mirror of
https://github.com/bitwarden/server.git
synced 2024-11-24 12:35:25 +01:00
Auth/PM-11252 - Registration with Email Verification - Adjust url to point to new signup redirect connector (#4691)
* PM-11252 - Registration with Email Verification - Adjust url in email to point to new signup redirect connector. * PM-11252 - RegisterVerifyEmail - use url fragment structure to obfuscate query params from logging and prevent open redirects.
This commit is contained in:
parent
add8783e31
commit
ab73eeae16
@ -4,11 +4,15 @@ namespace Bit.Core.Auth.Models.Mail;
|
|||||||
|
|
||||||
public class RegisterVerifyEmail : BaseMailModel
|
public class RegisterVerifyEmail : BaseMailModel
|
||||||
{
|
{
|
||||||
// We must include email in the URL even though it is already in the token so that the
|
// Note 1: We must include email in the URL even though it is already in the token so that the
|
||||||
// client can use it to create the master key when they set their password.
|
// client can use it to create the master key when they set their password.
|
||||||
// We also have to include the fromEmail flag so that the client knows the user
|
// We also have to include the fromEmail flag so that the client knows the user
|
||||||
// is coming to the finish signup page from an email link and not directly from another route in the app.
|
// is coming to the finish signup page from an email link and not directly from another route in the app.
|
||||||
public string Url => string.Format("{0}/finish-signup?token={1}&email={2}&fromEmail=true",
|
// Note 2: we cannot use a web vault url which contains a # as that is a reserved wild character on Android
|
||||||
|
// so we must land on a redirect connector which will redirect to the finish signup page.
|
||||||
|
// Note 3: The use of a fragment to indicate the redirect url is to prevent the query string from being logged by
|
||||||
|
// proxies and servers. It also helps reduce open redirect vulnerabilities.
|
||||||
|
public string Url => string.Format("{0}/redirect-connector.html#finish-signup?token={1}&email={2}&fromEmail=true",
|
||||||
WebVaultUrl,
|
WebVaultUrl,
|
||||||
Token,
|
Token,
|
||||||
Email);
|
Email);
|
||||||
|
@ -63,7 +63,7 @@ public class HandlebarsMailService : IMailService
|
|||||||
{
|
{
|
||||||
Token = WebUtility.UrlEncode(token),
|
Token = WebUtility.UrlEncode(token),
|
||||||
Email = WebUtility.UrlEncode(email),
|
Email = WebUtility.UrlEncode(email),
|
||||||
WebVaultUrl = _globalSettings.BaseServiceUri.VaultWithHash,
|
WebVaultUrl = _globalSettings.BaseServiceUri.Vault,
|
||||||
SiteName = _globalSettings.SiteName
|
SiteName = _globalSettings.SiteName
|
||||||
};
|
};
|
||||||
await AddMessageContentAsync(message, "Auth.RegistrationVerifyEmail", model);
|
await AddMessageContentAsync(message, "Auth.RegistrationVerifyEmail", model);
|
||||||
|
Loading…
Reference in New Issue
Block a user