Add CSRF token challenge on logout

CHANGELOG

@@ -18,6 +18,7 @@ Revision history for Lufi
 	- MySQL support
 	- Display max size on upload page
 	- Add CSRF token challenge on login
+	- Add CSRF token challenge on logout
 
 0.02.2 2017-09-18
 	- Fix cron tasks bug

lib/Lufi.pm

@@ -112,7 +112,7 @@ sub startup {
           ->to('Auth#login');
 
         # Logout page
-        $r->get('/logout')
+        $r->post('/logout')
           ->to('Auth#log_out')
           ->name('logout');
     }

lib/Lufi/Controller/Auth.pm

@@ -35,7 +35,11 @@ sub log_out {
     my $c = shift;
 
     if ($c->is_user_authenticated) {
-        $c->logout;
+        if ($c->validation->csrf_protect->has_error('csrf_token')) {
+            $c->stash(msg => $c->l('Bad CSRF token.'));
+        } else {
+            $c->logout;
+        }
     }
     $c->render(template => 'logout');
 }

t/test.t

@@ -182,7 +182,15 @@ sub auth_test_suite {
     test_upload_file();
     test_download_file();
 
-    $t->get_ok('/logout')
+    my $token = '';
+
+    $t->post_ok('/logout' => form => { csrf_token => $token })
+      ->status_is(200)
+      ->content_like(qr@Bad CSRF token\.@);
+
+    $token = $t->ua->get('/')->res->dom->find('input[name="csrf_token"]')->first->attr('value');
+
+    $t->post_ok('/logout' => form => { csrf_token => $token })
       ->status_is(200)
       ->content_like(qr@You have been successfully logged out\.@);
 

themes/default/lib/Lufi/I18N/ca.po

@@ -48,7 +48,7 @@ msgstr "Un agraïment amb la foto d'un gatet a <a href=\"https://framasphere.org
 msgid "Abort"
 msgstr "Avorta"
 
-#: themes/default/templates/layouts/default.html.ep:48 themes/default/templates/layouts/default.html.ep:71
+#: themes/default/templates/layouts/default.html.ep:48 themes/default/templates/layouts/default.html.ep:76
 msgid "About"
 msgstr "Quant a"
 
@@ -73,6 +73,10 @@ msgstr "Retorna a la pàgina d'inici"
 msgid "Bad CSRF token!"
 msgstr "Mal testimoni CSRF!"
 
+#: lib/Lufi/Controller/Auth.pm:22 lib/Lufi/Controller/Auth.pm:39
+msgid "Bad CSRF token."
+msgstr ""
+
 #: themes/default/templates/partial/render.js.ep:5
 msgid "Click here to refresh the page and restart the download."
 msgstr "Premeu aquí per tal de refrescar la pàgina i reiniciar la descàrrega"
@@ -266,7 +270,7 @@ msgstr "Sembla que la clau a l'URL és incorrecta. Si us plau, verifiqueu l'URL.
 msgid "Javascript is disabled. You won't be able to use Lufi."
 msgstr "Teniu el javascript deactivat. No podreu usar Lufi."
 
-#: themes/default/templates/layouts/default.html.ep:40 themes/default/templates/layouts/default.html.ep:63
+#: themes/default/templates/layouts/default.html.ep:40 themes/default/templates/layouts/default.html.ep:68
 msgid "Language"
 msgstr ""
 
@@ -274,7 +278,7 @@ msgstr ""
 msgid "Login"
 msgstr "Entrada"
 
-#: themes/default/templates/layouts/default.html.ep:50 themes/default/templates/layouts/default.html.ep:73
+#: themes/default/templates/layouts/default.html.ep:53 themes/default/templates/layouts/default.html.ep:78
 msgid "Logout"
 msgstr "Sortida"
 
@@ -286,7 +290,7 @@ msgstr "Lufi és programari lliure d'allotjament de fitxers."
 msgid "Mail"
 msgstr ""
 
-#: themes/default/templates/files.html.ep:3 themes/default/templates/layouts/default.html.ep:34 themes/default/templates/layouts/default.html.ep:57
+#: themes/default/templates/files.html.ep:3 themes/default/templates/layouts/default.html.ep:34 themes/default/templates/layouts/default.html.ep:62
 msgid "My files"
 msgstr "Els meus fitxers"
 
@@ -316,7 +320,7 @@ msgstr "Si us plau contacteu amb l'administrador: %1"
 msgid "Please wait while we are getting your file. We first need to download and decrypt all parts before you can get it."
 msgstr "Si us plau, espereu mentre obtenim el fitxer. Abans que el tingueu disponible primer cal descarregar i desxifrar tots els trossos."
 
-#: lib/Lufi/Controller/Auth.pm:24
+#: lib/Lufi/Controller/Auth.pm:28
 msgid "Please, check your credentials or your right to access this service: unable to authenticate."
 msgstr ""
 
@@ -328,7 +332,7 @@ msgstr "Privacitat"
 msgid "Purge expired files from localStorage"
 msgstr "Netegeu els fitxers expirats de l'emmagatzematge local."
 
