From cef06f864bc2dcdfaaa244054c68d0b644dfac8f Mon Sep 17 00:00:00 2001 From: Steve Date: Sun, 21 Feb 2021 19:39:47 -0500 Subject: [PATCH] ignore leading whitespace for tokens --- reset.go | 5 ++--- token.go | 3 ++- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/reset.go b/reset.go index 21f8674..bdb344d 100644 --- a/reset.go +++ b/reset.go @@ -30,13 +30,13 @@ func resetLookup(res http.ResponseWriter, req *http.Request) { http.Error(res, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) } log.Printf("Sending password reset email to %v\n", email) - /*go func() { + go func() { err = sendMail(email, uname, token) if err != nil { log.Printf("Error sending password reset email %v\n", err) http.Error(res, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) } - }()*/ + }() log.Println("Redirecting to next part of password reset") http.Redirect(res, req, "/reset/form", 303) } @@ -84,7 +84,6 @@ func sendMail(recp string, uname string, token string) error { m.SetHeader("From", Conf.Mail.Username) m.SetHeader("To", recp) m.SetHeader("Subject", "Identity Server Password Reset") - m.SetBody("text/html", "Hello Bob and Cora!") msg := new(bytes.Buffer) diff --git a/token.go b/token.go index f499191..9de2dbf 100644 --- a/token.go +++ b/token.go @@ -3,6 +3,7 @@ package main import ( "errors" "log" + "strings" "time" "github.com/dgrijalva/jwt-go" @@ -32,7 +33,7 @@ func generateToken(sponsor string) (string, error) { func validateToken(tok string) (string, error) { token, err := jwt.ParseWithClaims( - tok, + strings.TrimSpace(tok), &tokenClaim{}, func(token *jwt.Token) (interface{}, error) { return []byte(Conf.Secret), nil