From 1493c5c592718ab59f1319d3e6f81afd986dcfce Mon Sep 17 00:00:00 2001
From: Jorran de Wit <jorrandewit@outlook.com>
Date: Tue, 21 Nov 2017 15:14:36 +0100
Subject: [PATCH] Add CRSF failure template

---
 SciPost_v1/settings/base.py |  3 +++
 scipost/views.py            |  8 ++++++++
 templates/crsf-failure.html | 15 +++++++++++++++
 3 files changed, 26 insertions(+)
 create mode 100644 templates/crsf-failure.html

diff --git a/SciPost_v1/settings/base.py b/SciPost_v1/settings/base.py
index 5a5468d6d..0ca208465 100644
--- a/SciPost_v1/settings/base.py
+++ b/SciPost_v1/settings/base.py
@@ -261,6 +261,7 @@ WEBPACK_LOADER = {
 # Email
 EMAIL_BACKEND = 'mails.backends.extendedfilebased.EmailBackend'
 EMAIL_FILE_PATH = 'local_files/email/'
+EMAIL_SUBJECT_PREFIX = '[SciPost Server] '
 MAILCHIMP_DATABASE_CODE = 'us6'
 MAILCHIMP_API_USER = 'test_API-user'
 MAILCHIMP_API_KEY = 'test_API-key'
@@ -310,3 +311,5 @@ AUTH_PASSWORD_VALIDATORS = [
         'NAME': 'django.contrib.auth.password_validation.NumericPasswordValidator',
     },
 ]
+
+CSRF_FAILURE_VIEW = 'scipost.views.csrf_failure'
diff --git a/scipost/views.py b/scipost/views.py
index 858b004e7..43ed540d0 100644
--- a/scipost/views.py
+++ b/scipost/views.py
@@ -1316,3 +1316,11 @@ class AboutView(ListView):
             ))
         context['object_list'] = object_list
         return context
+
+
+def csrf_failure(request, reason=""):
+    """
+    Custom CRSF Failure. Informing admins via email as well.
+    """
+    mail.mail_admins('CRSF Failure', 'Error message: ' + reason)
+    return render(request, 'crsf-failure.html')
diff --git a/templates/crsf-failure.html b/templates/crsf-failure.html
new file mode 100644
index 000000000..a89174488
--- /dev/null
+++ b/templates/crsf-failure.html
@@ -0,0 +1,15 @@
+{% extends 'scipost/base.html' %}
+
+{% block pagetitle %}: 500{% endblock pagetitle %}
+
+{% block content %}
+
+<div style="text-align: center;">
+    <img src="//scipost.org/static/scipost/images/logo_scipost_RGB_HTML_groot.png" alt="SciPost logo" width="240" style="margin-top: 20px; margin-bottom: 20px" />
+    <h1>We are sorry, your security token seem to be expired. Please refresh your page and try again.</h1>
+    <h2>Security Token invalid</h2>
+    <h3>The SciPost administrators have been informed.</h3>
+    <p style="margin-top: 20px;">Go back to <a href="//scipost.org">the homepage</a>.</p>
+</div>
+
+{% endblock %}
-- 
GitLab