Fix CSRF in form submission

app/assets/javascripts/components/transaction_form.jsx.coffee

@@ -134,7 +134,7 @@ Step = React.createFactory React.createClass
     e.preventDefault()
 
     { giving, peer } = @state
-    { user }         = @props
+    { user, csrf_token } = @props
 
     errors = @errors()
     if Object.keys(errors).length != 0
@@ -157,6 +157,11 @@ Step = React.createFactory React.createClass
       .attr('value', creditor)
       .attr('type', 'hidden')
       .appendTo(@refs.form)
+    $('<input />')
+      .attr('name', 'authenticity_token')
+      .attr('value', csrf_token)
+      .attr('type', 'hidden')
+      .appendTo(@refs.form)
 
     @refs.form.submit()
   errors: ->

app/controllers/transactions_controller.rb

@@ -1,10 +1,12 @@
 class TransactionsController < ApplicationController
-  skip_before_action :verify_authenticity_token, only: :create
+  load_and_authorize_resource :user, find_by: :name
 
-  before_action :authenticate_user!, except: :create
+  def index
-  before_action :authenticate_user_or_client!, only: :create
+    @transactions = @user.transactions
-
+    respond_to do |format|
-  respond_to :js, only: :create
+      format.json { render json: @transactions }
+    end
+  end
 
   def create
     @transaction = Transaction.new(transaction_params)

app/views/pages/_transaction_form.html.haml

@@ -1,3 +1,3 @@
 .card-wrapper
   .card.padded
-    = react_component 'TransactionForm', user: current_user, peers: User.all.order(:name).pluck(:name)
+    = react_component 'TransactionForm', user: current_user, peers: User.all.order(:name).pluck(:name), csrf_token: form_authenticity_token