Minor clean up

Use v5.40 (finally)
Updated TODOs
2024-09-06 22:14:46 -04:00 · 2024-08-15 21:55:45 -04:00 · 2024-08-15 21:38:33 -04:00 · 2024-08-15 21:35:29 -04:00 · 2024-08-15 21:29:19 -04:00 · 2024-08-15 21:25:12 -04:00
29 changed files with 280 additions and 39 deletions
--- a/2
+++ b/2
@ -1,4 +1,4 @@
-FROM docker.io/perl:5.36
+FROM docker.io/perl:5.40

 # Move it
 WORKDIR /opt
--- a/README.md
+++ b/README.md
@ -61,7 +61,7 @@ tests locally:

 ## TODOs

- Tripcodes/PGP signing somehow perhaps...
+- Stop working on this and start the imageboard

 ## AGPL-3.0+ANTIFA compliance

--- a/lib/PostText.pm
+++ b/lib/PostText.pm
@ -188,6 +188,11 @@ sub startup($self) {
        ->to('thread#flag')
        ->name('flag_thread');

+    # Redirect for this old path to the new one
+    $thread->any([qw{GET POST}], '/post', sub ($c) {
+        $c->redirect_to('post_thread')
+    });
+
    $human_thread->any([qw{GET POST}], '/post')
        ->to('thread#create')
        ->name('post_thread');
--- a/lib/PostText/Controller/Moderator.pm
+++ b/lib/PostText/Controller/Moderator.pm
@ -39,8 +39,15 @@ sub login($self) {
    if ($v && $v->has_data) {
        $v->required('email'   )->size(6,    320);
        $v->required('password')->size(12, undef);
+        $v->csrf_protect;

-        if ($v->has_error) {
+        if ($v->has_error('csrf_token')) {
+            $self->stash(
+                status => 403,
+                error  => 'Something went wrong, please try again. 🥺'
+                );
+        }
+        elsif ($v->has_error) {
            $self->stash(status => 400)
        }
        else {
@ -153,8 +160,15 @@ sub create($self) {
        $v->required('name'    )->size(1,     64);
        $v->required('email'   )->size(6,    320);
        $v->required('password')->size(12, undef);
+        $v->csrf_protect;

-        if ($v->has_error) {
+        if ($v->has_error('csrf_token')) {
+            $self->stash(
+                status => 403,
+                error  => 'Something went wrong, please try again. 🥺'
+                )
+        }
+        elsif ($v->has_error) {
            $self->stash(status => 400)
        }
        else {
@ -178,8 +192,15 @@ sub admin_reset($self) {
    if ($v && $v->has_data) {
        $v->required('email'   )->size(6,    320);
        $v->required('password')->size(12, undef);
+        $v->csrf_protect;

-        if ($v->has_error) {
+        if ($v->has_error('csrf_token')) {
+            $self->stash(
+                status => 403,
+                error  => 'Something went wrong, please try again. 🥺'
+                )
+        }
+        elsif ($v->has_error) {
            $self->stash(status => 400)
        }
        else {
@ -201,8 +222,15 @@ sub mod_reset($self) {

    if ($v && $v->has_data) {
        $v->required('password')->size(12, undef);
+        $v->csrf_protect;

-        if ($v->has_error) {
+        if ($v->has_error('csrf_token')) {
+            $self->stash(
+                status => 403,
+                error  => 'Something went wrong, please try again. 🥺'
+                )
+        }
+        elsif ($v->has_error) {
            $self->stash(status => 400)
        }
        else {
@ -226,8 +254,15 @@ sub lock_acct($self) {

    if ($v && $v->has_data) {
        $v->required('email')->size(6, 320);
+        $v->csrf_protect;

-        if ($v->has_error) {
+        if ($v->has_error('csrf_token')) {
+            $self->stash(
+                status => 403,
+                error  => 'Something went wrong, please try again. 🥺'
+                )
+        }
+        elsif ($v->has_error) {
            $self->stash(status => 400)
        }
        else {
@ -248,8 +283,15 @@ sub unlock_acct($self) {

    if ($v && $v->has_data) {
        $v->required('email')->size(6, 320);
+        $v->csrf_protect;

