aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDaniel Schadt <kingdread@gmx.de>2022-07-09 12:50:54 +0200
committerDaniel Schadt <kingdread@gmx.de>2022-07-09 12:50:54 +0200
commitc788d569c58576fd8227f5a33b895ab8131eb9dc (patch)
treeec3f2a63f09a8d4c7e5309965f45d9c7f250695a
parent7c0d07aad4da6c36d0014c8ae7ce67db21be56a9 (diff)
downloadfietsboek-c788d569c58576fd8227f5a33b895ab8131eb9dc.tar.gz
fietsboek-c788d569c58576fd8227f5a33b895ab8131eb9dc.tar.bz2
fietsboek-c788d569c58576fd8227f5a33b895ab8131eb9dc.zip
fix CSRF token mismatch on password reset forms
-rw-r--r--fietsboek/templates/login.jinja23
-rw-r--r--fietsboek/templates/password_reset.jinja22
-rw-r--r--fietsboek/templates/request_password.jinja22
3 files changed, 7 insertions, 0 deletions
diff --git a/fietsboek/templates/login.jinja2 b/fietsboek/templates/login.jinja2
index 18b12e7..86e9adb 100644
--- a/fietsboek/templates/login.jinja2
+++ b/fietsboek/templates/login.jinja2
@@ -1,5 +1,7 @@
{% extends "layout.jinja2" %}
+{% import "util.jinja2" as util with context %}
+
{% block content %}
<div class="container">
<h1>{{ _("page.login.title") }}</h1>
@@ -20,6 +22,7 @@
</div>
</div>
</div>
+ {{ util.hidden_csrf_input() }}
<div class="row justify-content-center">
<div class="col-auto mb-3">
<button type="submit" class="btn btn-primary"><i class="bi bi-door-open"></i> {{ _("page.login.submit") }}</button>
diff --git a/fietsboek/templates/password_reset.jinja2 b/fietsboek/templates/password_reset.jinja2
index 7b89762..dfcca08 100644
--- a/fietsboek/templates/password_reset.jinja2
+++ b/fietsboek/templates/password_reset.jinja2
@@ -1,4 +1,5 @@
{% extends "layout.jinja2" %}
+{% import "util.jinja2" as util with context %}
{% block content %}
<div class="container">
<h1>{{ _("page.password_reset.title") }}</h1>
@@ -25,6 +26,7 @@
</div>
</div>
</div>
+ {{ util.hidden_csrf_input() }}
<button type="submit" class="btn btn-primary">{{ _("page.password_reset.reset") }}</button>
</form>
</diV>
diff --git a/fietsboek/templates/request_password.jinja2 b/fietsboek/templates/request_password.jinja2
index 47710e3..adb4193 100644
--- a/fietsboek/templates/request_password.jinja2
+++ b/fietsboek/templates/request_password.jinja2
@@ -1,4 +1,5 @@
{% extends "layout.jinja2" %}
+{% import "util.jinja2" as util with context %}
{% block content %}
<div class="container">
<h1>{{ _("page.request_password.title") }}</h1>
@@ -11,6 +12,7 @@
<label for="resetEmail">{{ _("page.request_password.email") }}</label>
</div>
</div>
+ {{ util.hidden_csrf_input() }}
<div class="col-lg-4">
<button class="btn btn-primary">{{ _("page.request_password.request") }}</button>
</div>