Skip to content
This repository has been archived by the owner on Jul 12, 2023. It is now read-only.

Fix verify email flow with no realm #887

Merged
merged 4 commits into from
Oct 22, 2020
Merged

Fix verify email flow with no realm #887

merged 4 commits into from
Oct 22, 2020

Conversation

whaught
Copy link
Contributor

@whaught whaught commented Oct 22, 2020

Fixes #873

Proposed Changes

  • Drops the realm required for verifying email
  • Protect the template in the case realm is nil
  • Make sure the email link works properly (html unescape)

Release Note

Fix redirect loop when verifying email for an admin with no realm selected

@google-cla google-cla bot added the cla: yes Auto: added by CLA bot when all committers have signed a CLA. label Oct 22, 2020
jeremyfaller
jeremyfaller approved these changes Oct 22, 2020
View reviewed changes
Copy link
Contributor

@jeremyfaller jeremyfaller left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/hold

hold until you decide on rate limiter.

lgtm

cmd/server/assets/email/default_email_verify.html Outdated Show resolved Hide resolved
internal/routes/server.go
// Verifying email requires the user is logged in
sub = r.PathPrefix("").Subrouter()
sub.Use(requireAuth)
sub.Use(rateLimit)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

still feels like we should keep the rate limiter?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

see line 164. This merges it with the above subrouter which still has rate limiting

sethvargo
sethvargo reviewed Oct 22, 2020
View reviewed changes
pkg/render/render.go Outdated
@@ -128,13 +128,18 @@ func loadTemplates(tmpl *template.Template, root string) error {
})
}

func unescape(s string) template.HTML {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nit: I'd prefer to name this safeHTML or something instead? It's possible we might want to do the same for JS or CSS in the future.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

done. added a doc comment

sethvargo
sethvargo approved these changes Oct 22, 2020
View reviewed changes
Copy link
Member

@sethvargo sethvargo left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm

@google-oss-robot
Copy link

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: jeremyfaller, sethvargo, whaught

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:
  • OWNERS [jeremyfaller,sethvargo,whaught]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@whaught
Copy link
Contributor Author

whaught commented Oct 22, 2020

/unhold

@whaught
Copy link
Contributor Author

whaught commented Oct 22, 2020

/retest

@google-oss-robot google-oss-robot merged commit 15e72aa into google:main Oct 22, 2020
@whaught whaught deleted the fix-no-realm-loop branch October 22, 2020 17:36
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Oct 23, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@sethvargo sethvargo sethvargo approved these changes

@jeremyfaller jeremyfaller jeremyfaller approved these changes

Assignees

@sethvargo sethvargo

@jeremyfaller jeremyfaller

Labels
cla: yes Auto: added by CLA bot when all committers have signed a CLA.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Looping redirect on fresh bootstrapped project
4 participants
@whaught @google-oss-robot @sethvargo @jeremyfaller