-        if ($v->has_error) {
+        if ($v->has_error('csrf_token')) {
+            $self->stash(
+                status => 403,
+                error  => 'Something went wrong, please try again. 🥺'
+                )
+        }
+        elsif ($v->has_error) {
            $self->stash(status => 400)
        }
        else {
@ -270,8 +312,15 @@ sub promote($self) {

    if ($v && $v->has_data) {
        $v->required('email')->size(6, 320);
+        $v->csrf_protect;

-        if ($v->has_error) {
+        if ($v->has_error('csrf_token')) {
+            $self->stash(
+                status => 403,
+                error  => 'Something went wrong, please try again. 🥺'
+                )
+        }
+        elsif ($v->has_error) {
            $self->stash(status => 400)
        }
        else {
@ -292,8 +341,15 @@ sub demote($self) {

    if ($v && $v->has_data) {
        $v->required('email')->size(6, 320);
+        $v->csrf_protect;

-        if ($v->has_error) {
+        if ($v->has_error('csrf_token')) {
+            $self->stash(
+                status => 403,
+                error  => 'Something went wrong, please try again. 🥺'
+                )
+        }
+        elsif ($v->has_error) {
            $self->stash(status => 400)
        }
        else {
--- a/lib/PostText/Controller/Page.pm
+++ b/lib/PostText/Controller/Page.pm
@ -20,8 +20,15 @@ sub captcha($self) {
    if ($v && $v->has_data) {
        $v->required('answer')->num(1,  9);
        $v->required('number')->size(1, 4);
+        $v->csrf_protect;

-        if ($v->has_error) {
+        if ($v->has_error('csrf_token')) {
+            $self->stash(
+                status => 403,
+                error  => 'Something went wrong, please try again. 🥺'
+                )
+        }
+        elsif ($v->has_error) {
            $self->stash(status => 400)
        }
        else {
--- a/lib/PostText/Controller/Remark.pm
+++ b/lib/PostText/Controller/Remark.pm
@ -36,8 +36,15 @@ sub create($self) {
        $v->required('body'   )->size(2, $body_limit);
        $v->optional('bump'   );
        $v->optional('preview');
+        $v->csrf_protect;

-        if ($v->has_error) {
+        if ($v->has_error('csrf_token')) {
+            $self->stash(
+                status => 403,
+                error  => 'Something went wrong, please try again. 🥺'
+                )
+        }
+        elsif ($v->has_error) {
            $self->stash(status => 400)
        }
        else {
--- a/lib/PostText/Controller/Thread.pm
+++ b/lib/PostText/Controller/Thread.pm
@ -15,8 +15,15 @@ sub create($self) {
        $v->required('title'  )->size(1,         127);
        $v->required('body'   )->size(2, $body_limit);
        $v->optional('preview');
+        $v->csrf_protect;

-        if ($v->has_error) {
+        if ($v->has_error('csrf_token')) {
+            $self->stash(
+                status => 403,
+                error  => 'Something went wrong, please try again. 🥺'
+                );
+        }
+        elsif ($v->has_error) {
            $self->stash(status => 400)
        }
        else {
--- a/lib/PostText/Model/Moderator.pm
+++ b/lib/PostText/Model/Moderator.pm
@ -156,7 +156,8 @@ sub flagged($self) {
        SELECT 'remark',
               remark_id
          FROM remarks
-         WHERE flagged_status;
+         WHERE flagged_status
+         ORDER BY id DESC;
       END_SQL
 }

@ -170,7 +171,8 @@ sub hidden($self) {
        SELECT 'remark',
               remark_id
          FROM remarks
-         WHERE hidden_status;
+         WHERE hidden_status
+         ORDER BY id DESC;
       END_SQL
 }

@ -270,7 +272,8 @@ sub list($self) {
               TO_CHAR(last_login_date, $1) AS last_login_date,
               lock_status,
               admin_status
-          FROM moderators;
+          FROM moderators
+         ORDER BY last_login_date DESC;
        END_SQL
 }

