Add CSRF form fields to the password reset forms

Author: dogamak

views/resetPassword.pug

@@ -3,6 +3,7 @@ extends layouts/common.pug
 block content
   form#loginForm(action=submitUrl || "/reset-password", method="POST")
     input(type="hidden", name="method", value=method)
+    input(type="hidden", name="_csrf", value=csrfToken)
     if (method === "username")
       p #{ t("resetPassword_usernameInputMessage") }
       .form-group

views/resetPasswordForm.pug

@@ -8,6 +8,7 @@ block content
       input(type="hidden", name="nonce", value=nonce)
       input(type="hidden", name="expires", value=expires)
       input(type="hidden", name="signature", value=signature)
+      input(type="hidden", name="_csrf", value=csrfToken)
       .form-group
         label.password1Label(for="password1") #{ t("resetPassword_password1Label") }
         input#password1.input(