From 19ea9ed6209b36cba5cb8f96224d9e3a0c022c93 Mon Sep 17 00:00:00 2001
From: Frédéric Guillot <fred@kanboard.net>
Date: Wed, 30 Jan 2019 20:21:12 -0800
Subject: Add missing CSRF check in TwoFactorController::deactivate()

---
 app/Controller/BaseController.php      | 9 ++++++++-
 app/Controller/TwoFactorController.php | 1 +
 2 files changed, 9 insertions(+), 1 deletion(-)

(limited to 'app/Controller')

diff --git a/app/Controller/BaseController.php b/app/Controller/BaseController.php
index c984a702..637c3db1 100644
--- a/app/Controller/BaseController.php
+++ b/app/Controller/BaseController.php
@@ -33,6 +33,13 @@ abstract class BaseController extends Base
         }
     }
 
+    protected function checkCSRFForm()
+    {
+        if (! $this->token->validateCSRFToken($this->request->getRawValue('csrf_token'))) {
+            throw new AccessForbiddenException();
+        }
+    }
+
     /**
      * Check webhook token
      *
@@ -305,7 +312,7 @@ abstract class BaseController extends Base
 
         return $filter;
     }
-    
+
     /**
      * Redirect the user after the authentication
      *
diff --git a/app/Controller/TwoFactorController.php b/app/Controller/TwoFactorController.php
index 5f60e946..2038c269 100644
--- a/app/Controller/TwoFactorController.php
+++ b/app/Controller/TwoFactorController.php
@@ -119,6 +119,7 @@ class TwoFactorController extends UserViewController
      */
     public function deactivate()
     {
+        $this->checkCSRFForm();
         $user = $this->getUser();
         $this->checkCurrentUser($user);
 
-- 
cgit v1.2.3