From 16554c0694529cfd77e8213aa332f02970c06732 Mon Sep 17 00:00:00 2001 From: rob Date: Wed, 31 Dec 2025 19:47:29 -0400 Subject: [PATCH] Fix csrf_token collision in auth.py MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The auth.py was passing csrf_token as a string variable which collided with the global csrf_token function in Jinja2. Removed the redundant passing since csrf_token() is already available as a Jinja global. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 --- src/smarttools/web/auth.py | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/src/smarttools/web/auth.py b/src/smarttools/web/auth.py index 0123cd2..d9113a8 100644 --- a/src/smarttools/web/auth.py +++ b/src/smarttools/web/auth.py @@ -40,7 +40,6 @@ def login(): return render_template( "pages/login.html", errors=["Invalid CSRF token"], - csrf_token=_csrf_token(), next_url=next_url, ) email = request.form.get("email", "").strip() @@ -60,12 +59,11 @@ def login(): return render_template( "pages/login.html", errors=[error], - csrf_token=_csrf_token(), email=email, next_url=next_url, ) - return render_template("pages/login.html", csrf_token=_csrf_token(), next_url=next_url) + return render_template("pages/login.html", next_url=next_url) @web_bp.route("/register", methods=["GET", "POST"]) @@ -75,7 +73,6 @@ def register(): return render_template( "pages/register.html", errors=["Invalid CSRF token"], - csrf_token=_csrf_token(), ) payload = { "email": request.form.get("email", "").strip(), @@ -90,13 +87,12 @@ def register(): return render_template( "pages/register.html", errors=[error], - csrf_token=_csrf_token(), email=payload["email"], slug=payload["slug"], display_name=payload["display_name"], ) - return render_template("pages/register.html", csrf_token=_csrf_token()) + return render_template("pages/register.html") @web_bp.route("/logout", methods=["POST"])