Home Explore Help
Register Sign In
Apq
/
vaultwarden
mirror of https://github.com/dani-garcia/vaultwarden.git
1
0
Fork 0
Files Issues 0 Wiki
Browse Source

Fix org invite url being html encoded (#5100)

Ever since we changed to pass the full url as a template value handlebars now html-encodes this.
This causes issues with the plain/text mails, but it also could potentially cause issues with the text/html templates.

This PR encloses the template values inside triple braces `{{{ }}}` which prevents html-encoding.
Since the URL is generated via the `url` crate the values are percent-encoded anyway.

Fixes #5097

Signed-off-by: BlackDex <[email protected]>
Mathijs van Veluw 1 year ago
parent
65629a99f0
commit
a47b484172
3 changed files with 5 additions and 6 deletions
Split View Show Diff Stats
  1. 3 4
      src/api/core/organizations.rs
  2. 1 1
      src/static/templates/email/send_org_invite.hbs
  3. 1 1
      src/static/templates/email/send_org_invite.html.hbs

+ 3 - 4
src/api/core/organizations.rs
View File 

@@ -872,20 +872,19 @@ async fn send_invite(org_id: &str, data: Json<InviteData>, headers: AdminHeaders
 
     }
 
 
     for email in data.emails.iter() {
 
-        let email = email.to_lowercase();
 
         let mut user_org_status = UserOrgStatus::Invited as i32;
 
-        let user = match User::find_by_mail(&email, &mut conn).await {
 
+        let user = match User::find_by_mail(email, &mut conn).await {
 
             None => {
 
                 if !CONFIG.invitations_allowed() {
 
                     err!(format!("User does not exist: {email}"))
 
                 }
 
 
-                if !CONFIG.is_email_domain_allowed(&email) {
 
+                if !CONFIG.is_email_domain_allowed(email) {
 
                     err!("Email domain not eligible for invitations")
 
                 }
 
 
                 if !CONFIG.mail_enabled() {
 
-                    let invitation = Invitation::new(&email);
 
+                    let invitation = Invitation::new(email);
 
                     invitation.save(&mut conn).await?;
 
                 }

+ 1 - 1
src/static/templates/email/send_org_invite.hbs
View File 

@@ -3,7 +3,7 @@ Join {{{org_name}}}
 
 You have been invited to join the *{{org_name}}* organization.
 
 
 
-Click here to join: {{url}}
 
+Click here to join: {{{url}}}
 
 
 
 If you do not wish to join this organization, you can safely ignore this email.

+ 1 - 1
src/static/templates/email/send_org_invite.html.hbs
View File 

@@ -9,7 +9,7 @@ Join {{{org_name}}}
 
    </tr>
 
    <tr style="margin: 0; font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; box-sizing: border-box; font-size: 16px; color: #333; line-height: 25px; -webkit-font-smoothing: antialiased; -webkit-text-size-adjust: none;">
 
       <td class="content-block" style="font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; box-sizing: border-box; font-size: 16px; color: #333; line-height: 25px; margin: 0; -webkit-font-smoothing: antialiased; padding: 0 0 10px; -webkit-text-size-adjust: none; text-align: center;" valign="top" align="center">
 
-         <a href="{{url}}"
 
+         <a href="{{{url}}}"
 
             clicktracking=off target="_blank" style="color: #ffffff; text-decoration: none; text-align: center; cursor: pointer; display: inline-block; border-radius: 5px; background-color: #3c8dbc; border-color: #3c8dbc; border-style: solid; border-width: 10px 20px; margin: 0; font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; box-sizing: border-box; font-size: 16px; line-height: 25px; -webkit-font-smoothing: antialiased; -webkit-text-size-adjust: none;">
 
          Join Organization Now
 
          </a>