From e6f6b37872d0fd26e9888200cc26afccebe36b38 Mon Sep 17 00:00:00 2001
From: rob <rob@digitaltelepresence.com>
Date: Sat, 13 Jan 2024 23:58:11 -0500
Subject: [PATCH] completion of CSRF token for signup form

---
 app/controllers/welcome.js   | 2 +-
 app/views/welcome/signup.pug | 1 +
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/app/controllers/welcome.js b/app/controllers/welcome.js
index 28dcae1..455a137 100644
--- a/app/controllers/welcome.js
+++ b/app/controllers/welcome.js
@@ -69,7 +69,7 @@ class WelcomeController extends SiteController {
       csrfToken: csrfTokenService,
       logan: loganService,
     } = this.dtp.services;
-    req.csrfToken = await csrfTokenService.create(req, {
+    res.locals.csrfToken = await csrfTokenService.create(req, {
       name: 'user-create',
       expiresMinutes: 20,
     });
diff --git a/app/views/welcome/signup.pug b/app/views/welcome/signup.pug
index 04d7b60..3876d6e 100644
--- a/app/views/welcome/signup.pug
+++ b/app/views/welcome/signup.pug
@@ -4,6 +4,7 @@ block content
   section.uk-section.uk-section-default.uk-section-xsmall
     .uk-container.uk-container-small
       form(method="POST", action="/user").uk-form
+        input(type="hidden", name= csrfToken.name, value= csrfToken.token)
         .uk-card.uk-card-default.uk-card-small.uk-width-xlarge.uk-margin-auto.uk-border-rounded
           .uk-card-header
             h1.uk-card-title Create New Account