-#: themes/default/templates/layouts/default.html.ep:31 themes/default/templates/layouts/default.html.ep:54
+#: themes/default/templates/layouts/default.html.ep:31 themes/default/templates/layouts/default.html.ep:59
 msgid "Report file"
 msgstr ""
 
@@ -357,7 +361,7 @@ msgstr "S'està enviant el tros XX1 de XX2. Si us plau, paciència; la barra de
 msgid "Share your files in total privacy on %1"
 msgstr "Compartiu fitxers amb total privacitat a %1"
 
-#: themes/default/templates/layouts/default.html.ep:36 themes/default/templates/layouts/default.html.ep:59 themes/default/templates/login.html.ep:26 themes/default/templates/logout.html.ep:8
+#: themes/default/templates/layouts/default.html.ep:36 themes/default/templates/layouts/default.html.ep:64 themes/default/templates/login.html.ep:27 themes/default/templates/logout.html.ep:17
 msgid "Signin"
 msgstr "Autenticació"
 
@@ -443,7 +447,7 @@ msgstr "No he pogut obtenir el comptador de %1. El testimoni no és vàlid."
 msgid "Unable to get counter for %1. You are not authenticated."
 msgstr "No he pogut obtenir el comptador de %1. No esteu autenticat."
 
-#: themes/default/templates/layouts/default.html.ep:33 themes/default/templates/layouts/default.html.ep:56
+#: themes/default/templates/layouts/default.html.ep:33 themes/default/templates/layouts/default.html.ep:61
 msgid "Upload files"
 msgstr "Pujar fitxers"
 
@@ -487,7 +491,7 @@ msgstr "Heu intentat deixar aquesta pàgina. Es canceŀlarà la descàrrega. N'e
 msgid "You have attempted to leave this page. The upload will be canceled. Are you sure?"
 msgstr "Heu intentat deixar aquesta pàgina. Es canceŀlarà la pujada. N'esteu segur?"
 
-#: themes/default/templates/logout.html.ep:5
+#: themes/default/templates/logout.html.ep:14
 msgid "You have been successfully logged out."
 msgstr "Heu sortit correctament."
 

themes/default/lib/Lufi/I18N/en.po

@@ -45,7 +45,7 @@ msgstr ""
 msgid "Abort"
 msgstr ""
 
-#: themes/default/templates/layouts/default.html.ep:48 themes/default/templates/layouts/default.html.ep:71
+#: themes/default/templates/layouts/default.html.ep:48 themes/default/templates/layouts/default.html.ep:76
 msgid "About"
 msgstr ""
 
@@ -70,6 +70,10 @@ msgstr ""
 msgid "Bad CSRF token!"
 msgstr ""
 
+#: lib/Lufi/Controller/Auth.pm:22 lib/Lufi/Controller/Auth.pm:39
+msgid "Bad CSRF token."
+msgstr ""
+
 #: themes/default/templates/partial/render.js.ep:5
 msgid "Click here to refresh the page and restart the download."
 msgstr ""
@@ -262,7 +266,7 @@ msgstr ""
 msgid "Javascript is disabled. You won't be able to use Lufi."
 msgstr ""
 
-#: themes/default/templates/layouts/default.html.ep:40 themes/default/templates/layouts/default.html.ep:63
+#: themes/default/templates/layouts/default.html.ep:40 themes/default/templates/layouts/default.html.ep:68
 msgid "Language"
 msgstr ""
 
@@ -270,7 +274,7 @@ msgstr ""
 msgid "Login"
 msgstr ""
 
-#: themes/default/templates/layouts/default.html.ep:50 themes/default/templates/layouts/default.html.ep:73
+#: themes/default/templates/layouts/default.html.ep:53 themes/default/templates/layouts/default.html.ep:78
 msgid "Logout"
 msgstr ""
 
@@ -282,7 +286,7 @@ msgstr ""
 msgid "Mail"
 msgstr ""
 
-#: themes/default/templates/files.html.ep:3 themes/default/templates/layouts/default.html.ep:34 themes/default/templates/layouts/default.html.ep:57
+#: themes/default/templates/files.html.ep:3 themes/default/templates/layouts/default.html.ep:34 themes/default/templates/layouts/default.html.ep:62
 msgid "My files"
 msgstr ""
 
@@ -312,7 +316,7 @@ msgstr ""
 msgid "Please wait while we are getting your file. We first need to download and decrypt all parts before you can get it."
 msgstr ""
 
-#: lib/Lufi/Controller/Auth.pm:24
+#: lib/Lufi/Controller/Auth.pm:28
 msgid "Please, check your credentials or your right to access this service: unable to authenticate."
 msgstr ""
 
@@ -324,7 +328,7 @@ msgstr ""
 msgid "Purge expired files from localStorage"
 msgstr ""
 
-#: themes/default/templates/layouts/default.html.ep:31 themes/default/templates/layouts/default.html.ep:54
+#: themes/default/templates/layouts/default.html.ep:31 themes/default/templates/layouts/default.html.ep:59
 msgid "Report file"
 msgstr ""
 
@@ -353,7 +357,7 @@ msgstr ""
 msgid "Share your files in total privacy on %1"
 msgstr ""
 
