From cd2d8bdb31b911164366c5b819af99884067e1d0 Mon Sep 17 00:00:00 2001
From: Morgan Vernay <morgan@cal.com>
Date: Fri, 17 Nov 2023 22:48:57 +0200
Subject: [PATCH] fix: csrf on more public pages

---
 apps/web/pages/auth/login.tsx  | 2 ++
 apps/web/pages/auth/logout.tsx | 1 +
 apps/web/pages/auth/signin.tsx | 1 +
 3 files changed, 4 insertions(+)

diff --git a/apps/web/pages/auth/login.tsx b/apps/web/pages/auth/login.tsx
index 327486bc8c..042eab1df4 100644
--- a/apps/web/pages/auth/login.tsx
+++ b/apps/web/pages/auth/login.tsx
@@ -5,6 +5,7 @@ import type { GetServerSidePropsContext } from "next";
 import { getCsrfToken, signIn } from "next-auth/react";
 import Link from "next/link";
 import { useRouter } from "next/navigation";
+import { setCsrfToken } from "pages/api/auth/csrf";
 import type { CSSProperties } from "react";
 import { useState } from "react";
 import { FormProvider, useForm } from "react-hook-form";
@@ -279,6 +280,7 @@ inferSSRProps<typeof _getServerSideProps> & WithNonceProps<{}>) {
 
 // TODO: Once we understand how to retrieve prop types automatically from getServerSideProps, remove this temporary variable
 const _getServerSideProps = async function getServerSideProps(context: GetServerSidePropsContext) {
+  setCsrfToken(context.res);
   const { req, res, query } = context;
 
   const session = await getServerSession({ req, res });
diff --git a/apps/web/pages/auth/logout.tsx b/apps/web/pages/auth/logout.tsx
index b0f5d87d20..033b41d801 100644
--- a/apps/web/pages/auth/logout.tsx
+++ b/apps/web/pages/auth/logout.tsx
@@ -71,6 +71,7 @@ Logout.PageWrapper = PageWrapper;
 export default Logout;
 
 export async function getServerSideProps(context: GetServerSidePropsContext) {
+  setCsrfToken(context.res);
   const ssr = await ssrInit(context);
   // Deleting old cookie manually, remove this code after all existing cookies have expired
   context.res.setHeader(
diff --git a/apps/web/pages/auth/signin.tsx b/apps/web/pages/auth/signin.tsx
index 295879ddd3..36eee3cf1c 100644
--- a/apps/web/pages/auth/signin.tsx
+++ b/apps/web/pages/auth/signin.tsx
@@ -30,6 +30,7 @@ signin.PageWrapper = PageWrapper;
 export default signin;
 
 export async function getServerSideProps(context: GetServerSidePropsContext) {
+  setCsrfToken(context.res);
   const { req, res } = context;
 
   const session = await getServerSession({ req, res });