diff options
-rw-r--r-- | app/Controller/BaseController.php | 9 | ||||
-rw-r--r-- | app/Controller/TwoFactorController.php | 1 |
2 files changed, 9 insertions, 1 deletions
diff --git a/app/Controller/BaseController.php b/app/Controller/BaseController.php index c984a702..637c3db1 100644 --- a/app/Controller/BaseController.php +++ b/app/Controller/BaseController.php @@ -33,6 +33,13 @@ abstract class BaseController extends Base } } + protected function checkCSRFForm() + { + if (! $this->token->validateCSRFToken($this->request->getRawValue('csrf_token'))) { + throw new AccessForbiddenException(); + } + } + /** * Check webhook token * @@ -305,7 +312,7 @@ abstract class BaseController extends Base return $filter; } - + /** * Redirect the user after the authentication * diff --git a/app/Controller/TwoFactorController.php b/app/Controller/TwoFactorController.php index 5f60e946..2038c269 100644 --- a/app/Controller/TwoFactorController.php +++ b/app/Controller/TwoFactorController.php @@ -119,6 +119,7 @@ class TwoFactorController extends UserViewController */ public function deactivate() { + $this->checkCSRFForm(); $user = $this->getUser(); $this->checkCurrentUser($user); |