-#: themes/default/templates/layouts/default.html.ep:36 themes/default/templates/layouts/default.html.ep:59 themes/default/templates/login.html.ep:26 themes/default/templates/logout.html.ep:8
+#: themes/default/templates/layouts/default.html.ep:36 themes/default/templates/layouts/default.html.ep:64 themes/default/templates/login.html.ep:27 themes/default/templates/logout.html.ep:17
 msgid "Signin"
 msgstr ""
 
@@ -437,7 +441,7 @@ msgstr ""
 msgid "Unable to get counter for %1. You are not authenticated."
 msgstr ""
 
-#: themes/default/templates/layouts/default.html.ep:33 themes/default/templates/layouts/default.html.ep:56
+#: themes/default/templates/layouts/default.html.ep:33 themes/default/templates/layouts/default.html.ep:61
 msgid "Upload files"
 msgstr ""
 
@@ -481,7 +485,7 @@ msgstr ""
 msgid "You have attempted to leave this page. The upload will be canceled. Are you sure?"
 msgstr ""
 
-#: themes/default/templates/logout.html.ep:5
+#: themes/default/templates/logout.html.ep:14
 msgid "You have been successfully logged out."
 msgstr ""
 

themes/default/lib/Lufi/I18N/fr.po

@@ -47,7 +47,7 @@ msgstr "Un merci avec une photo de chaton sur <a href=\"https://framasphere.org/
 msgid "Abort"
 msgstr "Abandonner"
 
-#: themes/default/templates/layouts/default.html.ep:48 themes/default/templates/layouts/default.html.ep:71
+#: themes/default/templates/layouts/default.html.ep:48 themes/default/templates/layouts/default.html.ep:76
 msgid "About"
 msgstr "À propos"
 
@@ -72,6 +72,10 @@ msgstr "Retour à la page d’accueil"
 msgid "Bad CSRF token!"
 msgstr "Mauvais jeton CSRF !"
 
+#: lib/Lufi/Controller/Auth.pm:22 lib/Lufi/Controller/Auth.pm:39
+msgid "Bad CSRF token."
+msgstr ""
+
 #: themes/default/templates/partial/render.js.ep:5
 msgid "Click here to refresh the page and restart the download."
 msgstr "Cliquez ici pour rafraîchir la page et redémarrer le téléchargement."
@@ -264,7 +268,7 @@ msgstr "Il semble que la clé dans votre URL soit incorrecte. Veuillez vérifier
 msgid "Javascript is disabled. You won't be able to use Lufi."
 msgstr "Javascript est désactivé. Lufi ne fonctionnera pas."
 
-#: themes/default/templates/layouts/default.html.ep:40 themes/default/templates/layouts/default.html.ep:63
+#: themes/default/templates/layouts/default.html.ep:40 themes/default/templates/layouts/default.html.ep:68
 msgid "Language"
 msgstr "Langue"
 
@@ -272,7 +276,7 @@ msgstr "Langue"
 msgid "Login"
 msgstr "Identifiant"
 
-#: themes/default/templates/layouts/default.html.ep:50 themes/default/templates/layouts/default.html.ep:73
+#: themes/default/templates/layouts/default.html.ep:53 themes/default/templates/layouts/default.html.ep:78
 msgid "Logout"
 msgstr "Déconnexion"
 
@@ -284,7 +288,7 @@ msgstr "Lufi est un logiciel libre d’hébergement de fichiers."
 msgid "Mail"
 msgstr "Mail"
 
-#: themes/default/templates/files.html.ep:3 themes/default/templates/layouts/default.html.ep:34 themes/default/templates/layouts/default.html.ep:57
+#: themes/default/templates/files.html.ep:3 themes/default/templates/layouts/default.html.ep:34 themes/default/templates/layouts/default.html.ep:62
 msgid "My files"
 msgstr "Mes fichiers"
 
@@ -314,7 +318,7 @@ msgstr "Veuillez contacter l’administrateur : %1"
 msgid "Please wait while we are getting your file. We first need to download and decrypt all parts before you can get it."
 msgstr "Veuillez patientez pendant la récupération de votre fichier. Nous devons d’abord récupérer et déchiffrer tous les fragments avant que vous puissiez le télécharger."
 
-#: lib/Lufi/Controller/Auth.pm:24
+#: lib/Lufi/Controller/Auth.pm:28
 msgid "Please, check your credentials or your right to access this service: unable to authenticate."
 msgstr "Veuillez vérifier vos identifiants ou votre droit d’accès à ce service : impossible de vous authentifier."
 
