Merge pull request #43 from latebit-io/fix-email-urlencoding

fix: url encode email for templates
latebit-io · Dec 18, 2024 · 8b81ef0 · 8b81ef0
2 parents 13135ef + e91ee91
commit 8b81ef0
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 4 deletions.
diff --git a/src/Bulwark.Auth/Controllers/AccountsController.cs b/src/Bulwark.Auth/Controllers/AccountsController.cs
@@ -1,6 +1,8 @@
 using System;
 using System.IO;
+using System.Text.Encodings.Web;
 using System.Threading.Tasks;
+using System.Web;
 using Bulwark.Auth.Common.Payloads;
 using Bulwark.Auth.Core;
 using Bulwark.Auth.Core.PasswordPolicy;
@@ -52,7 +54,7 @@ public async Task<ActionResult> CreateAccount(Create create)
                 .UsingTemplate(_emailTemplate.GetTemplate("VerifyAccount"),
                     new
                     {
-                        create.Email,
+                        Email = HttpUtility.UrlEncode(create.Email),
                         VerificationToken = verificationToken.Value,
                         VerificationUrl = Environment.GetEnvironmentVariable("VERIFICATION_URL"),
                         WebsiteName = Environment.GetEnvironmentVariable("WEBSITE_NAME")
@@ -142,7 +144,7 @@ public async Task<ActionResult> ChangeEmail(ChangeEmail payload)
                 .UsingTemplate(_emailTemplate.GetTemplate("ChangeEmail"),
                     new
                     {
-                        Email = payload.NewEmail,
+                        Email = HttpUtility.UrlEncode(payload.NewEmail),
                         VerificationToken = verificationToken.Value,
                         VerificationUrl = Environment.GetEnvironmentVariable("VERIFICATION_URL"),
                         WebsiteName = Environment.GetEnvironmentVariable("WEBSITE_NAME")
@@ -211,7 +213,7 @@ public async Task<ActionResult> ForgotToken(string email)
                 .UsingTemplate(_emailTemplate.GetTemplate("Forgot"),
                     new
                     {
-                        Email = email,
+                        Email = HttpUtility.UrlEncode(email),
                         ForgotToken = token,
                         ForgotUrl = Environment.GetEnvironmentVariable("FORGOT_PASSWORD_URL"),
                         WebsiteName = Environment.GetEnvironmentVariable("WEBSITE_NAME")

diff --git a/src/Bulwark.Auth/Controllers/PasswordLessController.cs b/src/Bulwark.Auth/Controllers/PasswordLessController.cs
@@ -1,5 +1,6 @@
 using System;
 using System.Threading.Tasks;
+using System.Web;
 using Bulwark.Auth.Common.Payloads;
 using Bulwark.Auth.Core;
 using Bulwark.Auth.Core.Domain;
@@ -53,7 +54,7 @@ public async Task<ActionResult> SendMagicLink(string email)
                 .UsingTemplate(_emailTemplate.GetTemplate("MagicLink"),
                     new
                     {
-                        Email = email,
+                        Email = HttpUtility.UrlEncode(email),
                         Code = code,
                         MagicLink = Environment.GetEnvironmentVariable("MAGIC_LINK_URL"),
                         WebsiteName = Environment.GetEnvironmentVariable("WEBSITE_NAME")