From 6fdd6acc111297cee89a655df29ccd491785ff16 Mon Sep 17 00:00:00 2001
From: Connor Turland <connorturland@gmail.com>
Date: Thu, 16 Mar 2017 00:17:30 -0400
Subject: [PATCH] fix csrf auth token

---
 app/controllers/application_controller.rb |  2 +-
 frontend/src/components/App/LoginForm.js  | 12 +++++++++++-
 2 files changed, 12 insertions(+), 2 deletions(-)

diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index 55abe8e3..4bb5be10 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -4,7 +4,7 @@ class ApplicationController < ActionController::Base
   include Pundit
   include PunditExtra
   rescue_from Pundit::NotAuthorizedError, with: :handle_unauthorized
-  #protect_from_forgery(with: :exception)
+  protect_from_forgery(with: :exception)
 
   before_action :invite_link
   before_action :prepare_exception_notifier
diff --git a/frontend/src/components/App/LoginForm.js b/frontend/src/components/App/LoginForm.js
index 273ee31b..a6b3ae77 100644
--- a/frontend/src/components/App/LoginForm.js
+++ b/frontend/src/components/App/LoginForm.js
@@ -5,10 +5,20 @@ class LoginForm extends Component {
     loginFormAuthToken: PropTypes.string
   }
 
+  constructor(props) {
+    super(props)
+    this.state = { token: '' }
+  }
+
+  componentDidMount() {
+    const token = document.head.getElementsByTagName('meta')['csrf-token'].content
+    this.setState({token})
+  }
+
   render () {
     return <form className="loginAnywhere" id="new_user" action="/login" acceptCharset="UTF-8" method="post">
       <input name="utf8" type="hidden" value="✓" />
-      <input type="hidden" name="authenticity_token" value="9z5D3vUGKM5ExKJ0CmhweE8qysvUqjFMwgMvbYXIlrnvg9sqJWIWgCt9lq28NZgyCaNudF+w+dRPD1pybeT4mg==" />
+      <input type="hidden" name="authenticity_token" value={this.state.token} />
       <div className="accountImage"></div>
       <div className="accountInput accountEmail">
         <input placeholder="Email" type="email" name="user[email]" id="user_email" />