Use LenientForm instead Form for CSRF protected pages (#751)

This commit is contained in:
KITAITI Makoto 2020-04-18 18:45:28 +09:00 committed by GitHub
parent c217e5e9b3
commit 71e0a35e06
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -3,7 +3,7 @@ use lettre::Transport;
use rocket::http::ext::IntoOwned; use rocket::http::ext::IntoOwned;
use rocket::{ use rocket::{
http::{uri::Uri, Cookie, Cookies, SameSite}, http::{uri::Uri, Cookie, Cookies, SameSite},
request::{Form, LenientForm}, request::LenientForm,
response::{Flash, Redirect}, response::{Flash, Redirect},
State, State,
}; };
@ -159,7 +159,7 @@ pub struct ResetForm {
#[post("/password-reset", data = "<form>")] #[post("/password-reset", data = "<form>")]
pub fn password_reset_request( pub fn password_reset_request(
mail: State<'_, Arc<Mutex<Mailer>>>, mail: State<'_, Arc<Mutex<Mailer>>>,
form: Form<ResetForm>, form: LenientForm<ResetForm>,
rockets: PlumeRocket, rockets: PlumeRocket,
) -> Ructe { ) -> Ructe {
if User::find_by_email(&*rockets.conn, &form.email).is_ok() { if User::find_by_email(&*rockets.conn, &form.email).is_ok() {
@ -216,7 +216,7 @@ fn passwords_match(form: &NewPasswordForm) -> Result<(), ValidationError> {
#[post("/password-reset/<token>", data = "<form>")] #[post("/password-reset/<token>", data = "<form>")]
pub fn password_reset( pub fn password_reset(
token: String, token: String,
form: Form<NewPasswordForm>, form: LenientForm<NewPasswordForm>,
rockets: PlumeRocket, rockets: PlumeRocket,
) -> Result<Flash<Redirect>, Ructe> { ) -> Result<Flash<Redirect>, Ructe> {
form.validate() form.validate()