From 78fe913ab54912dac73064a6739462a71679c16a Mon Sep 17 00:00:00 2001
From: Guillaume Rousse <guillaume.rousse@renater.fr>
Date: Thu, 23 May 2024 14:24:22 +0200
Subject: [PATCH] add CSRF token to email link

---
 lib/AccessCheck/App/Step3.pm | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/AccessCheck/App/Step3.pm b/lib/AccessCheck/App/Step3.pm
index 29be042..b97bf07 100644
--- a/lib/AccessCheck/App/Step3.pm
+++ b/lib/AccessCheck/App/Step3.pm
@@ -119,7 +119,7 @@ sub run {
         sp            => { entityid => $entityid, },
         to            => $email,
         token         => $token->secret(),
-        challenge_url => $self->url_for('step3')->query(entityid => $entityid, email => $email)->to_abs(),
+        challenge_url => $self->url_for('step3')->query(entityid => $entityid, email => $email, token => $self->csrf_token())->to_abs(),
         lh            => $l10n
     };
     my $text_content;
-- 
GitLab