BAU: Fixes csrf implicit verification on delete page

src/controllers/deleteController.ts

@@ -2,15 +2,17 @@ import { type NextFunction, type Request, type Response } from 'express'
 import { ApiService } from '../services/apiService'
 import { CommonService } from '../services/commonService'
 import { DashboardPresenter } from '../presenters/dashboardPresenter'
+import { generateToken } from '../config/csrf'
 
 export const showDeleteKey = async (req: Request, res: Response, next: NextFunction): Promise<void> => {
   try {
     const user = CommonService.handleRequest(req)
     const customerKeyId = req.params.customerKeyId
     const apiKey = await ApiService.getKey(user, customerKeyId)
     const createdAt = DashboardPresenter.formatDate(apiKey.CreatedAt, true)
+    const csrfToken = generateToken(req, res)
 
-    res.render('delete', { apiKey, createdAt, backLinkHref: '/dashboard' })
+    res.render('delete', { apiKey, csrfToken, createdAt, backLinkHref: '/dashboard' })
   } catch (error) {
     next(error)
   }

views/delete.njk

@@ -30,6 +30,7 @@
             </table>
             <form method="POST"
                 action="/dashboard/{{ apiKey.CustomerApiKeyId }}/delete">
+                <input type="hidden" name="_csrf" value="{{csrfToken}}">
                 <div class="govuk-button-group">
                     <button class="govuk-button govuk-button--warning" data-module="govuk-button">Delete</button>
                     <a href="/dashboard" class="govuk-link">Cancel</a>