diff --git a/ldap_frontend/__init__.py b/ldap_frontend/__init__.py index d20b80b..f92cc63 100644 --- a/ldap_frontend/__init__.py +++ b/ldap_frontend/__init__.py @@ -2,6 +2,7 @@ from json import load from os import environ from flask import Flask, flash, redirect, request, session, url_for +from flask_wtf.csrf import CSRFProtect, CSRFError from ldap3 import ALL_ATTRIBUTES, MODIFY_ADD, MODIFY_DELETE from ldap3.core.exceptions import LDAPException from ldap3.utils.dn import escape_rdn @@ -18,11 +19,24 @@ from .helpers.ldap import ( app = Flask(__name__) app.secret_key = environ.get("FLASK_SECRET_KEY", default="test") +csrf = CSRFProtect(app) with open(environ["APP_CONFIG"]) as f: APP_CONFIG = load(f) + +@app.errorhandler(CSRFError) +def handle_csrf_error(e): + flash("CRSF validation error. For your own safety, you have been logged out.") + + session["is_logged_in"] = False + session["username"] = "" + session["password"] = "" + + return redirect(url_for("login")) + + @app.route("/") def slash(): if session.get('is_logged_in'): @@ -131,7 +145,6 @@ def selfservice(ldap): return redirect(url_for("selfservice")) - print(session) return template(ldap, "selfservice.html") diff --git a/ldap_frontend/templates/groups/members.html b/ldap_frontend/templates/groups/members.html index f74b651..44b92b5 100644 --- a/ldap_frontend/templates/groups/members.html +++ b/ldap_frontend/templates/groups/members.html @@ -16,6 +16,7 @@