From a021bba811269c055834f6be553fb4e3a4744829 Mon Sep 17 00:00:00 2001
From: Son <nguyenkims@users.noreply.github.com>
Date: Mon, 6 Dec 2021 18:39:12 +0100
Subject: [PATCH] fix toggle contact should only be used by authenticated user

---
 app/dashboard/views/index.py | 1 +
 1 file changed, 1 insertion(+)

diff --git a/app/dashboard/views/index.py b/app/dashboard/views/index.py
index 81bf19d3..310d7ee0 100644
--- a/app/dashboard/views/index.py
+++ b/app/dashboard/views/index.py
@@ -203,6 +203,7 @@ def index():
 
 
 @dashboard_bp.route("/contacts/<int:contact_id>/toggle", methods=["POST"])
+@login_required
 def toggle_contact(contact_id):
     """
     Block/Unblock contact