Merge pull request #4498 from zenmonkeykstop/4463-csrf-reset-password

Fixes CSRF error on JI password reset
freedomofpress · Jun 3, 2019 · 5d5ba25 · 5d5ba25
2 parents d164ece + 9f136bd
commit 5d5ba25
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 0 deletions.
diff --git a/securedrop/journalist_templates/edit_account.html b/securedrop/journalist_templates/edit_account.html
@@ -61,6 +61,7 @@ <h2>{{ gettext('Reset Password') }}</h2>
   <p><input type="password" name="current_password" placeholder="{{ gettext('Current Password') }}"></p>
   <p><input name="token" id="token" type="text" placeholder="{{ gettext('Two-factor Code') }}"></p>
   {% endif %}
+  <input name="csrf_token" type="hidden" value="{{ csrf_token() }}">
   <input name="password" type="hidden" value="{{ password }}">
   <p>
     {% if user %}

diff --git a/securedrop/tests/functional/functional_test.py b/securedrop/tests/functional/functional_test.py
@@ -200,6 +200,7 @@ def sd_servers(self):
 
                     self.source_app = source_app.create_app(config)
                     self.journalist_app = journalist_app.create_app(config)
+                    self.journalist_app.config['WTF_CSRF_ENABLED'] = True
 
                     self.__context = self.journalist_app.app_context()
                     self.__context.push()