--- a/public/css/elements.css
+++ b/public/css/elements.css
@ -73,7 +73,6 @@ table { width: 100%; }

 table, th, td {
    border-collapse: collapse;
-    border: 0.15em dotted black;
    text-align: center;
 }

--- a/public/js/background.js
+++ b/public/js/background.js
@ -1,8 +1,6 @@
 (function () {
-    const bodyStyle = document.body.style;
-
    function setImage(url) {
-        bodyStyle.backgroundImage = "url('" + url + "')";
+        document.body.style.backgroundImage = "url('" + url + "')";
    }

    switch (new Date().getMonth()) {
--- a/script/post_text
+++ b/script/post_text
@ -3,8 +3,7 @@
 # PostText v0.1
 # Jul 22 2022

-use v5.36;
-#no warnings 'experimental';
+use v5.40;
 use Mojo::File qw{curfile};
 use lib curfile->dirname->sibling('lib')->to_string;
 use Mojolicious::Commands;
--- a/t/admin.t
+++ b/t/admin.t
@ -10,6 +10,11 @@ my %valid_login   = (
    );

 subtest Login => sub {
+    $t->get_ok('/login');
+
+    $valid_login{'csrf_token'} =
+        $t->tx->res->dom->at('input[name="csrf_token"]')->val;
+
    $t->post_ok('/login', form => \%valid_login)
        ->status_is(302)
        ->header_like(Location => qr{moderator/flagged});
@ -31,9 +36,10 @@ subtest Login => sub {
        $t->get_ok('/moderator/admin/create')
            ->status_is(200)
            ->text_like(h2 => qr/Create Moderator/)
-            ->element_exists('form input[name="name"]'    )
-            ->element_exists('form input[name="email"]'   )
-            ->element_exists('form input[name="password"]')
+            ->element_exists('form input[name="name"]'      )
+            ->element_exists('form input[name="email"]'     )
+            ->element_exists('form input[name="password"]'  )
+            ->element_exists('form input[name="csrf_token"]')
    };

    subtest Reset => sub {
@ -43,6 +49,7 @@ subtest Login => sub {
            ->element_exists('a[href*="/moderator/admin/reset"]')
            ->element_exists('form input[name="email"]'         )
            ->element_exists('form input[name="password"]'      )
+            ->element_exists('form input[name="csrf_token"]'    )
    };

    subtest Lock => sub {
@ -51,6 +58,7 @@ subtest Login => sub {
            ->text_like(h2 => qr/Lock Account/)
            ->element_exists('a[href*="/moderator/admin/lock"]')
            ->element_exists('form input[name="email"]'        )
+            ->element_exists('form input[name="csrf_token"]'   )
    };

    subtest Unlock => sub {
@ -59,6 +67,7 @@ subtest Login => sub {
            ->text_like(h2 => qr/Unlock Account/)
            ->element_exists('a[href*="/moderator/admin/unlock"]')
            ->element_exists('form input[name="email"]'          )
+            ->element_exists('form input[name="csrf_token"]'     )
    };

    subtest Promote => sub {
@ -67,6 +76,7 @@ subtest Login => sub {
            ->text_like(h2 => qr/Promote Moderator/)
            ->element_exists('a[href*="/moderator/admin/promote"]')
            ->element_exists('form input[name="email"]'           )
+            ->element_exists('form input[name="csrf_token"]'      )
    };

    subtest Demote => sub {
@ -75,6 +85,7 @@ subtest Login => sub {
            ->text_like(h2 => qr/Demote Admin/)
            ->element_exists('a[href*="/moderator/admin/demote"]')
            ->element_exists('form input[name="email"]'          )
+            ->element_exists('form input[name="csrf_token"]'     )
    };

    # Admin session ends
--- a/t/human.t
+++ b/t/human.t
@ -25,18 +25,39 @@ subtest 'Bumping thread', sub {
    $t->get_ok('/human/thread/bump/1')->status_is(302)
        ->header_like(Location => qr/captcha/);

