Added csrf token to login

2023-07-21 17:57:18 +02:00 · 2023-07-21 17:57:18 +02:00 · f2948c74ff
commit f2948c74ff
parent 24b3d40fb6
3 changed files with 24 additions and 2 deletions
--- a/paramecio2/modules/admin/app.py
+++ b/paramecio2/modules/admin/app.py
@ -13,6 +13,7 @@ import copy
 from os import path
 from paramecio2.modules.admin import admin_app, t
 from paramecio2.libraries.sendmail import SendMail
+from paramecio2.libraries.formsutils import check_csrf

 yes_recovery_login=False
 email_address='localhost'
@ -66,6 +67,12 @@ def admin_prepare():
                    
                    return redirect(url_redirect)   

+    
+    """
+    if request.method=='POST':
+        check_csrf()
+    """
+
@admin_app.after_request
 def admin_finished(response):
    
@ -187,6 +194,8 @@ def login():
    
    if request.method=='POST':
        
+        check_csrf()
+        
        username=request.form['username']

        password=request.form['password']
@ -279,6 +288,8 @@ def signup():
        
        if request.method=='POST':
            
+            check_csrf()
+            
            user_admin.conditions=['WHERE privileges=%s', [2]]
             
            forms=dict(request.form)
@ -337,8 +348,10 @@ def auth_check():

    error=1
    
-    if 'login_admin' in session:
+    check_csrf()
    
+    if 'login_admin' in session:
+        
        code=request.form.get('code', '')
        
        user_admin=UserAdmin(g.connection)