@@ -326,7 +330,7 @@ msgstr "Confidentialité"
 msgid "Purge expired files from localStorage"
 msgstr "Supprimer du localStorage les fichiers expirés"
 
-#: themes/default/templates/layouts/default.html.ep:31 themes/default/templates/layouts/default.html.ep:54
+#: themes/default/templates/layouts/default.html.ep:31 themes/default/templates/layouts/default.html.ep:59
 msgid "Report file"
 msgstr "Signaler un fichier"
 
@@ -355,7 +359,7 @@ msgstr "Envoi du fragment XX1 sur XX2. Veuillez patienter, la barre de progressi
 msgid "Share your files in total privacy on %1"
 msgstr "Partagez vos fichiers en toute confidentialité sur %1"
 
-#: themes/default/templates/layouts/default.html.ep:36 themes/default/templates/layouts/default.html.ep:59 themes/default/templates/login.html.ep:26 themes/default/templates/logout.html.ep:8
+#: themes/default/templates/layouts/default.html.ep:36 themes/default/templates/layouts/default.html.ep:64 themes/default/templates/login.html.ep:27 themes/default/templates/logout.html.ep:17
 msgid "Signin"
 msgstr "Connexion"
 
@@ -443,7 +447,7 @@ msgstr "Impossible de récupérer le compteur pour %1. Le jeton est invalide."
 msgid "Unable to get counter for %1. You are not authenticated."
 msgstr "Impossible de récupérer le compteur pour %1. Vous n’êtes pas connecté·e."
 
-#: themes/default/templates/layouts/default.html.ep:33 themes/default/templates/layouts/default.html.ep:56
+#: themes/default/templates/layouts/default.html.ep:33 themes/default/templates/layouts/default.html.ep:61
 msgid "Upload files"
 msgstr "Envoyer des fichiers"
 
@@ -487,7 +491,7 @@ msgstr "Vous essayez de quitter la page. Le téléchargement sera annulé. Êtes
 msgid "You have attempted to leave this page. The upload will be canceled. Are you sure?"
 msgstr "Vous essayez de quitter la page. L’envoi sera annulé. Êtes-vous sûr(e) ?"
 
-#: themes/default/templates/logout.html.ep:5
+#: themes/default/templates/logout.html.ep:14
 msgid "You have been successfully logged out."
 msgstr "Vous avez été déconnecté·e avec succès."
 

themes/default/lib/Lufi/I18N/it.po

@@ -47,7 +47,7 @@ msgstr "Un grazie con una foto di un gattino sur <a href=\"https://framasphere.o
 msgid "Abort"
 msgstr "Annulla"
 
-#: themes/default/templates/layouts/default.html.ep:48 themes/default/templates/layouts/default.html.ep:71
+#: themes/default/templates/layouts/default.html.ep:48 themes/default/templates/layouts/default.html.ep:76
 msgid "About"
 msgstr "A proposito"
 
@@ -72,6 +72,10 @@ msgstr "Ritorna all'homepage"
 msgid "Bad CSRF token!"
 msgstr "Token CSRF errato!"
 
+#: lib/Lufi/Controller/Auth.pm:22 lib/Lufi/Controller/Auth.pm:39
+msgid "Bad CSRF token."
+msgstr ""
+
 #: themes/default/templates/partial/render.js.ep:5
 msgid "Click here to refresh the page and restart the download."
 msgstr "Click qui per aggiornare la pagina e ricominciare il download."
@@ -264,7 +268,7 @@ msgstr "Sembra che la chiave nel tuo URL sia errata. Controllare il tuo URL."
 msgid "Javascript is disabled. You won't be able to use Lufi."
 msgstr "Javascript è disattivato. Lufi non può funzionare."
 
-#: themes/default/templates/layouts/default.html.ep:40 themes/default/templates/layouts/default.html.ep:63
+#: themes/default/templates/layouts/default.html.ep:40 themes/default/templates/layouts/default.html.ep:68
 msgid "Language"
 msgstr ""
 
@@ -272,7 +276,7 @@ msgstr ""
 msgid "Login"
 msgstr "Login"
 
-#: themes/default/templates/layouts/default.html.ep:50 themes/default/templates/layouts/default.html.ep:73
+#: themes/default/templates/layouts/default.html.ep:53 themes/default/templates/layouts/default.html.ep:78
 msgid "Logout"
 msgstr "Logout"
 
@@ -284,7 +288,7 @@ msgstr "Lufi è un software libero di file hosting."
 msgid "Mail"
 msgstr ""
 
-#: themes/default/templates/files.html.ep:3 themes/default/templates/layouts/default.html.ep:34 themes/default/templates/layouts/default.html.ep:57
+#: themes/default/templates/files.html.ep:3 themes/default/templates/layouts/default.html.ep:34 themes/default/templates/layouts/default.html.ep:62
 msgid "My files"
 msgstr "I miei file"
 
@@ -314,7 +318,7 @@ msgstr "Contattare l'amministratore : %1"
 msgid "Please wait while we are getting your file. We first need to download and decrypt all parts before you can get it."
 msgstr "Attendere mentre otteniamo il vostro file. Dobbiamo prima scaricare e decifrare tutte le parti prima che possiate averlo."
 
