Fix CSRF token generator

This commit is contained in:
Noah 2018-04-11 19:53:41 -07:00
parent aca9734b14
commit 95fdc4baff

View File

@ -13,9 +13,9 @@ import (
// CSRF is a middleware generator that enforces CSRF tokens on all POST requests. // CSRF is a middleware generator that enforces CSRF tokens on all POST requests.
func CSRF(onError func(http.ResponseWriter, *http.Request, string)) negroni.HandlerFunc { func CSRF(onError func(http.ResponseWriter, *http.Request, string)) negroni.HandlerFunc {
middleware := func(w http.ResponseWriter, r *http.Request, next http.HandlerFunc) { middleware := func(w http.ResponseWriter, r *http.Request, next http.HandlerFunc) {
session := sessions.Get(r)
token := GenerateCSRFToken(w, r, session)
if r.Method == "POST" { if r.Method == "POST" {
session := sessions.Get(r)
token := GenerateCSRFToken(w, r, session)
if token != r.FormValue("_csrf") { if token != r.FormValue("_csrf") {
log.Error("CSRF Mismatch: expected %s, got %s", r.FormValue("_csrf"), token) log.Error("CSRF Mismatch: expected %s, got %s", r.FormValue("_csrf"), token)
onError(w, r, "Failed to validate CSRF token. Please try your request again.") onError(w, r, "Failed to validate CSRF token. Please try your request again.")