sij/khoj
1
0
Fork 0
mirror of https://github.com/khoj-ai/khoj.git synced 2024-11-27 17:35:07 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Redirect user to the login page when either of the csrf token inputs is missing

Browse source
This commit is contained in:
sabaimran 2024-04-08 20:22:17 +05:30
parent d257629f81
commit 27815d982c
1 changed files with 4 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
src/khoj/routers/auth.py
View file

@ -96,10 +96,12 @@ async def auth(request: Request):
csrf_token_cookie = request.cookies.get("g_csrf_token") csrf_token_cookie = request.cookies.get("g_csrf_token")
if not csrf_token_cookie: if not csrf_token_cookie:
return Response("Missing CSRF token", status_code=400) logger.info("Missing CSRF token. Redirecting user to login page")
return RedirectResponse(url=f"{next_url}")
csrf_token_body = form.get("g_csrf_token") csrf_token_body = form.get("g_csrf_token")
if not csrf_token_body: if not csrf_token_body:
return Response("Missing CSRF token", status_code=400) logger.info("Missing CSRF token body. Redirecting user to login page")
return RedirectResponse(url=f"{next_url}")
if csrf_token_cookie != csrf_token_body: if csrf_token_cookie != csrf_token_body:
return Response("Invalid CSRF token", status_code=400) return Response("Invalid CSRF token", status_code=400)