aitzol/Plume
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Use LenientForm instead Form for CSRF protected pages (#751)

Browse Source
This commit is contained in:
KITAITI Makoto 2020-04-18 18:45:28 +09:00 committed by GitHub
parent c217e5e9b3
commit 71e0a35e06
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
src/routes/session.rs
View File

@ -3,7 +3,7 @@ use lettre::Transport;
use rocket::http::ext::IntoOwned;
use rocket::{
http::{uri::Uri, Cookie, Cookies, SameSite},
request::{Form, LenientForm},
request::LenientForm,
response::{Flash, Redirect},
State,
};
@ -159,7 +159,7 @@ pub struct ResetForm {
#[post("/password-reset", data = "<form>")]
pub fn password_reset_request(
mail: State<'_, Arc<Mutex<Mailer>>>,
form: Form<ResetForm>,
form: LenientForm<ResetForm>,
rockets: PlumeRocket,
) -> Ructe {
if User::find_by_email(&*rockets.conn, &form.email).is_ok() {
@ -216,7 +216,7 @@ fn passwords_match(form: &NewPasswordForm) -> Result<(), ValidationError> {
#[post("/password-reset/<token>", data = "<form>")]
pub fn password_reset(
token: String,
form: Form<NewPasswordForm>,
form: LenientForm<NewPasswordForm>,
rockets: PlumeRocket,
) -> Result<Flash<Redirect>, Ructe> {
form.validate()