Use LenientForm instead Form for CSRF protected pages (#751)
This commit is contained in:
parent
c217e5e9b3
commit
71e0a35e06
@ -3,7 +3,7 @@ use lettre::Transport;
|
|||||||
use rocket::http::ext::IntoOwned;
|
use rocket::http::ext::IntoOwned;
|
||||||
use rocket::{
|
use rocket::{
|
||||||
http::{uri::Uri, Cookie, Cookies, SameSite},
|
http::{uri::Uri, Cookie, Cookies, SameSite},
|
||||||
request::{Form, LenientForm},
|
request::LenientForm,
|
||||||
response::{Flash, Redirect},
|
response::{Flash, Redirect},
|
||||||
State,
|
State,
|
||||||
};
|
};
|
||||||
@ -159,7 +159,7 @@ pub struct ResetForm {
|
|||||||
#[post("/password-reset", data = "<form>")]
|
#[post("/password-reset", data = "<form>")]
|
||||||
pub fn password_reset_request(
|
pub fn password_reset_request(
|
||||||
mail: State<'_, Arc<Mutex<Mailer>>>,
|
mail: State<'_, Arc<Mutex<Mailer>>>,
|
||||||
form: Form<ResetForm>,
|
form: LenientForm<ResetForm>,
|
||||||
rockets: PlumeRocket,
|
rockets: PlumeRocket,
|
||||||
) -> Ructe {
|
) -> Ructe {
|
||||||
if User::find_by_email(&*rockets.conn, &form.email).is_ok() {
|
if User::find_by_email(&*rockets.conn, &form.email).is_ok() {
|
||||||
@ -216,7 +216,7 @@ fn passwords_match(form: &NewPasswordForm) -> Result<(), ValidationError> {
|
|||||||
#[post("/password-reset/<token>", data = "<form>")]
|
#[post("/password-reset/<token>", data = "<form>")]
|
||||||
pub fn password_reset(
|
pub fn password_reset(
|
||||||
token: String,
|
token: String,
|
||||||
form: Form<NewPasswordForm>,
|
form: LenientForm<NewPasswordForm>,
|
||||||
rockets: PlumeRocket,
|
rockets: PlumeRocket,
|
||||||
) -> Result<Flash<Redirect>, Ructe> {
|
) -> Result<Flash<Redirect>, Ructe> {
|
||||||
form.validate()
|
form.validate()
|
||||||
|
Loading…
Reference in New Issue
Block a user