+    $t->get_ok($bump_thread_url)
+        ->status_is(200)
+        ->element_exists('input[name="answer"]'    )
+        ->element_exists('input[name="number"]'    )
+        ->element_exists('input[name="csrf_token"]');
+
+    # Bad CSRF
+    $t->post_ok($bump_thread_url, form => \%bad_bot)
+        ->status_is(403)
+        ->element_exists('p[class="stash-with-error"]')
+        ->text_like(p => qr/Something went wrong/);
+
    # Bad CAPTCHA
+    $bad_bot{'csrf_token'} =
+        $t->tx->res->dom->at('input[name="csrf_token"]')->val;
+
    $t->post_ok($bump_thread_url, form => \%bad_bot)
        ->status_is(400)
        ->element_exists('p[class="stash-with-error"]')
        ->text_like(p => qr/Sounds like something a robot would say/);

+    $invalid_captcha{'csrf_token'} =
+        $t->tx->res->dom->at('input[name="csrf_token"]')->val;
+
    $t->post_ok($bump_thread_url, form => \%invalid_captcha)
        ->status_is(400)
        ->element_exists('p[class="field-with-error"]')
        ->text_like(p => qr/Should be a single number/);

    # Solved CAPTCHA
+    $good_human{'csrf_token'} =
+        $t->tx->res->dom->at('input[name="csrf_token"]')->val;
+
    $t->post_ok($bump_thread_url, form => \%good_human)
        ->status_is(302)
        ->header_like(Location => qr{human/thread/bump/1});
@ -56,18 +77,35 @@ subtest 'Flagging thread', sub {
    $t->get_ok('/human/thread/flag/1')->status_is(302)
        ->header_like(Location => qr/captcha/);

+    # Bad CSRF
+    $t->get_ok($flag_thread_url);
+
+    $t->post_ok($flag_thread_url, form => \%bad_bot)
+        ->status_is(403)
+        ->element_exists('p[class="stash-with-error"]')
+        ->text_like(p => qr/Something went wrong/);
+
    # Bad CAPTCHA
+    $bad_bot{'csrf_token'} =
+        $t->tx->res->dom->at('input[name="csrf_token"]')->val;
+
    $t->post_ok($flag_thread_url, form => \%bad_bot)
        ->status_is(400)
        ->element_exists('p[class="stash-with-error"]')
        ->text_like(p => qr/Sounds like something a robot would say/);

+    $invalid_captcha{'csrf_token'} =
+        $t->tx->res->dom->at('input[name="csrf_token"]')->val;
+
    $t->post_ok($flag_thread_url, form => \%invalid_captcha)
        ->status_is(400)
        ->element_exists('p[class="field-with-error"]')
        ->text_like(p => qr/Should be a single number/);

    # Solved CAPTCHA
+    $good_human{'csrf_token'} =
+        $t->tx->res->dom->at('input[name="csrf_token"]')->val;
+
    $t->post_ok($flag_thread_url, form => \%good_human)
        ->status_is(302)
        ->header_like(Location => qr{human/thread/flag/1});
@ -83,18 +121,35 @@ subtest 'Flagging remark', sub {
    $t->get_ok('/human/remark/flag/1')->status_is(302)
        ->header_like(Location => qr/captcha/);

+    # Bad CSRF
+    $t->get_ok($flag_remark_url);
+
+    $t->post_ok($flag_remark_url, form => \%bad_bot)
+        ->status_is(403)
+        ->element_exists('p[class="stash-with-error"]')
+        ->text_like(p => qr/Something went wrong/);
+
    # Bad CAPTCHA
+    $bad_bot{'csrf_token'} =
+        $t->tx->res->dom->at('input[name="csrf_token"]')->val;
+
    $t->post_ok($flag_remark_url, form => \%bad_bot)
        ->status_is(400)
        ->element_exists('p[class="stash-with-error"]')
        ->text_like(p => qr/Sounds like something a robot would say/);