-#: lib/Lufi/Controller/Auth.pm:24
+#: lib/Lufi/Controller/Auth.pm:28
 msgid "Please, check your credentials or your right to access this service: unable to authenticate."
 msgstr ""
 
@@ -326,7 +330,7 @@ msgstr "Riservatezza"
 msgid "Purge expired files from localStorage"
 msgstr "Eliminare dal localStorage i file scaduti"
 
-#: themes/default/templates/layouts/default.html.ep:31 themes/default/templates/layouts/default.html.ep:54
+#: themes/default/templates/layouts/default.html.ep:31 themes/default/templates/layouts/default.html.ep:59
 msgid "Report file"
 msgstr ""
 
@@ -359,7 +363,7 @@ msgstr "Invio della parte XX1 su XX2. Prego attendere, la barra di avanzamento p
 msgid "Share your files in total privacy on %1"
 msgstr "Condividi tutti i file in totale riservatezza su %1"
 
-#: themes/default/templates/layouts/default.html.ep:36 themes/default/templates/layouts/default.html.ep:59 themes/default/templates/login.html.ep:26 themes/default/templates/logout.html.ep:8
+#: themes/default/templates/layouts/default.html.ep:36 themes/default/templates/layouts/default.html.ep:64 themes/default/templates/login.html.ep:27 themes/default/templates/logout.html.ep:17
 msgid "Signin"
 msgstr "Autenticazione"
 
@@ -447,7 +451,7 @@ msgstr "Impossibile recuperare il contatore per %1. Il token non è valido."
 msgid "Unable to get counter for %1. You are not authenticated."
 msgstr "Impossibile recuperare il contatore per %1. Non sei autenticato."
 
-#: themes/default/templates/layouts/default.html.ep:33 themes/default/templates/layouts/default.html.ep:56
+#: themes/default/templates/layouts/default.html.ep:33 themes/default/templates/layouts/default.html.ep:61
 msgid "Upload files"
 msgstr "Invio dei file"
 
@@ -491,7 +495,7 @@ msgstr "Hai cercato di uscire da questa pagina. Il download sarà cancellato. Se
 msgid "You have attempted to leave this page. The upload will be canceled. Are you sure?"
 msgstr "Hai cercato di uscire da questa pagina. L'invio sarà cancellato. Sei sicuro?"
 
-#: themes/default/templates/logout.html.ep:5
+#: themes/default/templates/logout.html.ep:14
 msgid "You have been successfully logged out."
 msgstr "Logout avvenuto con successo."
 

themes/default/lib/Lufi/I18N/nl.po

@@ -34,7 +34,7 @@ msgstr "Een bedankt foto met een katje op <a href=\"https://framasphere.org/peop
 msgid "Abort"
 msgstr "Annuleren"
 
-#: themes/default/templates/layouts/default.html.ep:48 themes/default/templates/layouts/default.html.ep:71
+#: themes/default/templates/layouts/default.html.ep:48 themes/default/templates/layouts/default.html.ep:76
 msgid "About"
 msgstr "Over"
 
@@ -59,6 +59,10 @@ msgstr "Terug naar home"
 msgid "Bad CSRF token!"
 msgstr "Verkeerde CSRF token!"
 
+#: lib/Lufi/Controller/Auth.pm:22 lib/Lufi/Controller/Auth.pm:39
+msgid "Bad CSRF token."
+msgstr ""
+
 #: themes/default/templates/partial/render.js.ep:5
 msgid "Click here to refresh the page and restart the download."
 msgstr "Klik hier om de pagina te verversen en opnieuw te downloaden."
@@ -251,7 +255,7 @@ msgstr "Het lijkt er op dat de sleutel in je URL niet klopt. Controleer je URL."
 msgid "Javascript is disabled. You won't be able to use Lufi."
 msgstr "Javascript is uitgeschakeld. Je kan geen gebruik maken van Lufi."
 
-#: themes/default/templates/layouts/default.html.ep:40 themes/default/templates/layouts/default.html.ep:63
+#: themes/default/templates/layouts/default.html.ep:40 themes/default/templates/layouts/default.html.ep:68
 msgid "Language"
 msgstr ""
 
@@ -259,7 +263,7 @@ msgstr ""
 msgid "Login"
 msgstr "Login"
 
-#: themes/default/templates/layouts/default.html.ep:50 themes/default/templates/layouts/default.html.ep:73
+#: themes/default/templates/layouts/default.html.ep:53 themes/default/templates/layouts/default.html.ep:78
 msgid "Logout"
 msgstr "Logout"
 
@@ -271,7 +275,7 @@ msgstr "Lufi is een gratis bestand hosting software."
 msgid "Mail"
 msgstr ""
 
-#: themes/default/templates/files.html.ep:3 themes/default/templates/layouts/default.html.ep:34 themes/default/templates/layouts/default.html.ep:57
+#: themes/default/templates/files.html.ep:3 themes/default/templates/layouts/default.html.ep:34 themes/default/templates/layouts/default.html.ep:62
 msgid "My files"
 msgstr "Mijn bestanden"
 
@@ -301,7 +305,7 @@ msgstr "Neem contact op met administrator: %1"
 msgid "Please wait while we are getting your file. We first need to download and decrypt all parts before you can get it."
 msgstr "Een ogenblik geduld, we pakken je bestand er bij. We moeten alle delen downloaden en decrypten voordat je het kan downloaden."
 
