From 50eeb4f651b3e320d647bd6830097765ba3788eb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20Garc=C3=ADa?= Date: Mon, 7 Jan 2019 20:37:14 +0100 Subject: [PATCH] Remove whitespace before processing tokens --- src/auth.rs | 8 ++++++-- src/mail.rs | 3 ++- 2 files changed, 8 insertions(+), 3 deletions(-) diff --git a/src/auth.rs b/src/auth.rs index 8413fe47..4450135f 100644 --- a/src/auth.rs +++ b/src/auth.rs @@ -51,7 +51,9 @@ pub fn decode_jwt(token: &str) -> Result { algorithms: vec![JWT_ALGORITHM], }; - jsonwebtoken::decode(token, &PUBLIC_RSA_KEY, &validation) + let token = token.replace(char::is_whitespace, ""); + + jsonwebtoken::decode(&token, &PUBLIC_RSA_KEY, &validation) .map(|d| d.claims) .map_res("Error decoding login JWT") } @@ -68,7 +70,9 @@ pub fn decode_invite_jwt(token: &str) -> Result { algorithms: vec![JWT_ALGORITHM], }; - jsonwebtoken::decode(token, &PUBLIC_RSA_KEY, &validation) + let token = token.replace(char::is_whitespace, ""); + + jsonwebtoken::decode(&token, &PUBLIC_RSA_KEY, &validation) .map(|d| d.claims) .map_res("Error decoding invite JWT") } diff --git a/src/mail.rs b/src/mail.rs index 5eeeec03..eddbec1c 100644 --- a/src/mail.rs +++ b/src/mail.rs @@ -78,7 +78,8 @@ pub fn send_invite( format!( "

You have been invited to join the {} organization.

- Click here to join

+ + Click here to join

If you do not wish to join this organization, you can safely ignore this email.

", org_name, CONFIG.domain, org_id.unwrap_or("_".to_string()), org_user_id.unwrap_or("_".to_string()), address, org_name, invite_token