Andreas/LibreChat
1
0
Fork 0
mirror of https://github.com/danny-avila/LibreChat.git synced 2025-12-18 01:10:14 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions 4

✉️ fix: email address encoding in verification link (#3085)

Browse source 
Related to #3084

Implements URL encoding for email addresses in verification links and decodes them upon verification.

- **Encode email addresses** in `sendVerificationEmail` and `resendVerificationEmail` functions using `encodeURIComponent` to ensure special characters like `+` are correctly handled in the verification link.
- **Decode email addresses** in the `verifyEmail` function using `decodeURIComponent` to accurately retrieve and validate the email address from the verification link against the database.


---

For more details, open the [Copilot Workspace session](https://copilot-workspace.githubnext.com/danny-avila/LibreChat/issues/3084?shareId=9c32df30-4156-4082-a3eb-fff54eaba5b3).
This commit is contained in:
Marco Beretta 2024-06-16 22:05:53 +02:00 committed by GitHub
parent 2cf5228021
commit a338decf90
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 3 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

6
api/server/services/AuthService.js
View file

@ -62,7 +62,7 @@ const sendVerificationEmail = async (user) => {
let verifyToken = crypto.randomBytes(32).toString('hex'); let verifyToken = crypto.randomBytes(32).toString('hex');
const hash = bcrypt.hashSync(verifyToken, 10); const hash = bcrypt.hashSync(verifyToken, 10);
const verificationLink = `${domains.client}/verify?token=${verifyToken}&email=${user.email}`; const verificationLink = `${domains.client}/verify?token=${verifyToken}&email=${encodeURIComponent(user.email)}`;
await sendEmail({ await sendEmail({
email: user.email, email: user.email,
subject: 'Verify your email', subject: 'Verify your email',
@ -91,7 +91,7 @@ const sendVerificationEmail = async (user) => {
*/ */
const verifyEmail = async (req) => { const verifyEmail = async (req) => {
const { email, token } = req.body; const { email, token } = req.body;
let emailVerificationData = await Token.findOne({ email }); let emailVerificationData = await Token.findOne({ email: decodeURIComponent(email) });
if (!emailVerificationData) { if (!emailVerificationData) {
logger.warn(`[verifyEmail] [No email verification data found] [Email: ${email}]`); logger.warn(`[verifyEmail] [No email verification data found] [Email: ${email}]`);
@ -363,7 +363,7 @@ const resendVerificationEmail = async (req) => {
let verifyToken = crypto.randomBytes(32).toString('hex'); let verifyToken = crypto.randomBytes(32).toString('hex');
const hash = bcrypt.hashSync(verifyToken, 10); const hash = bcrypt.hashSync(verifyToken, 10);
const verificationLink = `${domains.client}/verify?token=${verifyToken}&email=${user.email}`; const verificationLink = `${domains.client}/verify?token=${verifyToken}&email=${encodeURIComponent(user.email)}`;
await sendEmail({ await sendEmail({
email: user.email, email: user.email,