-#: lib/Lufi/Controller/Auth.pm:24
+#: lib/Lufi/Controller/Auth.pm:28
 msgid "Please, check your credentials or your right to access this service: unable to authenticate."
 msgstr ""
 
@@ -317,7 +321,7 @@ msgstr "Verwijder verlopen data"
 msgid "Register"
 msgstr "Registreer"
 
-#: themes/default/templates/layouts/default.html.ep:31 themes/default/templates/layouts/default.html.ep:54
+#: themes/default/templates/layouts/default.html.ep:31 themes/default/templates/layouts/default.html.ep:59
 msgid "Report file"
 msgstr ""
 
@@ -346,7 +350,7 @@ msgstr "Versturen deel XX1 van XX2. Een ogenblik geduld..."
 msgid "Share your files in total privacy on %1"
 msgstr "Deel je bestanden met volledige privacy op %1"
 
-#: themes/default/templates/layouts/default.html.ep:36 themes/default/templates/layouts/default.html.ep:59 themes/default/templates/login.html.ep:26 themes/default/templates/logout.html.ep:8
+#: themes/default/templates/layouts/default.html.ep:36 themes/default/templates/layouts/default.html.ep:64 themes/default/templates/login.html.ep:27 themes/default/templates/logout.html.ep:17
 msgid "Signin"
 msgstr "Inloggen"
 
@@ -430,7 +434,7 @@ msgstr "Kan geen teller verkrijgen voor %1. De token is ongeldig."
 msgid "Unable to get counter for %1. You are not authenticated."
 msgstr "Kan geen teller verkrijgen voor %1. Je bent niet geauthenticeerd."
 
-#: themes/default/templates/layouts/default.html.ep:33 themes/default/templates/layouts/default.html.ep:56
+#: themes/default/templates/layouts/default.html.ep:33 themes/default/templates/layouts/default.html.ep:61
 msgid "Upload files"
 msgstr "Upload bestanden"
 
@@ -474,7 +478,7 @@ msgstr "Je verlaat deze pagina. Download zal geannuleerd worden. Weet je het zek
 msgid "You have attempted to leave this page. The upload will be canceled. Are you sure?"
 msgstr "Je verlaat deze pagina. Upload zal geannuleerd worden. Weet je het zeker? "
 
-#: themes/default/templates/logout.html.ep:5
+#: themes/default/templates/logout.html.ep:14
 msgid "You have been successfully logged out."
 msgstr "Je bent succesvol uitgelogd."
 

themes/default/lib/Lufi/I18N/oc.po

@@ -47,7 +47,7 @@ msgstr "Un mercé amb una fotografia de caton sus <a href=\"https://framasphere.
 msgid "Abort"
 msgstr "Anullar"
 
-#: themes/default/templates/layouts/default.html.ep:48 themes/default/templates/layouts/default.html.ep:71
+#: themes/default/templates/layouts/default.html.ep:48 themes/default/templates/layouts/default.html.ep:76
 msgid "About"
 msgstr "A prepaus"
 
@@ -72,6 +72,10 @@ msgstr "Retorn a la pagina d’acuèlh"
 msgid "Bad CSRF token!"
 msgstr "Marrit geton CSRF !"
 
+#: lib/Lufi/Controller/Auth.pm:22 lib/Lufi/Controller/Auth.pm:39
+msgid "Bad CSRF token."
+msgstr ""
+
 #: themes/default/templates/partial/render.js.ep:5
 msgid "Click here to refresh the page and restart the download."
 msgstr "Clicatz aquí per actualizar la pagina e tornar començar lo telecargament."
@@ -264,7 +268,7 @@ msgstr "Sembla que la clau dins vòstra URL siá incorrècta. Mercés de verific
 msgid "Javascript is disabled. You won't be able to use Lufi."
 msgstr "Javascript es desactivat. Lufi foncionarà pas."
 
-#: themes/default/templates/layouts/default.html.ep:40 themes/default/templates/layouts/default.html.ep:63
+#: themes/default/templates/layouts/default.html.ep:40 themes/default/templates/layouts/default.html.ep:68
 msgid "Language"
 msgstr "Lenga"
 
@@ -272,7 +276,7 @@ msgstr "Lenga"
 msgid "Login"
 msgstr "Identificant"
 
-#: themes/default/templates/layouts/default.html.ep:50 themes/default/templates/layouts/default.html.ep:73
+#: themes/default/templates/layouts/default.html.ep:53 themes/default/templates/layouts/default.html.ep:78
 msgid "Logout"
 msgstr "Desconnexion"
 
@@ -284,7 +288,7 @@ msgstr "Lufi es un logicial liure d’albèrgament de fichièrs."
 msgid "Mail"
 msgstr "Corrièl"
 
-#: themes/default/templates/files.html.ep:3 themes/default/templates/layouts/default.html.ep:34 themes/default/templates/layouts/default.html.ep:57
+#: themes/default/templates/files.html.ep:3 themes/default/templates/layouts/default.html.ep:34 themes/default/templates/layouts/default.html.ep:62
 msgid "My files"
 msgstr "Mos fichièrs"
 
@@ -314,7 +318,7 @@ msgstr "Mercés de contactar l’administrator : %1"
 msgid "Please wait while we are getting your file. We first need to download and decrypt all parts before you can get it."
 msgstr "Mercés d’esperar pendent la recuperacion de vòstre fichièr. Nos cal d’en primièr recuperar e deschifrar totes los fragaments abans que poscatz o telecargar."
 
