From 5b955032a3382ac8bc65776a047e005ba8840fa3 Mon Sep 17 00:00:00 2001
From: Andrew Kimpton <awk@awkward.org>
Date: Sat, 2 Apr 2011 17:36:55 -0400
Subject: [PATCH] If SCAuthUserCheckURL is set to 'disabled' do not perform the
 GET to check for a valid user. This effectively disables the register during
 logon behaviour for new users.

If a 'csrftoken' cookie is present supply its value in the X-CSRFToken header for POSTs made
during login. This fixes a problem in DJango when the CSRF middleware is enabled and allows
the posted to JSON data to be handled correctly.
---
 LoginProviders/SCLoginDialogController.j | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/LoginProviders/SCLoginDialogController.j b/LoginProviders/SCLoginDialogController.j
index a3867cd..7f24d67 100644
--- a/LoginProviders/SCLoginDialogController.j
+++ b/LoginProviders/SCLoginDialogController.j
@@ -9,6 +9,7 @@
  */
 
 @import <AppKit/CPWindowController.j>
+@import <AppKit/CPCookie.j>
 @import "../AccountValidators/SCAccountValidator.j"
 
 var DefaultLoginDialogController    = nil,
@@ -211,8 +212,12 @@ SCLoginFailed = 1;
         loginObject     = {'username' : username, 'password' : password, 'remember' : shouldRemember},
         request         = [CPURLRequest requestWithURL:[[CPBundle mainBundle] objectForInfoDictionaryKey:@"SCAuthLoginURL"] || @"/session/"];
 
+     var csrfCookie = [[CPCookie alloc] initWithName:"csrftoken"];
+
     [request setHTTPMethod:@"POST"];
     [request setValue:@"application/json" forHTTPHeaderField:@"Content-Type"];
+    if ([csrfCookie value] != nil)
+       [request setValue:[csrfCookie value] forHTTPHeaderField:@"X-CSRFToken"];
     [request setHTTPBody:[CPString JSONFromObject:loginObject]];
     _loginConnection = [_connectionClass connectionWithRequest:request delegate:self];
     _loginConnection.username = username;
@@ -301,6 +306,9 @@ SCLoginFailed = 1;
 /* @ignore */
 - (void)_checkUser
 {
+   if ([[CPBundle mainBundle] objectForInfoDictionaryKey:@"SCAuthUserCheckURL"] == "disabled")
+      return;
+
     [_userCheckSpinner setHidden:NO];
 
     var request = [CPURLRequest requestWithURL:([[CPBundle mainBundle] objectForInfoDictionaryKey:@"SCAuthUserCheckURL"] || @"/user/") + [_userField stringValue]];