields %}{{ field }}{% endfor %} + {% endif %} +
+{% endfor %} +{% if not fields and not errors %} + {% for field in hidden_fields %}{{ field }}{% endfor %} +{% endif %} +{% endblock %} diff --git a/packages/hidp/hidp/templates/hidp/includes/forms/base_form.html b/packages/hidp/hidp/templates/hidp/includes/forms/base_form.html index 28c5c7df..75a58efb 100644 --- a/packages/hidp/hidp/templates/hidp/includes/forms/base_form.html +++ b/packages/hidp/hidp/templates/hidp/includes/forms/base_form.html @@ -1 +1,3 @@ -{% extends 'django/forms/div.html' %} +{% block form %} +{% include 'django/forms/div.html' %} +{% endblock form %}