fix csrf auth token

2017-03-16 00:17:30 -04:00 · 2017-03-16 00:17:30 -04:00 · 6fdd6acc11
commit 6fdd6acc11
parent 20c9f989e1
2 changed files with 12 additions and 2 deletions
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@ -4,7 +4,7 @@ class ApplicationController < ActionController::Base
  include Pundit
  include PunditExtra
  rescue_from Pundit::NotAuthorizedError, with: :handle_unauthorized
-  #protect_from_forgery(with: :exception)
+  protect_from_forgery(with: :exception)

  before_action :invite_link
  before_action :prepare_exception_notifier
--- a/frontend/src/components/App/LoginForm.js
+++ b/frontend/src/components/App/LoginForm.js
@ -5,10 +5,20 @@ class LoginForm extends Component {
    loginFormAuthToken: PropTypes.string
  }

+  constructor(props) {
+    super(props)
+    this.state = { token: '' }
+  }
+
+  componentDidMount() {
+    const token = document.head.getElementsByTagName('meta')['csrf-token'].content
+    this.setState({token})
+  }
+
  render () {
    return <form className="loginAnywhere" id="new_user" action="/login" acceptCharset="UTF-8" method="post">
      <input name="utf8" type="hidden" value="✓" />
-      <input type="hidden" name="authenticity_token" value="9z5D3vUGKM5ExKJ0CmhweE8qysvUqjFMwgMvbYXIlrnvg9sqJWIWgCt9lq28NZgyCaNudF+w+dRPD1pybeT4mg==" />
+      <input type="hidden" name="authenticity_token" value={this.state.token} />
      <div className="accountImage"></div>
      <div className="accountInput accountEmail">
        <input placeholder="Email" type="email" name="user[email]" id="user_email" />