Improve CSRF tokens and add to more forms.

1 files changed, 8 insertions, 4 deletions

diff --git a/t/app/controller/alert_new.t b/t/app/controller/alert_new.t
index 777d733e2..06932f70a 100644
--- a/t/app/controller/alert_new.t
+++ b/t/app/controller/alert_new.t
@@ -7,6 +7,10 @@ use FixMyStreet::App;
 
 my $mech = FixMyStreet::TestMech->new;
 
+$mech->log_in_ok('test@example.com');
+$mech->get_ok('/alert/subscribe?id=1');
+my ($csrf) = $mech->content =~ /name="token" value="([^"]*)"/;
+
 foreach my $test (
     {
         email      => 'test@example.com',
@@ -71,7 +75,7 @@ foreach my $test (
             $mech->delete_user($user);
         }
 
-        $mech->get_ok( $test->{uri} );
+        $mech->get_ok( $test->{uri} . "&token=$csrf" );
         $mech->content_contains( $test->{content} );
 
         $user =
@@ -113,7 +117,7 @@ foreach my $test (
         my $existing_id    = $alert->id;
         my $existing_token = $url_token;
 
-        $mech->get_ok( $test->{uri} );
+        $mech->get_ok( $test->{uri} . "&token=$csrf" );
 
         $email = $mech->get_email;
         ok $email, 'got a second email';
@@ -165,7 +169,7 @@ foreach my $test (
         # clear existing data so we can be sure we're creating it
         ok $alert->delete() if $alert && !$test->{exist};
 
-        $mech->get_ok( '/alert/subscribe?type=local&rznvy=test-new@example.com&feed=area:1000:A_Location' );
+        $mech->get_ok( '/alert/subscribe?type=local&rznvy=test-new@example.com&feed=area:1000:A_Location&token=' . $csrf );
 
         $alert = FixMyStreet::App->model('DB::Alert')->find(
             {
@@ -262,7 +266,7 @@ for my $test (
           FixMyStreet::App->model('DB::Abuse')
           ->find_or_create( { email => $test->{email} } );
 
-        $mech->get_ok( $test->{uri} );
+        $mech->get_ok( $test->{uri} . "&token=$csrf" );
         $mech->content_contains( $test->{content} );
 
         $user =