Skip to content

Commit

Permalink
✉️ fix: email address encoding in verification link (#3085)
Browse files Browse the repository at this point in the history 
Related to #3084

Implements URL encoding for email addresses in verification links and decodes them upon verification.

- **Encode email addresses** in `sendVerificationEmail` and `resendVerificationEmail` functions using `encodeURIComponent` to ensure special characters like `+` are correctly handled in the verification link.
- **Decode email addresses** in the `verifyEmail` function using `decodeURIComponent` to accurately retrieve and validate the email address from the verification link against the database.


---

For more details, open the [Copilot Workspace session](https://copilot-workspace.githubnext.com/danny-avila/LibreChat/issues/3084?shareId=9c32df30-4156-4082-a3eb-fff54eaba5b3).
  • Loading branch information
@berry-13
berry-13 authored Jun 16, 2024
1 parent 2cf5228 commit a338dec
Showing 1 changed file with 3 additions and 3 deletions.
6 changes: 3 additions & 3 deletions api/server/services/AuthService.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -62,7 +62,7 @@ const sendVerificationEmail = async (user) => {
let verifyToken = crypto.randomBytes(32).toString('hex');
const hash = bcrypt.hashSync(verifyToken, 10);

const verificationLink = `${domains.client}/verify?token=${verifyToken}&email=${user.email}`;
const verificationLink = `${domains.client}/verify?token=${verifyToken}&email=${encodeURIComponent(user.email)}`;
await sendEmail({
email: user.email,
subject: 'Verify your email',
Expand Down Expand Up @@ -91,7 +91,7 @@ const sendVerificationEmail = async (user) => {
*/
const verifyEmail = async (req) => {
const { email, token } = req.body;
let emailVerificationData = await Token.findOne({ email });
let emailVerificationData = await Token.findOne({ email: decodeURIComponent(email) });

if (!emailVerificationData) {
logger.warn(`[verifyEmail] [No email verification data found] [Email: ${email}]`);
Expand Down Expand Up @@ -363,7 +363,7 @@ const resendVerificationEmail = async (req) => {
let verifyToken = crypto.randomBytes(32).toString('hex');
const hash = bcrypt.hashSync(verifyToken, 10);

const verificationLink = `${domains.client}/verify?token=${verifyToken}&email=${user.email}`;
const verificationLink = `${domains.client}/verify?token=${verifyToken}&email=${encodeURIComponent(user.email)}`;

await sendEmail({
email: user.email,
Expand Down

0 comments on commit a338dec

Please sign in to comment.