Merge branch 'master' into feat/nats

Author: dogamak

locales/en.json

@@ -86,5 +86,6 @@
   "resetPasswordChoice_title": "Password recovery",
   "resetPasswordSent_title": "Password recovery",
   "resetPasswordForm_title": "Password recovery",
-  "resetPasswordSuccess_title": "Password changed"
+  "resetPasswordSuccess_title": "Password changed",
+  "resetPassword_title": "Password recovery"
 }

locales/fi.json

@@ -86,5 +86,6 @@
   "resetPasswordChoice_title": "Salasanan palautus",
   "resetPasswordSent_title": "Salasanan palautus",
   "resetPasswordForm_title": "Salasanan palautus",
-  "resetPasswordSuccess_title": "Salasana palautettu"
+  "resetPasswordSuccess_title": "Salasana palautettu",
+  "resetPassword_title": "Salasanan palautus"
 }

src/App.ts

@@ -68,7 +68,15 @@ if (process.env.NODE_ENV === "production") {
 const app = express();
 
 // Helmet
-app.use(helmet());
+app.use(
+  helmet({
+    contentSecurityPolicy: {
+      directives: {
+        "form-action": null,
+      },
+    },
+  }),
+);
 
 app.use(morgan("tiny"));
 

src/controllers/OAuthController.ts

@@ -687,6 +687,19 @@ class OAuthController implements Controller {
     });
   };
 
+  /**
+   * Sets the language of the page.
+   */
+  public setLanguage: RequestHandler = (req, res) => {
+    res.clearCookie("tkoaly_locale");
+    res.cookie("tkoaly_locale", req.params.lang, {
+      maxAge: 1000 * 60 * 60 * 24 * 7,
+      domain: process.env.COOKIE_DOMAIN,
+    });
+
+    res.redirect(`/oauth/flow/${encodeURIComponent(req.params.id)}/login`);
+  };
+
   public createDiscoveryRoute(): RequestHandler {
     return this.discovery.bind(this);
   }
@@ -708,17 +721,14 @@ class OAuthController implements Controller {
 
     authorizationFlowRouter.get("/flow/:id/privacy", this.privacyForm, this.redirectErrorHandler);
 
-    authorizationFlowRouter.post(
-      "/flow/:id/privacy",
-      checkCsrf,
-      this.handlePrivacy,
-      this.redirectErrorHandler,
-    );
+    authorizationFlowRouter.post("/flow/:id/privacy", checkCsrf, this.handlePrivacy, this.redirectErrorHandler);
 
     authorizationFlowRouter.get("/flow/:id/gdpr", this.gdprForm, this.redirectErrorHandler);
 
     authorizationFlowRouter.post("/flow/:id/gdpr", checkCsrf, this.handleGdpr, this.redirectErrorHandler);
 
+    authorizationFlowRouter.get("/flow/:id/lang/:lang/:serviceIdentifier?", this.setLanguage);
+
     backChannelRouter.post("/token", this.requireClientAuthentication(), this.token);
 
     backChannelRouter.use(this.jsonErrorHandler);

views/login.pug

@@ -32,7 +32,7 @@ block content
       li
         a.applyToBeAMember(href="/reset-password") #{ t("login_ForgotPassword") }
       li
-        if (currentLocale === "fi")
-          a.loginInEnglish(href="/lang/en/" + service.serviceIdentifier) #{ t("login_InEnglish") }
+        if (language === "fi")
+          a.loginInEnglish(href="./lang/en/" + service.serviceIdentifier) #{ t("login_InEnglish") }
         else
-          a.loginInFinnish(href="/lang/fi/" + service.serviceIdentifier) #{ t("login_InFinnish") }
+          a.loginInFinnish(href="./lang/fi/" + service.serviceIdentifier) #{ t("login_InFinnish") }

views/resetPassword.pug

@@ -3,6 +3,7 @@ extends layouts/common.pug
 block content
   form#loginForm(action=submitUrl || "/reset-password", method="POST")
     input(type="hidden", name="method", value=method)
+    input(type="hidden", name="_csrf", value=csrfToken)
     if (method === "username")
       p #{ t("resetPassword_usernameInputMessage") }
       .form-group

views/resetPasswordForm.pug

@@ -8,6 +8,7 @@ block content
       input(type="hidden", name="nonce", value=nonce)
       input(type="hidden", name="expires", value=expires)
       input(type="hidden", name="signature", value=signature)
+      input(type="hidden", name="_csrf", value=csrfToken)
       .form-group
         label.password1Label(for="password1") #{ t("resetPassword_password1Label") }
         input#password1.input(