rob
/
smarttools
1
0
Fork 0
Code Issues Pull Requests Packages Projects 1 Releases Wiki Activity

Fix csrf_token collision in auth.py 

The auth.py was passing csrf_token as a string variable which
collided with the global csrf_token function in Jinja2. Removed
the redundant passing since csrf_token() is already available
as a Jinja global.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
rob 2025-12-31 19:47:29 -04:00
parent 0200ad4f6e
commit 16554c0694
1 changed files with 2 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
src/smarttools/web/auth.py
View File

@ -40,7 +40,6 @@ def login():
return render_template(
"pages/login.html",
errors=["Invalid CSRF token"],
csrf_token=_csrf_token(),
next_url=next_url,
)
email = request.form.get("email", "").strip()
@ -60,12 +59,11 @@ def login():
return render_template(
"pages/login.html",
errors=[error],
csrf_token=_csrf_token(),
email=email,
next_url=next_url,
)
return render_template("pages/login.html", csrf_token=_csrf_token(), next_url=next_url)
return render_template("pages/login.html", next_url=next_url)
@web_bp.route("/register", methods=["GET", "POST"])
@ -75,7 +73,6 @@ def register():
return render_template(
"pages/register.html",
errors=["Invalid CSRF token"],
csrf_token=_csrf_token(),
)
payload = {
"email": request.form.get("email", "").strip(),
@ -90,13 +87,12 @@ def register():
return render_template(
"pages/register.html",
errors=[error],
csrf_token=_csrf_token(),
email=payload["email"],
slug=payload["slug"],
display_name=payload["display_name"],
)
return render_template("pages/register.html", csrf_token=_csrf_token())
return render_template("pages/register.html")
@web_bp.route("/logout", methods=["POST"])