commit d4f5e6b7a8c9d0e1f2g3h4i5j6k7l8m9n0o1p2q3

Author: atonixdev

backend/accounts/auth_views.py

@@ -5,6 +5,7 @@
 from django.utils.decorators import method_decorator
 from django.views.decorators.csrf import csrf_protect, ensure_csrf_cookie
 from rest_framework import permissions, status
+from rest_framework.authentication import BaseAuthentication
 from rest_framework.response import Response
 from rest_framework.throttling import ScopedRateThrottle
 from rest_framework.views import APIView
@@ -34,6 +35,12 @@ def _cookie_params() -> dict:
 
 class CsrfView(APIView):
     permission_classes = [permissions.AllowAny]
+    # IMPORTANT:
+    # DRF runs authentication before permission checks. Our default auth backend
+    # (`CookieJWTAuthentication`) loads the user from the database, which means
+    # even this public endpoint will fail hard if the DB is unreachable.
+    # CSRF token issuance should not depend on the DB.
+    authentication_classes: list[type[BaseAuthentication]] = []
 
     @method_decorator(ensure_csrf_cookie)
     def get(self, request):

frontend/src/pages/Register.js

@@ -1,6 +1,6 @@
 import React, { useState } from 'react';
 import { Link, useNavigate, useLocation } from 'react-router-dom';
-import api from '../services/api';
+import api, { setCsrfToken } from '../services/api';
 import SearchableCountryDropdown from '../components/SearchableCountryDropdown';
 
 const Register = () => {
@@ -47,7 +47,8 @@ const Register = () => {
     setLoading(true);
 
     try {
-      await api.get('/auth/csrf/');
+      const csrfResp = await api.get('/auth/csrf/');
+      if (csrfResp?.data?.csrfToken) setCsrfToken(csrfResp.data.csrfToken);
       await api.post('/accounts/register/', {
         username: formData.username,
         email: formData.email,
@@ -62,13 +63,32 @@ const Register = () => {
         navigate('/login', { state: { email: formData.email, from: location.state?.from } });
       }, 2000);
     } catch (err) {
-      if (err.response?.data) {
-        const errorMessages = Object.entries(err.response.data)
-          .map(([key, value]) => `${key}: ${Array.isArray(value) ? value[0] : value}`)
-          .join(', ');
-        setError(errorMessages);
+      if (!err?.response) {
+        setError('Cannot reach the API server. Please try again later.');
+      } else if (err.response?.status === 429) {
+        setError('Too many attempts. Please wait and try again.');
       } else {
-        setError('Failed to create account. Please try again.');
+        const data = err.response?.data;
+
+        // If the backend returns an HTML error page (common when DEBUG=True),
+        // avoid exploding it into thousands of characters.
+        if (typeof data === 'string') {
+          const trimmed = data.trim().toLowerCase();
+          if (trimmed.startsWith('<!doctype html') || trimmed.startsWith('<html')) {
+            setError('Server error while creating account. Please try again later.');
+          } else if (data.length > 300) {
+            setError('Server error while creating account. Please try again later.');
+          } else {
+            setError(data);
+          }
+        } else if (data && typeof data === 'object') {
+          const errorMessages = Object.entries(data)
+            .map(([key, value]) => `${key}: ${Array.isArray(value) ? value[0] : value}`)
+            .join(', ');
+          setError(errorMessages || 'Failed to create account. Please try again.');
+        } else {
+          setError('Failed to create account. Please try again.');
+        }
       }
     } finally {
       setLoading(false);