+    $invalid_captcha{'csrf_token'} =
+        $t->tx->res->dom->at('input[name="csrf_token"]')->val;
+
    $t->post_ok($flag_remark_url, form => \%invalid_captcha)
        ->status_is(400)
        ->element_exists('p[class="field-with-error"]')
        ->text_like(p => qr/Should be a single number/);

    # Solved CAPTCHA
+    $good_human{'csrf_token'} =
+        $t->tx->res->dom->at('input[name="csrf_token"]')->val;
+
    $t->post_ok($flag_remark_url, form => \%good_human)
        ->status_is(302)
        ->header_like(Location => qr{human/remark/flag/1});
--- a/t/moderator.t
+++ b/t/moderator.t
@ -17,16 +17,28 @@ my %invalid_login = (
 subtest Login => sub {
    $t->get_ok('/login')
        ->status_is(200)
-        ->element_exists('form input[name="email"]')
-        ->element_exists('form input[name="password"]')
+        ->element_exists('form input[name="email"]'     )
+        ->element_exists('form input[name="password"]'  )
+        ->element_exists('form input[name="csrf_token"]')
        ->text_like(h2 => qr/Moderator Login/);

+    # Bad CSRF token
+    $t->post_ok('/login', form => \%valid_login)
+        ->status_is(403)
+        ->text_like(p => qr/Something went wrong/);
+
+    $invalid_login{'csrf_token'} =
+        $t->tx->res->dom->at('input[name="csrf_token"]')->val;
+
    $t->post_ok('/login', form => \%invalid_login)
        ->status_is(403)
        ->element_exists('form input[name="email"]')
        ->element_exists('form input[name="password"]')
        ->text_like(p => qr/Invalid login/);

+    $valid_login{'csrf_token'} =
+        $t->tx->res->dom->at('input[name="csrf_token"]')->val;
+
    $t->post_ok('/login', form => \%valid_login)
        ->status_is(302)
        ->header_like(Location => qr{moderator/flagged});
--- a/t/post.t
+++ b/t/post.t
@ -44,6 +44,11 @@ $t->get_ok('/human/remark/post/1')->status_is(302)
    ->header_like(Location => qr/captcha/);

 # Do CAPTCHA
+$t->get_ok($bump_thread_url);
+
+$good_captcha{'csrf_token'} =
+    $t->tx->res->dom->at('input[name="csrf_token"]')->val;
+
 $t->post_ok($bump_thread_url, form => \%good_captcha)
    ->status_is(302)
    ->header_like(Location => qr{human/thread/bump/1});
@ -53,10 +58,11 @@ $t->ua->max_redirects(1);
 subtest 'Post new thread', sub {
    # GET
    $t->get_ok('/human/thread/post')->status_is(200)
-        ->element_exists('form input[name="author"]' )
-        ->element_exists('form input[name="title"]'  )
-        ->element_exists('form textarea[name="body"]')
-        ->element_exists('form button[type="submit"]' )
+        ->element_exists('form input[name="author"]'    )
+        ->element_exists('form input[name="title"]'     )
+        ->element_exists('form textarea[name="body"]'   )
+        ->element_exists('form button[type="submit"]'   )
+        ->element_exists('form input[name="csrf_token"]')
        ->text_like(h2 => qr/New Thread/);

    # POST
@ -64,17 +70,31 @@ subtest 'Post new thread', sub {
        ->element_exists('form input[name="author"]' )
        ->element_exists('form input[name="title"]'  )
        ->element_exists('form textarea[name="body"]')
-        ->element_exists('form button[type="submit"]' )
+        ->element_exists('form button[type="submit"]')
        ->text_like(h2 => qr/New Thread/);

+    # No CSRF token
+    $t->post_ok('/human/thread/post', form => \%valid_thread)
+        ->status_is(403)
+        ->text_like(p => qr/Something went wrong/);
+
+    $invalid_title{'csrf_token'} =
+        $t->tx->res->dom->at('input[name="csrf_token"]')->val;
+
    $t->post_ok('/human/thread/post', form => \%invalid_title)
        ->status_is(400)
        ->text_like(p => qr/Must be between/);

