Skip to content

Commit 2488a53

Browse files
LiboukLibouk
committed
fix(api): encode email query parameter to prevent blank on + character
1 parent 8d4554f commit 2488a53

File tree

2 files changed

+31
-5
lines changed

2 files changed

+31
-5
lines changed

api/src/identity-access-management/domain/emails/create-warning-connection.email.js

+1-1
Original file line numberDiff line numberDiff line change
@@ -27,7 +27,7 @@ export function createWarningConnectionEmail({ locale, email, firstName, validat
2727

2828
const { i18n, defaultVariables } = factory;
2929
const pixAppUrl = urlBuilder.getPixAppBaseUrl(locale);
30-
const resetUrl = `${pixAppUrl}/mot-de-passe-oublie?lang=${lang}&email=${email}`;
30+
const resetUrl = `${pixAppUrl}/mot-de-passe-oublie?lang=${lang}&email=` + encodeURIComponent(`${email}`);
3131

3232
return factory.buildEmail({
3333
template: mailer.warningConnectionTemplateId,

api/tests/identity-access-management/unit/domain/emails/create-warning-connection.email.test.js

+30-4
Original file line numberDiff line numberDiff line change
@@ -59,7 +59,7 @@ describe('Unit | Identity Access Management | Domain | Email | create-warning-co
5959
'https://test.app.pix.org/api/users/validate-email?token=token&redirect_url=https%3A%2F%2Fpix.org%2Fen%2Fsupport';
6060

6161
const expectedResetUrl =
62-
'https://test.app.pix.org/api/users/validate-email?token=token&redirect_url=https%3A%2F%2Ftest.app.pix.org%2Fmot-de-passe-oublie%3Flang%3Den%26email%3Dtoto%40example.net';
62+
'https://test.app.pix.org/api/users/validate-email?token=token&redirect_url=https%3A%2F%2Ftest.app.pix.org%2Fmot-de-passe-oublie%3Flang%3Den%26email%3Dtoto%2540example.net';
6363
expect(resetUrl).to.equal(expectedResetUrl);
6464
expect(helpDeskUrl).to.equal(expectedSupportUrl);
6565
});
@@ -83,7 +83,7 @@ describe('Unit | Identity Access Management | Domain | Email | create-warning-co
8383
const expectedSupportUrl =
8484
'https://test.app.pix.fr/api/users/validate-email?token=token&redirect_url=https%3A%2F%2Fpix.fr%2Fsupport';
8585
const expectedResetUrl =
86-
'https://test.app.pix.fr/api/users/validate-email?token=token&redirect_url=https%3A%2F%2Ftest.app.pix.fr%2Fmot-de-passe-oublie%3Flang%3Dfr%26email%3Dtoto%40example.net';
86+
'https://test.app.pix.fr/api/users/validate-email?token=token&redirect_url=https%3A%2F%2Ftest.app.pix.fr%2Fmot-de-passe-oublie%3Flang%3Dfr%26email%3Dtoto%2540example.net';
8787
expect(resetUrl).to.equal(expectedResetUrl);
8888
expect(helpDeskUrl).to.equal(expectedSupportUrl);
8989
});
@@ -107,7 +107,7 @@ describe('Unit | Identity Access Management | Domain | Email | create-warning-co
107107
const expectedSupportUrl =
108108
'https://test.app.pix.org/api/users/validate-email?token=token&redirect_url=https%3A%2F%2Fpix.org%2Ffr%2Fsupport';
109109
const expectedResetUrl =
110-
'https://test.app.pix.org/api/users/validate-email?token=token&redirect_url=https%3A%2F%2Ftest.app.pix.org%2Fmot-de-passe-oublie%3Flang%3Dfr%26email%3Dtoto%40example.net';
110+
'https://test.app.pix.org/api/users/validate-email?token=token&redirect_url=https%3A%2F%2Ftest.app.pix.org%2Fmot-de-passe-oublie%3Flang%3Dfr%26email%3Dtoto%2540example.net';
111111
expect(resetUrl).to.equal(expectedResetUrl);
112112
expect(helpDeskUrl).to.equal(expectedSupportUrl);
113113
});
@@ -129,12 +129,38 @@ describe('Unit | Identity Access Management | Domain | Email | create-warning-co
129129
// then
130130
const { resetUrl, helpDeskUrl } = email.variables;
131131
const expectedResetUrl =
132-
'https://test.app.pix.org/api/users/validate-email?token=token&redirect_url=https%3A%2F%2Ftest.app.pix.org%2Fmot-de-passe-oublie%3Flang%3Dnl%26email%3Dtoto%40example.net';
132+
'https://test.app.pix.org/api/users/validate-email?token=token&redirect_url=https%3A%2F%2Ftest.app.pix.org%2Fmot-de-passe-oublie%3Flang%3Dnl%26email%3Dtoto%2540example.net';
133133

134134
const expectedSupportUrl =
135135
'https://test.app.pix.org/api/users/validate-email?token=token&redirect_url=https%3A%2F%2Fpix.org%2Fnl-be%2Fsupport';
136136
expect(resetUrl).to.equal(expectedResetUrl);
137137
expect(helpDeskUrl).to.equal(expectedSupportUrl);
138138
});
139139
});
140+
141+
describe('when the email query parameter contains a +', function () {
142+
it('provides the correct urls', function () {
143+
// given
144+
const emailParams = {
145+
email: 'toto+tata@example.net',
146+
locale: 'fr-fr',
147+
firstName: 'John',
148+
validationToken: 'token',
149+
};
150+
151+
// when
152+
const email = createWarningConnectionEmail(emailParams);
153+
154+
//https://test.app.pix.fr/api/users/validate-email?token=token&redirect_url=https%3A%2F%2Ftest.app.pix.fr%2Fmot-de-passe-oublie%3Flang%3Dfr%26email%3Dtoto%2Btata%40example.net
155+
156+
// then
157+
const { helpDeskUrl, resetUrl } = email.variables;
158+
const expectedSupportUrl =
159+
'https://test.app.pix.fr/api/users/validate-email?token=token&redirect_url=https%3A%2F%2Fpix.fr%2Fsupport';
160+
const expectedResetUrl =
161+
'https://test.app.pix.fr/api/users/validate-email?token=token&redirect_url=https%3A%2F%2Ftest.app.pix.fr%2Fmot-de-passe-oublie%3Flang%3Dfr%26email%3Dtoto%252Btata%2540example.net';
162+
expect(resetUrl).to.equal(expectedResetUrl);
163+
expect(helpDeskUrl).to.equal(expectedSupportUrl);
164+
});
165+
});
140166
});

0 commit comments

Comments
 (0)