rainbownapkin/canopy
1
0
Fork 0
Code Issues 20 Pull requests Projects Releases Packages Wiki Activity Actions

Added CSRF tokens to non-partial templates.

Browse source
This commit is contained in:
rainbow napkin 2024-12-29 15:02:37 -05:00
parent 2ea3c72a61
commit 83f76af6e8
24 changed files with 94 additions and 22 deletions
Download patch file Download diff file Expand all files Collapse all files

5
src/controllers/passwordResetController.js
View file

@ -22,6 +22,7 @@ const {validationResult, matchedData} = require('express-validator');
//Local Imports
const altchaUtils = require('../utils/altchaUtils');
const csrfUtils = require('../utils/csrfUtils');
//register page functions
module.exports.get = async function(req, res){
@ -46,11 +47,11 @@ module.exports.get = async function(req, res){
*/
//Render page
return res.render('passwordReset', {instance: config.instanceName, user: req.session.user, challenge, token});
return res.render('passwordReset', {instance: config.instanceName, user: req.session.user, challenge, token, csrfToken: csrfUtils.generateToken(req)});
//If we didn't get a valid token
}else{
//otherwise render generic page
return res.render('passwordReset', {instance: config.instanceName, user: req.session.user, challenge, token: null});
return res.render('passwordReset', {instance: config.instanceName, user: req.session.user, challenge, token: null, csrfToken: csrfUtils.generateToken(req)});
}
}catch(err){
return exceptionHandler(res, err);