JakeHillion/storj
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

{satellite/console,web/satellite}: encode email in project invite URLs

Browse Source 
This change properly encodes email addresses that are used as query
parameters in project invitation-related URLs.

Change-Id: Iaaf7b62b5ac3db3f0b0e000cc06fef8e315400a8
This commit is contained in:
Jeremy Wharton 2023-06-30 04:11:11 -05:00 committed by Storj Robot
parent cb41c51692
commit 1173877167
3 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
satellite/console/consoleweb/server.go
View File

@ -783,7 +783,7 @@ func (server *Server) handleInvited(w http.ResponseWriter, r *http.Request) {
return
}
if user != nil {
http.Redirect(w, r, loginLink+"?email="+user.Email, http.StatusTemporaryRedirect)
http.Redirect(w, r, loginLink+"?email="+url.QueryEscape(user.Email), http.StatusTemporaryRedirect)
return
}

4
satellite/console/consoleweb/server_test.go
View File

@ -140,14 +140,14 @@ func TestInvitedRouting(t *testing.T) {
params := "email=invited%40mail.test&inviter=Project+Owner&inviter_email=owner%40mail.test&project=Test+Project"
checkInvitedRedirect("Invited - Nonexistent user", baseURL+"signup?"+params, token)
invitedUser, err := sat.AddUser(ctx, console.CreateUser{
_, err = sat.AddUser(ctx, console.CreateUser{
FullName: "Invited User",
Email: invitedEmail,
}, 1)
require.NoError(t, err)
// valid invite should redirect to login page with email.
checkInvitedRedirect("Invited - User invited", loginURL+"?email="+invitedUser.Email, token)
checkInvitedRedirect("Invited - User invited", loginURL+"?email=invited%40mail.test", token)
})
}

2
web/satellite/src/api/projectMembers.ts
View File

@ -113,7 +113,7 @@ export class ProjectMembersApiGql extends BaseGql implements ProjectMembersApi {
* @throws Error
*/
public async getInviteLink(projectID: string, email: string): Promise<string> {
const path = `${this.ROOT_PATH}/${projectID}/invite-link?email=${email}`;
const path = `${this.ROOT_PATH}/${projectID}/invite-link?email=${encodeURIComponent(email)}`;
const httpResponse = await this.http.get(path);
if (httpResponse.ok) {