From 27815d982c1415b4938474a52e11ff84f55c3659 Mon Sep 17 00:00:00 2001
From: sabaimran <narmiabas@gmail.com>
Date: Mon, 8 Apr 2024 20:22:17 +0530
Subject: [PATCH] Redirect user to the login page when either of the csrf token
 inputs is missing

---
 src/khoj/routers/auth.py | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/src/khoj/routers/auth.py b/src/khoj/routers/auth.py
index 1d7bbfdd..b2f52665 100644
--- a/src/khoj/routers/auth.py
+++ b/src/khoj/routers/auth.py
@@ -96,10 +96,12 @@ async def auth(request: Request):
 
     csrf_token_cookie = request.cookies.get("g_csrf_token")
     if not csrf_token_cookie:
-        return Response("Missing CSRF token", status_code=400)
+        logger.info("Missing CSRF token. Redirecting user to login page")
+        return RedirectResponse(url=f"{next_url}")
     csrf_token_body = form.get("g_csrf_token")
     if not csrf_token_body:
-        return Response("Missing CSRF token", status_code=400)
+        logger.info("Missing CSRF token body. Redirecting user to login page")
+        return RedirectResponse(url=f"{next_url}")
     if csrf_token_cookie != csrf_token_body:
         return Response("Invalid CSRF token", status_code=400)