-#: lib/Lufi/Controller/Auth.pm:24
+#: lib/Lufi/Controller/Auth.pm:28
 msgid "Please, check your credentials or your right to access this service: unable to authenticate."
 msgstr "Mercés de verificar vòstres identificants o vòstres dreches d’accès a aqueste servici : autentificacion impossibla."
 
@@ -330,7 +334,7 @@ msgstr "Confidencialitat"
 msgid "Purge expired files from localStorage"
 msgstr "Suprimir del localStorage los fichièrs expirats"
 
-#: themes/default/templates/layouts/default.html.ep:31 themes/default/templates/layouts/default.html.ep:54
+#: themes/default/templates/layouts/default.html.ep:31 themes/default/templates/layouts/default.html.ep:59
 msgid "Report file"
 msgstr "Senhalar un fichièr"
 
@@ -359,7 +363,7 @@ msgstr "Mandadís del fragment XX1 sus XX2. Pacientatz, la barra de progression
 msgid "Share your files in total privacy on %1"
 msgstr "Partejatz vòstres fichièrs en tota confidencialitat sus %1"
 
-#: themes/default/templates/layouts/default.html.ep:36 themes/default/templates/layouts/default.html.ep:59 themes/default/templates/login.html.ep:26 themes/default/templates/logout.html.ep:8
+#: themes/default/templates/layouts/default.html.ep:36 themes/default/templates/layouts/default.html.ep:64 themes/default/templates/login.html.ep:27 themes/default/templates/logout.html.ep:17
 msgid "Signin"
 msgstr "Connexion"
 
@@ -447,7 +451,7 @@ msgstr "Impossible de recuperar lo comptador per %1. Lo geton es invalid."
 msgid "Unable to get counter for %1. You are not authenticated."
 msgstr "Impossible de recuperar lo comptador per %1. Sètz pas connectat·ada."
 
-#: themes/default/templates/layouts/default.html.ep:33 themes/default/templates/layouts/default.html.ep:56
+#: themes/default/templates/layouts/default.html.ep:33 themes/default/templates/layouts/default.html.ep:61
 msgid "Upload files"
 msgstr "Mandar de fichièrs"
 
@@ -491,7 +495,7 @@ msgstr "Ensajatz de partir de la pagina. Lo telecargament serà anullat. Sètz s
 msgid "You have attempted to leave this page. The upload will be canceled. Are you sure?"
 msgstr "Ensajatz de partir de la pagina. Lo mandadís serà anullat. Sètz segur-a ?"
 
-#: themes/default/templates/logout.html.ep:5
+#: themes/default/templates/logout.html.ep:14
 msgid "You have been successfully logged out."
 msgstr "Sètz ben estat desconnectat."
 

themes/default/lib/Lufi/I18N/pt.po

@@ -48,7 +48,7 @@ msgstr "Um obrigado com a foto de um gatinho no <a href=\"https://framasphere.or
 msgid "Abort"
 msgstr "Interromper"
 
-#: themes/default/templates/layouts/default.html.ep:48 themes/default/templates/layouts/default.html.ep:71
+#: themes/default/templates/layouts/default.html.ep:48 themes/default/templates/layouts/default.html.ep:76
 msgid "About"
 msgstr "Sobre"
 
@@ -73,6 +73,10 @@ msgstr "Voltar à página inicial"
 msgid "Bad CSRF token!"
 msgstr "Símbolo errado CSRF !"
 
+#: lib/Lufi/Controller/Auth.pm:22 lib/Lufi/Controller/Auth.pm:39
+msgid "Bad CSRF token."
+msgstr ""
+
 #: themes/default/templates/partial/render.js.ep:5
 msgid "Click here to refresh the page and restart the download."
 msgstr "Clique aqui para atualizar a página e começar o download."
@@ -273,7 +277,7 @@ msgstr "Parece que a chave do seu URL está incorreta.Por favor, verifique o seu
 msgid "Javascript is disabled. You won't be able to use Lufi."
 msgstr "Javascript está desativado. Lufi não funcionará."
 
