From 3e2491a9bc6579ccf017f0dbc2573b5ab4c75613 Mon Sep 17 00:00:00 2001 From: Daniel Friesel Date: Sat, 21 Jan 2023 08:36:25 +0100 Subject: API documentation: do not perform database requests from template helpers --- lib/Travelynx/Controller/Account.pm | 14 +++++++++++--- lib/Travelynx/Controller/Api.pm | 11 ++++++++++- 2 files changed, 21 insertions(+), 4 deletions(-) (limited to 'lib/Travelynx/Controller') diff --git a/lib/Travelynx/Controller/Account.pm b/lib/Travelynx/Controller/Account.pm index 4af1aa0..52850f7 100644 --- a/lib/Travelynx/Controller/Account.pm +++ b/lib/Travelynx/Controller/Account.pm @@ -389,7 +389,11 @@ sub verify { sub delete { my ($self) = @_; if ( $self->validation->csrf_protect->has_error('csrf_token') ) { - $self->render( 'account', invalid => 'csrf' ); + $self->render( + 'account', + api_token => $self->get_api_token, + invalid => 'csrf', + ); return; } @@ -401,7 +405,11 @@ sub delete { ) ) { - $self->render( 'account', invalid => 'deletion password' ); + $self->render( + 'account', + api_token => $self->get_api_token, + invalid => 'deletion password' + ); return; } $self->users->flag_deletion( uid => $self->current_user->{id} ); @@ -943,7 +951,7 @@ sub confirm_mail { sub account { my ($self) = @_; - $self->render('account'); + $self->render( 'account', api_token => $self->get_api_token ); $self->users->mark_seen( uid => $self->current_user->{id} ); } diff --git a/lib/Travelynx/Controller/Api.pm b/lib/Travelynx/Controller/Api.pm index 8c47e9f..856c477 100755 --- a/lib/Travelynx/Controller/Api.pm +++ b/lib/Travelynx/Controller/Api.pm @@ -34,7 +34,16 @@ sub sanitize { sub documentation { my ($self) = @_; - $self->render('api_documentation'); + if ( $self->is_user_authenticated ) { + $self->render( + 'api_documentation', + uid => $self->current_user->{id}, + api_token => $self->get_api_token, + ); + } + else { + $self->render('api_documentation'); + } } sub get_v1 { -- cgit v1.2.3