ignore leading whitespace for tokens

This commit is contained in:
stryan 2021-02-21 19:39:47 -05:00
parent e48ec9ce0b
commit cef06f864b
2 changed files with 4 additions and 4 deletions

View File

@ -30,13 +30,13 @@ func resetLookup(res http.ResponseWriter, req *http.Request) {
http.Error(res, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) http.Error(res, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
} }
log.Printf("Sending password reset email to %v\n", email) log.Printf("Sending password reset email to %v\n", email)
/*go func() { go func() {
err = sendMail(email, uname, token) err = sendMail(email, uname, token)
if err != nil { if err != nil {
log.Printf("Error sending password reset email %v\n", err) log.Printf("Error sending password reset email %v\n", err)
http.Error(res, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) http.Error(res, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
} }
}()*/ }()
log.Println("Redirecting to next part of password reset") log.Println("Redirecting to next part of password reset")
http.Redirect(res, req, "/reset/form", 303) http.Redirect(res, req, "/reset/form", 303)
} }
@ -84,7 +84,6 @@ func sendMail(recp string, uname string, token string) error {
m.SetHeader("From", Conf.Mail.Username) m.SetHeader("From", Conf.Mail.Username)
m.SetHeader("To", recp) m.SetHeader("To", recp)
m.SetHeader("Subject", "Identity Server Password Reset") m.SetHeader("Subject", "Identity Server Password Reset")
m.SetBody("text/html", "Hello <b>Bob</b> and <i>Cora</i>!")
msg := new(bytes.Buffer) msg := new(bytes.Buffer)

View File

@ -3,6 +3,7 @@ package main
import ( import (
"errors" "errors"
"log" "log"
"strings"
"time" "time"
"github.com/dgrijalva/jwt-go" "github.com/dgrijalva/jwt-go"
@ -32,7 +33,7 @@ func generateToken(sponsor string) (string, error) {
func validateToken(tok string) (string, error) { func validateToken(tok string) (string, error) {
token, err := jwt.ParseWithClaims( token, err := jwt.ParseWithClaims(
tok, strings.TrimSpace(tok),
&tokenClaim{}, &tokenClaim{},
func(token *jwt.Token) (interface{}, error) { func(token *jwt.Token) (interface{}, error) {
return []byte(Conf.Secret), nil return []byte(Conf.Secret), nil