Fixed major security issues

Co-authored-by: LarsVomMars <lars@kroenner.eu>
author: Marvin Borner 2019-05-04 19:10:18 +0200
committer: Marvin Borner 2019-05-04 19:10:18 +0200
commit: b7540fb2b1bbe016d23b8a7f3e7ab3edafb219c8 (patch)
tree: da32ba6ac7467bc7d39f5209c7734ded79911260 /src/main/resources/views
parent: 04d0cb43f6a3ede1a61309cf17d78d189caa9dd4 (diff)
2 files changed, 2 insertions, 2 deletions
diff --git a/src/main/resources/views/index.rocker.html b/src/main/resources/views/index.rocker.html
index 650a4b7..98a659e 100644
--- a/src/main/resources/views/index.rocker.html
+++ b/src/main/resources/views/index.rocker.html
@@ -7,7 +7,6 @@
 
     <div>
         @if(username.length() > 0) {
-        <!-- TODO: Fix logout button? -->
         <a class="button" href="/user/logout">Logout</a>
         } else if (!(new DatabaseController()).isSetup()) {
         <a class="button" href="/setup">Setup</a>
diff --git a/src/main/resources/views/register.rocker.html b/src/main/resources/views/register.rocker.html
index 6d314dd..af3d127 100644
--- a/src/main/resources/views/register.rocker.html
+++ b/src/main/resources/views/register.rocker.html
@@ -1,4 +1,4 @@
-@args (String username, String message)
+@args (String username, String token, String message)
 
 @layout.template("Register", RockerContent.NONE, RockerContent.NONE) -> {
 <div class="flex">
@@ -8,6 +8,7 @@
         <h3>Please set a password for user "@username"</h3>
         <div>
             <input hidden name="username" type="text" value="@username"/>
+            <input hidden name="token" type="text" value="@token"/>
         </div>
         <div>
             <label for="password">Password:</label>
author	Marvin Borner	2019-05-04 19:10:18 +0200
committer	Marvin Borner	2019-05-04 19:10:18 +0200
commit	b7540fb2b1bbe016d23b8a7f3e7ab3edafb219c8 (patch)
tree	da32ba6ac7467bc7d39f5209c7734ded79911260 /src/main/resources/views
parent	04d0cb43f6a3ede1a61309cf17d78d189caa9dd4 (diff)