+    $invalid_thread{'csrf_token'} =
+        $t->tx->res->dom->at('input[name="csrf_token"]')->val;
+
    $t->post_ok('/human/thread/post', form => \%invalid_thread)
        ->status_is(400)
        ->text_like(p => qr/Must be between/);

+    $valid_thread{'csrf_token'} =
+        $t->tx->res->dom->at('input[name="csrf_token"]')->val;
+
    $t->post_ok('/human/thread/post', form => \%valid_thread)
        ->status_is(200)
        ->text_like(h2 => qr/Thread #\d+/);
@ -85,29 +105,44 @@ subtest 'Post new remark', sub {
    $t->get_ok('/human/remark/post/1')->status_is(200)
        ->element_exists('form input[name="author"]' )
        ->element_exists('form textarea[name="body"]')
-        ->element_exists('form button[type="submit"]' )
+        ->element_exists('form button[type="submit"]')
        ->text_like(h2 => qr/Remark on Thread #/);
    $t->get_ok('/human/remark/post/65536')->status_is(404)
        ->text_like(p => qr/Thread not found/);
    # Test the remark-to-remark thing
    $t->get_ok('/human/remark/post/1/1')->status_is(200)
-        ->element_exists('form input[name="author"]' )
-        ->element_exists('form textarea[name="body"]')
+        ->element_exists('form input[name="author"]'  )
+        ->element_exists('form textarea[name="body"]' )
        ->element_exists('form button[type="submit"]' )
        ->element_exists('a[href$="/remark/single/1"]')
        ->text_like(h3 => qr/Last Remark/);

    # POST
    $t->post_ok('/human/remark/post/1')->status_is(200)
-        ->element_exists('form input[name="author"]' )
-        ->element_exists('form textarea[name="body"]')
+        ->element_exists('form input[name="author"]'  )
+        ->element_exists('form textarea[name="body"]' )
        ->element_exists('form button[type="submit"]' )
        ->text_like(h2 => qr/Remark on Thread #/);

+    # No CSRF token
+    $t->post_ok('/human/remark/post/1', form => \%valid_remark)
+        ->status_is(403)
+        ->text_like(p => qr/Something went wrong/);
+
+    $t->get_ok('/human/remark/post/1');
+
+    $valid_remark{'csrf_token'} =
+        $t->tx->res->dom->at('input[name="csrf_token"]')->val;
+
    $t->post_ok('/human/remark/post/1', form => \%valid_remark)
        ->status_is(200)
        ->text_like(h2 => qr/Thread #1/);

+    $t->get_ok('/human/remark/post/1');
+
+    $invalid_remark{'csrf_token'} =
+        $t->tx->res->dom->at('input[name="csrf_token"]')->val;
+
    $t->post_ok('/human/remark/post/1', form => \%invalid_remark)
        ->status_is(400)
        ->text_like(p => qr/Must be between/);
--- a/t/preview.t
+++ b/t/preview.t
@ -23,6 +23,11 @@ my %preview_remark = (
    );

 # Do CAPTCHA
+$t->get_ok($bump_thread_url);
+
+$good_captcha{'csrf_token'} =
+    $t->tx->res->dom->at('input[name="csrf_token"]')->val;
+
 $t->post_ok($bump_thread_url, form => \%good_captcha)
    ->status_is(302)
    ->header_like(Location => qr{human/thread/bump/1});
@ -36,10 +41,20 @@ subtest 'Check the form + button', sub {
 };

 subtest 'Submit input', sub {
+    $t->get_ok('/human/remark/post/1');
+
+    $preview_remark{'csrf_token'} =
+        $t->tx->res->dom->at('input[name="csrf_token"]')->val;
+
    $t->post_ok('/human/remark/post/1', form => \%preview_remark)
        ->status_is(200)
        ->text_like(p => qr/ayy\.\.\. lmao/);

