-
-
Notifications
You must be signed in to change notification settings - Fork 4.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix: Usernames should encode all characters in emails #9541
base: alpha
Are you sure you want to change the base?
Changes from all commits
1f68ff7
70cf918
ac445f7
c2d4821
539ad9f
b6d7c71
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -52,6 +52,37 @@ describe('Email Verification Token Expiration: ', () => { | |
}); | ||
}); | ||
|
||
it('should send an HTML or properly escaped plain text password reset email', async () => { | ||
const user = new Parse.User(); | ||
let sendEmailOptions; | ||
const emailAdapter = { | ||
sendPasswordResetEmail: (options) => { | ||
sendEmailOptions = options; | ||
}, | ||
sendVerificationEmail: async () => {}, | ||
sendMail: async () => {}, | ||
}; | ||
|
||
await reconfigureServer({ | ||
appName: 'specialCharacterUsernameTest', | ||
publicServerURL: 'http://localhost:8378/1', | ||
emailAdapter: emailAdapter, | ||
}); | ||
|
||
user.setUsername('hello :)'); | ||
user.setPassword('password123'); | ||
user.set('email', '[email protected]'); | ||
await user.signUp(); | ||
|
||
await Parse.User.requestPasswordReset('[email protected]'); | ||
|
||
expect(sendEmailOptions).toBeDefined(); | ||
|
||
const username = sendEmailOptions.link.split('username=')[1]; | ||
expect(username).toBe('hello%20%3A%29'); | ||
}); | ||
|
||
|
||
it('emailVerified should set to false, if the user does not verify their email before the email verify token expires', done => { | ||
const user = new Parse.User(); | ||
let sendEmailOptions; | ||
|
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -399,6 +399,17 @@ | |
} | ||
return obj; | ||
} | ||
|
||
/** | ||
* Encodes a string to be used in a URL. | ||
* @param {String} input The string to encode. | ||
* @returns {String} The encoded string. | ||
*/ | ||
static encode(input) { | ||
return encodeURIComponent(input).replace(/[!'()*]/g, char => | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. From here:
How does it handle dot, comma, etc after the URL? Do we need to add these chars to the regex, or add tests for that? |
||
'%' + char.charCodeAt(0).toString(16).toUpperCase() | ||
); | ||
} | ||
} | ||
|
||
module.exports = Utils; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Could you add a loop and test a bunch of different chars? See also #9541 (comment).