diff options
author | Mathijs van Veluw <[email protected]> | 2024-10-18 20:34:11 +0200 |
---|---|---|
committer | GitHub <[email protected]> | 2024-10-18 20:34:11 +0200 |
commit | a47b4841728f0b0a039d6901113b05e6cbd91b15 (patch) | |
tree | 36204e93e5bb9c6e3f7beb87cc4cee62d37b93f2 | |
parent | 65629a99f07ec399cd574a4f20b6e73c2ba8f2a3 (diff) | |
download | vaultwarden-a47b4841728f0b0a039d6901113b05e6cbd91b15.tar.gz vaultwarden-a47b4841728f0b0a039d6901113b05e6cbd91b15.zip |
Fix org invite url being html encoded (#5100)
Ever since we changed to pass the full url as a template value handlebars now html-encodes this.
This causes issues with the plain/text mails, but it also could potentially cause issues with the text/html templates.
This PR encloses the template values inside triple braces `{{{ }}}` which prevents html-encoding.
Since the URL is generated via the `url` crate the values are percent-encoded anyway.
Fixes #5097
Signed-off-by: BlackDex <[email protected]>
-rw-r--r-- | src/api/core/organizations.rs | 7 | ||||
-rw-r--r-- | src/static/templates/email/send_org_invite.hbs | 2 | ||||
-rw-r--r-- | src/static/templates/email/send_org_invite.html.hbs | 2 |
3 files changed, 5 insertions, 6 deletions
diff --git a/src/api/core/organizations.rs b/src/api/core/organizations.rs index afd2d388..ffbf0812 100644 --- a/src/api/core/organizations.rs +++ b/src/api/core/organizations.rs @@ -872,20 +872,19 @@ async fn send_invite(org_id: &str, data: Json<InviteData>, headers: AdminHeaders } for email in data.emails.iter() { - let email = email.to_lowercase(); let mut user_org_status = UserOrgStatus::Invited as i32; - let user = match User::find_by_mail(&email, &mut conn).await { + let user = match User::find_by_mail(email, &mut conn).await { None => { if !CONFIG.invitations_allowed() { err!(format!("User does not exist: {email}")) } - if !CONFIG.is_email_domain_allowed(&email) { + if !CONFIG.is_email_domain_allowed(email) { err!("Email domain not eligible for invitations") } if !CONFIG.mail_enabled() { - let invitation = Invitation::new(&email); + let invitation = Invitation::new(email); invitation.save(&mut conn).await?; } diff --git a/src/static/templates/email/send_org_invite.hbs b/src/static/templates/email/send_org_invite.hbs index b2c46f50..822c50b9 100644 --- a/src/static/templates/email/send_org_invite.hbs +++ b/src/static/templates/email/send_org_invite.hbs @@ -3,7 +3,7 @@ Join {{{org_name}}} You have been invited to join the *{{org_name}}* organization. -Click here to join: {{url}} +Click here to join: {{{url}}} If you do not wish to join this organization, you can safely ignore this email. diff --git a/src/static/templates/email/send_org_invite.html.hbs b/src/static/templates/email/send_org_invite.html.hbs index a78a89e9..ce3a6c05 100644 --- a/src/static/templates/email/send_org_invite.html.hbs +++ b/src/static/templates/email/send_org_invite.html.hbs @@ -9,7 +9,7 @@ Join {{{org_name}}} </tr> <tr style="margin: 0; font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; box-sizing: border-box; font-size: 16px; color: #333; line-height: 25px; -webkit-font-smoothing: antialiased; -webkit-text-size-adjust: none;"> <td class="content-block" style="font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; box-sizing: border-box; font-size: 16px; color: #333; line-height: 25px; margin: 0; -webkit-font-smoothing: antialiased; padding: 0 0 10px; -webkit-text-size-adjust: none; text-align: center;" valign="top" align="center"> - <a href="{{url}}" + <a href="{{{url}}}" clicktracking=off target="_blank" style="color: #ffffff; text-decoration: none; text-align: center; cursor: pointer; display: inline-block; border-radius: 5px; background-color: #3c8dbc; border-color: #3c8dbc; border-style: solid; border-width: 10px 20px; margin: 0; font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; box-sizing: border-box; font-size: 16px; line-height: 25px; -webkit-font-smoothing: antialiased; -webkit-text-size-adjust: none;"> Join Organization Now </a> |