2 files changed, 9 insertions, 1 deletions

diff --git a/app/Controller/BaseController.php b/app/Controller/BaseController.php
index c984a702..637c3db1 100644
--- a/app/Controller/BaseController.php
+++ b/app/Controller/BaseController.php
@@ -33,6 +33,13 @@ abstract class BaseController extends Base
         }
     }
 
+    protected function checkCSRFForm()
+    {
+        if (! $this->token->validateCSRFToken($this->request->getRawValue('csrf_token'))) {
+            throw new AccessForbiddenException();
+        }
+    }
+
     /**
      * Check webhook token
      *
@@ -305,7 +312,7 @@ abstract class BaseController extends Base
 
         return $filter;
     }
-    
+
     /**
      * Redirect the user after the authentication
      *
diff --git a/app/Controller/TwoFactorController.php b/app/Controller/TwoFactorController.php
index 5f60e946..2038c269 100644
--- a/app/Controller/TwoFactorController.php
+++ b/app/Controller/TwoFactorController.php
@@ -119,6 +119,7 @@ class TwoFactorController extends UserViewController
      */
     public function deactivate()
     {
+        $this->checkCSRFForm();
         $user = $this->getUser();
         $this->checkCurrentUser($user);