From 9cecce4a9c8f68fbd428c697aeeadf84f47395fc Mon Sep 17 00:00:00 2001
From: Andreas Kloeckner <inform@tiker.net>
Date: Mon, 11 Jan 2016 15:40:42 -0600
Subject: [PATCH] Protect exam check-in like a password form

---
 course/exam.py | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/course/exam.py b/course/exam.py
index 716ce6e0..c42ca87b 100644
--- a/course/exam.py
+++ b/course/exam.py
@@ -40,6 +40,10 @@ from django.contrib.auth.decorators import permission_required
 from django.db import transaction
 from django.core.urlresolvers import reverse
 
+from django.views.decorators.debug import sensitive_post_parameters
+from django.views.decorators.cache import never_cache
+from django.views.decorators.csrf import csrf_protect
+
 from django_select2.forms import Select2Widget
 from crispy_forms.layout import Submit
 
@@ -457,6 +461,9 @@ class ExamCheckInForm(StyledForm):
                 Submit("submit", _("Check in")))
 
 
+@sensitive_post_parameters()
+@csrf_protect
+@never_cache
 def check_in_for_exam(request):
     now_datetime = get_now_or_fake_time(request)
 
-- 
GitLab