From 721b1413c46c8fa4d7a4ce09f3cd956096c845d2 Mon Sep 17 00:00:00 2001
From: =?utf8?q?Mat=C3=ADas=20Aguirre?= <matiasaguirre@gmail.com>
Date: Sun, 17 Jul 2011 15:55:16 -0300
Subject: [PATCH] Avoid csrf check on complete views in case provider uses POST
 and doesn't send CSRF token. Refs gh-67

---
 social_auth/views.py | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/social_auth/views.py b/social_auth/views.py
index c90410c..8f88d9d 100644
--- a/social_auth/views.py
+++ b/social_auth/views.py
@@ -6,6 +6,7 @@ from django.core.urlresolvers import reverse
 from django.db import transaction
 from django.contrib.auth import login, REDIRECT_FIELD_NAME
 from django.contrib.auth.decorators import login_required
+from django.views.decorators.csrf import csrf_exempt
 
 from social_auth.backends import get_backend
 from social_auth.utils import sanitize_redirect
@@ -33,6 +34,7 @@ def auth(request, backend):
     return auth_process(request, backend, COMPLETE_URL_NAME)
 
 
+@csrf_exempt  # If provider uses POST it won't be sending a CSRF token
 @transaction.commit_on_success
 def complete(request, backend):
     """Authentication complete view, override this view if transaction
@@ -77,6 +79,7 @@ def associate(request, backend):
     return auth_process(request, backend, ASSOCIATE_URL_NAME)
 
 
+@csrf_exempt  # If provider uses POST it won't be sending a CSRF token
 @login_required
 def associate_complete(request, backend):
     """Authentication complete process"""
-- 
2.39.5