-#: themes/default/templates/layouts/default.html.ep:40 themes/default/templates/layouts/default.html.ep:63
+#: themes/default/templates/layouts/default.html.ep:40 themes/default/templates/layouts/default.html.ep:68
 msgid "Language"
 msgstr ""
 
@@ -281,7 +285,7 @@ msgstr ""
 msgid "Login"
 msgstr "Utilizador"
 
-#: themes/default/templates/layouts/default.html.ep:50 themes/default/templates/layouts/default.html.ep:73
+#: themes/default/templates/layouts/default.html.ep:53 themes/default/templates/layouts/default.html.ep:78
 msgid "Logout"
 msgstr "Encerrar sessão"
 
@@ -293,7 +297,7 @@ msgstr "Lufi é um programa de reserva gratuita (como na liberdade de expressão
 msgid "Mail"
 msgstr ""
 
-#: themes/default/templates/files.html.ep:3 themes/default/templates/layouts/default.html.ep:34 themes/default/templates/layouts/default.html.ep:57
+#: themes/default/templates/files.html.ep:3 themes/default/templates/layouts/default.html.ep:34 themes/default/templates/layouts/default.html.ep:62
 msgid "My files"
 msgstr "Meus ficheiros"
 
@@ -323,7 +327,7 @@ msgstr "Contacte o administrador: %1"
 msgid "Please wait while we are getting your file. We first need to download and decrypt all parts before you can get it."
 msgstr "Por favor aguarde durante a recuperação do seu ficheiro. Primeiro devemos recuperar e descodificar todos os fragmentos e depois poderá descarregar o ficheiro."
 
-#: lib/Lufi/Controller/Auth.pm:24
+#: lib/Lufi/Controller/Auth.pm:28
 msgid "Please, check your credentials or your right to access this service: unable to authenticate."
 msgstr ""
 
@@ -335,7 +339,7 @@ msgstr "Privacidade"
 msgid "Purge expired files from localStorage"
 msgstr "Apagar do localStorage os ficheiros expirados"
 
-#: themes/default/templates/layouts/default.html.ep:31 themes/default/templates/layouts/default.html.ep:54
+#: themes/default/templates/layouts/default.html.ep:31 themes/default/templates/layouts/default.html.ep:59
 msgid "Report file"
 msgstr ""
 
@@ -364,7 +368,7 @@ msgstr "Envio do fragmento XX1 de XX2. Por favor aguarde, a barra de progressão
 msgid "Share your files in total privacy on %1"
 msgstr "Partilhe os seus ficheiros com toda a privacidade em %1"
 
-#: themes/default/templates/layouts/default.html.ep:36 themes/default/templates/layouts/default.html.ep:59 themes/default/templates/login.html.ep:26 themes/default/templates/logout.html.ep:8
+#: themes/default/templates/layouts/default.html.ep:36 themes/default/templates/layouts/default.html.ep:64 themes/default/templates/login.html.ep:27 themes/default/templates/logout.html.ep:17
 msgid "Signin"
 msgstr "Conexão"
 
@@ -448,7 +452,7 @@ msgstr "Impossível recuperar o contador para %1. O símbolo é inválido."
 msgid "Unable to get counter for %1. You are not authenticated."
 msgstr "Impossível recuperar o contador para %1. Não está conectado."
 
-#: themes/default/templates/layouts/default.html.ep:33 themes/default/templates/layouts/default.html.ep:56
+#: themes/default/templates/layouts/default.html.ep:33 themes/default/templates/layouts/default.html.ep:61
 msgid "Upload files"
 msgstr "Enviar os ficheiros"
 
@@ -496,7 +500,7 @@ msgstr "Está a tentar sair da página. O download será anulado. Tem a certeza?
 msgid "You have attempted to leave this page. The upload will be canceled. Are you sure?"
 msgstr "Está a tentar sair da página. O envio será anulado. Tem a certeza?"
 
-#: themes/default/templates/logout.html.ep:5
+#: themes/default/templates/logout.html.ep:14
 msgid "You have been successfully logged out."
 msgstr "Foi desconectado com sucesso."
 

themes/default/public/css/lufi.css

@@ -133,6 +133,13 @@ a.classic:focus {
     padding-left: 15px !important;
     padding-right: 15px !important;
 }
+nav .btn-flat {
+    color: #fff !important;
+    text-transform: initial !important;
+}
+nav .btn-flat:focus {
+    background-color: rgba(0,0,0,0.1) !important;
+}
 .white-background {
     background-color: #FFF;
 }

themes/default/templates/layouts/default.html.ep

@@ -47,7 +47,12 @@
                     </li>
                     <li<%== ' class="active"' if (current_route eq 'about') %>><a href="<%= url_for('/about') %>"><%= l('About') %></a></li>
                 % if ((defined(config('ldap')) || defined(config('htpasswd'))) && is_user_authenticated()) {
-                    <li><a href="<%= url_for('/logout') %>"><%= l('Logout') %></a></li>
+                    <li>
+                        <form action="<%= url_for('/logout') %>" method="POST">
+                            %= csrf_field
+                            <button class="btn-flat" type="submit"><%= l('Logout') %></button>
+                        </form>
+                    </li>
                 % }
                 </ul>
                 <ul id="mobile" class="side-nav">

themes/default/templates/logout.html.ep

@@ -1,4 +1,13 @@
 % # vim:set sw=4 ts=4 sts=4 ft=html.epl expandtab:
+% if (defined stash('msg')) {
+<div class="col s12">
+    <div class="card pink">
+        <div class="card-content white-text">
+            <strong><%= stash('msg') %></strong>
+        </div>
+    </div>
+</div>
+% } else {
 <div class="col s12">
     <div class="card blue-grey darken-1">
         <div class="card-content white-text">
@@ -9,3 +18,4 @@
         </div>
     </div>
 </div>
+% }