From dd5142a48a644957a1b6bfb74f46eb8095a43987 Mon Sep 17 00:00:00 2001
From: Kyle Isom <kyle@imap.cc>
Date: Tue, 31 Mar 2026 23:35:21 -0700
Subject: [PATCH] Fix template error: pass CSRF func on SSO login page

Go templates require all referenced functions to be defined at parse
time, even in branches that won't execute.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---
 internal/webserver/server.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/internal/webserver/server.go b/internal/webserver/server.go
index b91bc47..29b8bfe 100644
--- a/internal/webserver/server.go
+++ b/internal/webserver/server.go
@@ -134,7 +134,7 @@ func (s *Server) handleLogin(w http.ResponseWriter, r *http.Request) {
 
 // handleSSOLogin renders a landing page with a "Sign in with MCIAS" button.
 func (s *Server) handleSSOLogin(w http.ResponseWriter, r *http.Request) {
-	web.RenderTemplate(w, mcqweb.FS, "login.html", pageData{SSO: true})
+	web.RenderTemplate(w, mcqweb.FS, "login.html", pageData{SSO: true}, s.csrf.TemplateFunc(w))
 }
 
 // handleSSORedirect initiates the SSO redirect to MCIAS.