From f74c7910b72f41f4a72d8b6b1a683fcf9fbb244e Mon Sep 17 00:00:00 2001
From: Matthew Somerville <matthew-github@dracos.co.uk>
Date: Tue, 5 Jul 2016 13:09:18 +0100
Subject: Fix CSRF issue with new login during process.

If you had no session cookie, started reporting a problem, logged in
through that process, you would then get a CSRF error as the token
had been created before the session was.
---
 perllib/FixMyStreet/App/Controller/Auth.pm | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'perllib/FixMyStreet/App/Controller/Auth.pm')

diff --git a/perllib/FixMyStreet/App/Controller/Auth.pm b/perllib/FixMyStreet/App/Controller/Auth.pm
index 65533b1d2..be95040e1 100644
--- a/perllib/FixMyStreet/App/Controller/Auth.pm
+++ b/perllib/FixMyStreet/App/Controller/Auth.pm
@@ -85,6 +85,9 @@ sub sign_in : Private {
         $c->set_session_cookie_expire(0)
           unless $remember_me;
 
+        # Regenerate CSRF token as session ID changed
+        $c->forward('get_csrf_token');
+
         return 1;
     }
 
-- 
cgit v1.2.3