+    $t->get_ok('/human/thread/post');
+
+    $preview_thread{'csrf_token'} =
+        $t->tx->res->dom->at('input[name="csrf_token"]')->val;
+
    $t->post_ok('/human/thread/post', form => \%preview_thread)
        ->status_is(200)
        ->text_like(p => qr/ayy\.\.\. lmao/);
--- a/t/redirect_old_path.t
+++ b/t/redirect_old_path.t
@ -0,0 +1,10 @@
+use Mojo::Base -strict;
+use Test::More;
+use Test::Mojo;
+
+my $t = Test::Mojo->new('PostText');
+
+$t->get_ok('/thread/post')->status_is(302)
+    ->header_like(Location => qr{human/thread/post});
+
+done_testing;
--- a/t/search.t
+++ b/t/search.t
@ -8,12 +8,23 @@ my %good_human    = (answer => 1, number => 'Ⅰ');
 my $search_url    =
    '/captcha/H4sIABJ8PGUAA8soKSmw0tfPyU9OzMnILy6xMjYwMNDPKM1NzNMvTk0sSs4AAPrUR3kiAAAA%0A';

+subtest 'Search form', sub {
+    $t->get_ok('/thread/list')
+        ->element_exists('form input[name="q"]'      )
+        ->element_exists('form button[type="submit"]');
+};
+
 subtest 'Search before CAPTCHA', sub {
    $t->get_ok('/human/search')->status_is(302)
        ->header_like(Location => qr/captcha/);
 };

 subtest 'Search after CAPTCHA', sub {
+    $t->get_ok($search_url);
+
+    $good_human{'csrf_token'} =
+        $t->tx->res->dom->at('input[name="csrf_token"]')->val;
+
    $t->post_ok($search_url, form => \%good_human)
        ->status_is(302)
        ->header_like(Location => qr{human/search});
--- a/templates/moderator/admin_reset.html.ep
+++ b/templates/moderator/admin_reset.html.ep
@ -18,5 +18,6 @@
    <%= label_for password => 'Password' %>
    <%= password_field password => (id => 'password') %>
  </div>
+  <%= csrf_field %>
  <button type="submit" class="form-button">Reset</button>
 </form>
--- a/templates/moderator/create.html.ep
+++ b/templates/moderator/create.html.ep
@ -26,5 +26,6 @@
    <%= label_for password => 'Password' %>
    <%= password_field password => (id => 'password') %>
  </div>
+  <%= csrf_field %>
  <button type="submit" class="form-button">Create</button>
 </form>
--- a/templates/moderator/demote.html.ep
+++ b/templates/moderator/demote.html.ep
@ -10,5 +10,6 @@
    <%= label_for email => 'Email' %>
    <%= email_field email => (id => 'email', autofocus => undef) %>
  </div>
+  <%= csrf_field %>
  <button type="submit" class="form-button">Demote</button>
 </form>
--- a/templates/moderator/lock_acct.html.ep
+++ b/templates/moderator/lock_acct.html.ep
@ -10,5 +10,6 @@
    <%= label_for email => 'Email' %>
    <%= email_field email => (id => 'email', autofocus => undef) %>
  </div>
+  <%= csrf_field %>
  <button type="submit" class="form-button">Lock</button>
 </form>
--- a/templates/moderator/login.html.ep
+++ b/templates/moderator/login.html.ep
@ -12,11 +12,12 @@
  </div>
  <div class="form-field">
    <% if (my $error = validation->error('password')) { =%>
-    <p class="field-with-error">Must be between <%= $error->[2] %>
-      and <%= $error->[3] %> characters.</p>
+    <p class="field-with-error">Must be atleast <%= $error->[2] %>
+      characters.</p>
    <% } =%>
    <%= label_for password => 'Password' %>
    <%= password_field password => (id => 'password') %>
  </div>
+  <%= csrf_field %>
  <button type="submit" class="form-button">Login</button>
 </form>
--- a/templates/moderator/mod_reset.html.ep
+++ b/templates/moderator/mod_reset.html.ep
@ -10,6 +10,7 @@
    <%= label_for password => 'Password' %>
    <%= password_field password => (id => 'password', autofocus => undef) %>
  </div>
+  <%= csrf_field %>
  <button type="submit" class="form-button">Reset</button>
 </form>

