Remove whitespace before processing tokens

2024-06-26 01:05:41 +02:00 · 2019-01-07 20:37:14 +01:00 · 2019-01-07 20:37:14 +01:00 · 50eeb4f651
Commit 50eeb4f651
--- a/src/auth.rs
+++ b/src/auth.rs
@ -51,7 +51,9 @@ pub fn decode_jwt(token: &str) -> Result<JWTClaims, Error> {
        algorithms: vec![JWT_ALGORITHM],
    };

-    jsonwebtoken::decode(token, &PUBLIC_RSA_KEY, &validation)
+    let token = token.replace(char::is_whitespace, "");
+
+    jsonwebtoken::decode(&token, &PUBLIC_RSA_KEY, &validation)
        .map(|d| d.claims)
        .map_res("Error decoding login JWT")
 }
@ -68,7 +70,9 @@ pub fn decode_invite_jwt(token: &str) -> Result<InviteJWTClaims, Error> {
        algorithms: vec![JWT_ALGORITHM],
    };

-    jsonwebtoken::decode(token, &PUBLIC_RSA_KEY, &validation)
+    let token = token.replace(char::is_whitespace, "");
+
+    jsonwebtoken::decode(&token, &PUBLIC_RSA_KEY, &validation)
        .map(|d| d.claims)
        .map_res("Error decoding invite JWT")
 }
--- a/src/mail.rs
+++ b/src/mail.rs
@ -78,7 +78,8 @@ pub fn send_invite(
        format!(
            "<html>
             <p>You have been invited to join the <b>{}</b> organization.<br><br>
-             <a href=\"{}/#/accept-organization/?organizationId={}&organizationUserId={}&email={}&organizationName={}&token={}\">Click here to join</a></p>
+             <a href=\"{}/#/accept-organization/?organizationId={}&organizationUserId={}&email={}&organizationName={}&token={}\">
+             Click here to join</a></p>
             <p>If you do not wish to join this organization, you can safely ignore this email.</p>
             </html>",
            org_name, CONFIG.domain, org_id.unwrap_or("_".to_string()), org_user_id.unwrap_or("_".to_string()), address, org_name, invite_token