diff --git a/omero_signup/templates/signup/index.html b/omero_signup/templates/signup/index.html
index 06a4ac1..3fa3112 100644
--- a/omero_signup/templates/signup/index.html
+++ b/omero_signup/templates/signup/index.html
@@ -115,6 +115,8 @@
{% endif %}
+
+
diff --git a/omero_signup/views.py b/omero_signup/views.py
index 51735af..1bf98c0 100644
--- a/omero_signup/views.py
+++ b/omero_signup/views.py
@@ -5,6 +5,7 @@
import random
import string
from datetime import datetime
+from uuid import uuid4
from django.conf import settings
from django.http import HttpResponse, HttpResponseRedirect
@@ -77,13 +78,19 @@ def handle_not_logged_in(self, request, error=None, form=None):
"""
Signup form
"""
+
+ # Store id in session to prevent forum resubmission
+ requestid = str(uuid4())
+ request.session['requestid'] = requestid
+
if form is None:
form = self.form_class()
context = {
'version': omero_version,
'build_year': build_year,
'error': error,
- 'form': form
+ 'form': form,
+ 'requestid': requestid,
}
if hasattr(settings, 'LOGIN_LOGO'):
context['LOGIN_LOGO'] = settings.LOGIN_LOGO
@@ -100,7 +107,12 @@ def post(self, request):
error = None
form = self.form_class(request.POST.copy())
- if form.is_valid():
+ session_requestid = request.session.pop('requestid', None)
+ post_requestid = request.POST.get('requestid')
+ if not session_requestid or session_requestid != post_requestid:
+ error = 'Invalid requestid: %s' % post_requestid
+
+ if not error and form.is_valid():
user = dict(
firstname=form.cleaned_data['firstname'],
lastname=form.cleaned_data['lastname'],