--- a/templates/moderator/promote.html.ep
+++ b/templates/moderator/promote.html.ep
@ -10,5 +10,6 @@
    <%= label_for email => 'Email' %>
    <%= email_field email => (id => 'email', autofocus => undef) %>
  </div>
+  <%= csrf_field %>
  <button type="submit" class="form-button">Promote</button>
 </form>
--- a/templates/moderator/unlock_acct.html.ep
+++ b/templates/moderator/unlock_acct.html.ep
@ -10,5 +10,6 @@
    <%= label_for email => 'Email' %>
    <%= email_field email => (id => 'email', autofocus => undef) %>
  </div>
+  <%= csrf_field %>
  <button type="submit" class="form-button">Unlock</button>
 </form>
--- a/templates/page/captcha.html.ep
+++ b/templates/page/captcha.html.ep
@ -26,5 +26,6 @@
    ) %>
  </div>
  <%= hidden_field number => $roman_numeral, id => 'number' %>
+  <%= csrf_field %>
  <button type="submit" class="form-button">Answer</button>
 </form>
--- a/templates/remark/create.html.ep
+++ b/templates/remark/create.html.ep
@ -55,6 +55,7 @@
    <%= check_box preview => 1, id => 'preview' %>
    <%= label_for preview => 'Preview' %>
  </div>
+  <%= csrf_field %>
  <button type="submit" class="form-button">Post</button>
 </form>
 <%# Putting this first above the thread body (nested if, yucky sry) %>
--- a/templates/thread/create.html.ep
+++ b/templates/thread/create.html.ep
@ -61,5 +61,6 @@
    <%= check_box preview => 1, id => 'preview' %>
    <%= label_for preview => 'Preview' %>
  </div>
+  <%= csrf_field %>
  <button type="submit" class="form-button">Post</button>
 </form>
Author	SHA1	Message	Date
swaggboi	66d4259af2	Minor clean up	2024-09-06 22:14:46 -04:00
swaggboi	ccd68b8af4	Use v5.40 (finally)	2024-08-15 21:55:45 -04:00
swaggboi	6f96109f45	Updated TODOs	2024-08-15 21:38:33 -04:00
swaggboi	b586c534ce	Sort the results for the mod/admin list views	2024-08-15 21:35:29 -04:00
swaggboi	7b618f56cb	Tired of this border	2024-08-15 21:29:19 -04:00
swaggboi	c5098263b3	CSRF validation for mod/admin actions	2024-08-15 21:25:12 -04:00
swaggboi	69cd01361b	Fix some tests to submit the CSRF token	2024-08-15 21:09:39 -04:00
swaggboi	2d6152d762	Validation for login and post remark	2024-08-15 21:02:10 -04:00
swaggboi	6b6278e940	CSRF validation for CAPTCHA and some more tests	2024-08-15 20:54:07 -04:00
swaggboi	de62444eca	Last few CSRF fields	2024-08-15 20:30:47 -04:00
swaggboi	e19ded1362	Added CSRF fields to mod/admin templates	2024-08-15 20:24:31 -04:00
swaggboi	fd0eba29d7	Lil test for the search form too	2024-08-15 19:59:41 -04:00
swaggboi	b29a95d0cb	Tests for CSRF	2024-08-15 19:56:02 -04:00
swaggboi	e590fe26e5	Merge branch 'slapbird'	2024-08-15 12:25:19 -04:00
swaggboi	decbc120e3	Redirect for old `/thread/post` path	2024-08-14 16:30:55 -04:00
swaggboi	18634bbf60	New TODO	2024-08-12 23:00:22 -04:00
swaggboi	0aef68495c	Fix thread preview tests	2024-08-11 22:24:12 -04:00
swaggboi	32393fd8f3	Implement CSRF for post_thread	2024-08-10 15:24:32 -04:00
swaggboi	66bbd9da67	New TODO	2024-08-09 22:14:11 -04:00