einundzwanzig/einundzwanzig-app
1
0
Fork 0
mirror of https://github.com/HolgerHatGarKeineNode/einundzwanzig-app.git synced 2026-05-05 04:54:53 +00:00
Code Issues Packages Projects Releases Wiki Activity

**Nostr Login:** Improved CSRF token handling during login flow.

Browse Source 
- 🛡️ Avoided redundant `Session::regenerate` call as `Auth::loginUsingId` already updates the session ID.
- 🚀 Replaced `wire:navigate` with a full-page redirect to ensure a fresh CSRF token for Livewire actions.
This commit is contained in:
BT
2026-05-04 00:15:37 +02:00
parent 2efc88a7f8
commit dc723855df
1 changed files with 8 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files
resources/views/livewire/auth/login.blade.php
+8 -2
View File
@@ -137,13 +137,19 @@ class extends Component {
]); ]);
} }
FetchNostrProfileJob::dispatch($user); FetchNostrProfileJob::dispatch($user);
// Auth::loginUsingId() already regenerates the session id (see
// SessionGuard::updateSession), so an explicit Session::regenerate()
// would just rotate the CSRF token a second time. We also avoid
// wire:navigate here: it preserves the <meta name="csrf-token"> tag
// from the previous page, so any subsequent Livewire action on the
// destination would 419 (TokenMismatch). A full-page redirect gives
// the browser a fresh document with a fresh token.
Auth::loginUsingId($user->id); Auth::loginUsingId($user->id);
Session::regenerate();
$this->redirectIntended( $this->redirectIntended(
default: route('dashboard', default: route('dashboard',
['country' => str(session('lang_country', config('app.domain_country')))->after('-')->lower()], ['country' => str(session('lang_country', config('app.domain_country')))->after('-')->lower()],
absolute: false), absolute: false),
navigate: true,
); );
return; return;