gaspersic/freeCodeCamp
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Merge branch 'patch-1' of https://github.com/GeneralZero/hackathon-starter into GeneralZero-patch-1

Browse Source 
* 'patch-1' of https://github.com/GeneralZero/hackathon-starter:
  Update profile.jade
  Readded newline
  Removed extra app.use(express.csrf());
  Removed dynamicHelpers comment
  Changed Views to accept CSRF token
  Added CSRF Protection to all form views
  Add CSRF Security measures on login forms

Conflicts:
	views/account/profile.jade
This commit is contained in:
Sahat Yalkabov
2014-02-04 00:37:32 -05:00
parent 0b89b41376 c5199929a5
commit 61e95b582b
5 changed files with 47 additions and 37 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
app.js
View File

@ -74,10 +74,12 @@ app.use(express.session({
auto_reconnect: true
})
}));
app.use(express.csrf());
app.use(passport.initialize());
app.use(passport.session());
app.use(function(req, res, next) {
res.locals.user = req.user;
res.locals.token = req.csrfToken();
next();
});
app.use(flash());

2
views/account/login.jade
View File

@ -24,6 +24,8 @@ block content
.form-group
label.control-label(for='username') Password
input.form-control(type='password', name='password', id='password', placeholder='Password')
.form-group
input.form-control(type='hidden', name='_csrf', value=token)
.form-group
button.btn.btn-primary(type='submit')
i.fa.fa-unlock-alt

76
views/account/profile.jade
View File

@ -3,44 +3,44 @@ extends ../layout
block content
.page-header
h3 Profile Information
form.form-horizontal(action='/account/profile', method='POST')
.row
.col-xs-10
.form-group
label.col-xs-2.control-label(for='email') Email
.col-xs-4
input.form-control(type='email', name='email', id='email', value='#{user.email}')
.form-group
label.col-xs-2.control-label(for='name') Name
.col-xs-4
input.form-control(type='text', name='name', id='name', value='#{user.profile.name}')
.form-group
label.col-xs-2.control-label(for='name') Gender
.col-xs-4
label.radio
input(type='radio', checked=user.profile.gender=='male', name='gender', value='male', data-toggle='radio')
| Male
label.radio
input(type='radio', checked=user.profile.gender=='female', name='gender', value='female', data-toggle='radio')
| Female
.form-group
label.col-xs-2.control-label(for='location') Location
.col-xs-4
input.form-control(type='text', name='location', id='location', value='#{user.profile.location}')
.form-group
label.col-xs-2.control-label(for='website') Website
.col-xs-4
input.form-control(type='text', name='website', id='website', value='#{user.profile.website}')
.form-group
label.col-xs-2.control-label(for='gravatar') Gravatar
.col-xs-4
img(src="#{user.gravatar()}", class='profile', width='100', height='100')
.form-group
.col-xs-offset-2.col-xs-4
button.btn.btn.btn-primary(type='submit')
i.fa.fa-magnet
| Update Profile
form.form-horizontal(action='/account/profile', method='POST')
.form-group
label.col-xs-2.control-label(for='email') Email
.col-xs-4
input.form-control(type='email', name='email', id='email', value='#{user.email}')
.form-group
label.col-xs-2.control-label(for='name') Name
.col-xs-4
input.form-control(type='text', name='name', id='name', value='#{user.profile.name}')
.form-group
label.col-xs-2.control-label(for='name') Gender
.col-xs-4
label.radio
input(type='radio', checked=user.profile.gender=='male', name='gender', value='male', data-toggle='radio')
| Male
label.radio
input(type='radio', checked=user.profile.gender=='female', name='gender', value='female', data-toggle='radio')
| Female
.form-group
label.col-xs-2.control-label(for='location') Location
.col-xs-4
input.form-control(type='text', name='location', id='location', value='#{user.profile.location}')
.form-group
label.col-xs-2.control-label(for='website') Website
.col-xs-4
input.form-control(type='text', name='website', id='website', value='#{user.profile.website}')
.form-group
label.col-xs-2.control-label(for='gravatar') Gravatar
.col-xs-4
img(src="#{user.gravatar()}", class='profile', width='100', height='100')
.form-group
input.form-control(type='hidden', name='_csrf', value=token)
.form-group
.col-xs-offset-2.col-xs-4
button.btn.btn.btn-primary(type='submit')
i.fa.fa-magnet
| Update Profile
.page-header
@ -55,6 +55,8 @@ block content
label.col-xs-3.control-label(for='confirmPassword') Confirm Password
.col-xs-4
input.form-control(type='password', name='confirmPassword', id='confirmPassword')
.form-group
input.form-control(type='hidden', name='_csrf', value=token)
.form-group
.col-xs-offset-3.col-xs-4
button.btn.btn.btn-primary(type='submit')

2
views/account/signup.jade
View File

@ -15,6 +15,8 @@ block content
label.col-sm-3.control-label(for='username') Confirm Password
.col-sm-7
input.form-control(type='password', name='confirmPassword', id='confirmPassword', placeholder='Confirm Password')
.form-group
input.form-control(type='hidden', name='_csrf', value=token)
.form-group
.col-sm-offset-3.col-sm-7
button.btn.btn-success(type='submit')

2
views/contact.jade
View File

@ -17,6 +17,8 @@ block content
label(class='col-sm-2 control-label', for='contactBody') Body
.col-sm-8
textarea.form-control(type='text', name='message', id='message', rows='7')
.form-group
input.form-control(type='hidden', name='_csrf', value=token)
.form-group
.col-sm-offset-2.col-sm-8
button.btn.btn-default(type='submit')