From 9f136bdb66a96b315dc7946e9c5f9315af84d110 Mon Sep 17 00:00:00 2001
From: Kevin O'Gorman <kog@freedom.press>
Date: Mon, 3 Jun 2019 10:10:16 -0700
Subject: [PATCH] Fixed CSRF error on JI password reset, updated functional
 tests to use CSRF

---
 securedrop/journalist_templates/edit_account.html | 1 +
 securedrop/tests/functional/functional_test.py    | 1 +
 2 files changed, 2 insertions(+)

diff --git a/securedrop/journalist_templates/edit_account.html b/securedrop/journalist_templates/edit_account.html
index fc54f2ebcb..163dfd8b2b 100644
--- a/securedrop/journalist_templates/edit_account.html
+++ b/securedrop/journalist_templates/edit_account.html
@@ -61,6 +61,7 @@ <h2>{{ gettext('Reset Password') }}</h2>
   <p><input type="password" name="current_password" placeholder="{{ gettext('Current Password') }}"></p>
   <p><input name="token" id="token" type="text" placeholder="{{ gettext('Two-factor Code') }}"></p>
   {% endif %}
+  <input name="csrf_token" type="hidden" value="{{ csrf_token() }}">
   <input name="password" type="hidden" value="{{ password }}">
   <p>
     {% if user %}
diff --git a/securedrop/tests/functional/functional_test.py b/securedrop/tests/functional/functional_test.py
index 431f43a0f5..a6c720d318 100644
--- a/securedrop/tests/functional/functional_test.py
+++ b/securedrop/tests/functional/functional_test.py
@@ -200,6 +200,7 @@ def sd_servers(self):
 
                     self.source_app = source_app.create_app(config)
                     self.journalist_app = journalist_app.create_app(config)
+                    self.journalist_app.config['WTF_CSRF_ENABLED'] = True
 
                     self.__context = self.journalist_app.app_context()
                     self.__context.push()