From 866b1196bea53d00418f770c5078c134cb9c853c Mon Sep 17 00:00:00 2001 From: BlackDex Date: Fri, 18 Oct 2024 12:46:32 +0200 Subject: [PATCH] Fix org invite url being html encoded Ever since we changed to pass the full url as a template value handlebars now html-encodes this. This causes issues with the plain/text mails, but it also could potentially cause issues with the text/html templates. This PR encloses the template values inside triple braces `{{{ }}}` which prevents html-encoding. Since the URL is generated via the `url` crate the values are percent-encoded anyway. Fixes #5097 Signed-off-by: BlackDex --- src/api/core/organizations.rs | 7 +++---- src/static/templates/email/send_org_invite.hbs | 2 +- src/static/templates/email/send_org_invite.html.hbs | 2 +- 3 files changed, 5 insertions(+), 6 deletions(-) diff --git a/src/api/core/organizations.rs b/src/api/core/organizations.rs index afd2d388d3..ffbf081295 100644 --- a/src/api/core/organizations.rs +++ b/src/api/core/organizations.rs @@ -872,20 +872,19 @@ async fn send_invite(org_id: &str, data: Json, headers: AdminHeaders } for email in data.emails.iter() { - let email = email.to_lowercase(); let mut user_org_status = UserOrgStatus::Invited as i32; - let user = match User::find_by_mail(&email, &mut conn).await { + let user = match User::find_by_mail(email, &mut conn).await { None => { if !CONFIG.invitations_allowed() { err!(format!("User does not exist: {email}")) } - if !CONFIG.is_email_domain_allowed(&email) { + if !CONFIG.is_email_domain_allowed(email) { err!("Email domain not eligible for invitations") } if !CONFIG.mail_enabled() { - let invitation = Invitation::new(&email); + let invitation = Invitation::new(email); invitation.save(&mut conn).await?; } diff --git a/src/static/templates/email/send_org_invite.hbs b/src/static/templates/email/send_org_invite.hbs index b2c46f5049..822c50b9af 100644 --- a/src/static/templates/email/send_org_invite.hbs +++ b/src/static/templates/email/send_org_invite.hbs @@ -3,7 +3,7 @@ Join {{{org_name}}} You have been invited to join the *{{org_name}}* organization. -Click here to join: {{url}} +Click here to join: {{{url}}} If you do not wish to join this organization, you can safely ignore this email. diff --git a/src/static/templates/email/send_org_invite.html.hbs b/src/static/templates/email/send_org_invite.html.hbs index a78a89e95e..ce3a6c050a 100644 --- a/src/static/templates/email/send_org_invite.html.hbs +++ b/src/static/templates/email/send_org_invite.html.hbs @@ -9,7 +9,7 @@ Join {{{org_name}}} - Join Organization Now