forked from forgejo/forgejo
add csrf check
This commit is contained in:
slene
parent
01e781dedb
commit
076fc98d98
18 changed files with 208 additions and 46 deletions
|
|
@ -1,7 +1,8 @@
|
|||
{{template "base/head" .}}
|
||||
{{template "base/navbar" .}}
|
||||
<div id="gogs-body" class="container">
|
||||
<form action="/user/activate" method="get" class="form-horizontal gogs-card" id="gogs-login-card">
|
||||
<form action="/user/activate" method="post" class="form-horizontal gogs-card" id="gogs-login-card">
|
||||
{{.CsrfTokenHtml}}
|
||||
<h3>Activate Your Account</h3>
|
||||
{{if .IsActivatePage}}
|
||||
{{if .ServiceNotEnabled}}
|
||||
|
|
|
|||
|
|
@ -22,6 +22,7 @@
|
|||
<div class="modal fade" id="delete-account-modal" tabindex="-1" role="dialog" aria-labelledby="myModalLabel" aria-hidden="true">
|
||||
<div class="modal-dialog">
|
||||
<form action="/user/delete" method="post" class="modal-content" id="gogs-user-delete">
|
||||
{{.CsrfTokenHtml}}
|
||||
<div class="modal-header">
|
||||
<button type="button" class="close" data-dismiss="modal" aria-hidden="true">×</button>
|
||||
<h4 class="modal-title" id="myModalLabel">Delete Account</h4>
|
||||
|
|
|
|||
|
|
@ -5,7 +5,9 @@
|
|||
<div id="gogs-user-setting-container" class="col-md-9">
|
||||
<div id="gogs-setting-pwd">
|
||||
<h4>Password</h4>
|
||||
<form class="form-horizontal" id="gogs-password-form" method="post" action="/user/setting/password">{{if .IsSuccess}}
|
||||
<form class="form-horizontal" id="gogs-password-form" method="post" action="/user/setting/password">
|
||||
{{.CsrfTokenHtml}}
|
||||
{{if .IsSuccess}}
|
||||
<p class="alert alert-success">Password is changed successfully. You can now sign in via new password.</p>{{else if .HasError}}<p class="alert alert-danger form-error">{{.ErrorMsg}}</p>{{end}}
|
||||
<div class="form-group">
|
||||
<label class="col-md-3 control-label">Old Password<strong class="text-danger">*</strong></label>
|
||||
|
|
|
|||
|
|
@ -22,6 +22,7 @@
|
|||
<div class="modal fade" id="ssh-add-modal" tabindex="-1" role="dialog" aria-labelledby="myModalLabel" aria-hidden="true">
|
||||
<div class="modal-dialog">
|
||||
<form class="modal-content form-horizontal" id="gogs-ssh-form" method="post" action="/user/setting/ssh/">
|
||||
{{.CsrfTokenHtml}}
|
||||
<div class="modal-header">
|
||||
<button type="button" class="close" data-dismiss="modal" aria-hidden="true">×</button>
|
||||
<h4 class="modal-title" id="myModalLabel">Add SSH Key</h4>
|
||||
|
|
|
|||
|
|
@ -6,6 +6,7 @@
|
|||
<div id="gogs-setting-pwd">
|
||||
<h4>Account Profile</h4>
|
||||
<form class="form-horizontal" id="gogs-password-form" method="post" action="/user/setting">
|
||||
{{.CsrfTokenHtml}}
|
||||
{{if .IsSuccess}}<p class="alert alert-success">Your profile has been successfully updated.</p>{{else if .HasError}}<p class="alert alert-danger form-error">{{.ErrorMsg}}</p>{{end}}
|
||||
<p>Your Email will be public and used for Account related notifications and any web based operations made via the web.</p>
|
||||
<div class="form-group">
|
||||
|
|
|
|||
|
|
@ -2,6 +2,7 @@
|
|||
{{template "base/navbar" .}}
|
||||
<div class="container" id="gogs-body" data-page="user-signin">
|
||||
<form action="/user/login" method="post" class="form-horizontal gogs-card" id="gogs-login-card">
|
||||
{{.CsrfTokenHtml}}
|
||||
<h3>Log in</h3>
|
||||
<div class="alert alert-danger form-error{{if .HasError}}{{else}} hidden{{end}}">{{.ErrorMsg}}</div>
|
||||
<div class="form-group {{if .Err_UserName}}has-error has-feedback{{end}}">
|
||||
|
|
|
|||
|
|
@ -2,6 +2,7 @@
|
|||
{{template "base/navbar" .}}
|
||||
<div class="container" id="gogs-body" data-page="user-signup">
|
||||
<form action="/user/sign_up" method="post" class="form-horizontal gogs-card" id="gogs-login-card">
|
||||
{{.CsrfTokenHtml}}
|
||||
{{if .DisenableRegisteration}}
|
||||
Sorry, registeration has been disenabled, you can only get account from administrator.
|
||||
{{else}}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue