Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

URL safe base64 encoding #4554

Merged
merged 1 commit into from
Dec 1, 2014
Merged

URL safe base64 encoding #4554

merged 1 commit into from
Dec 1, 2014

Conversation

sebgie
Copy link
Contributor

@sebgie sebgie commented Dec 1, 2014

closes #3872

  • updated base64 escaping to respect + and \
  • updated base64 escaping to remove = during transport

@ErisDS
Copy link
Member

ErisDS commented Dec 1, 2014

I think we should be able to add tests that any token that is generated is also able to be validated, and also add a test that runs the token through encodeURIComponent() so that we can see that this also still works?

@sebgie sebgie force-pushed the issue#3872 branch 2 times, most recently from 253fdab to 82da421 Compare December 1, 2014 14:02
ErisDS
ErisDS reviewed Dec 1, 2014
View reviewed changes
core/server/api/authentication.js
@@ -47,7 +47,7 @@ authentication = {
return dataProvider.User.generateResetToken(email, expires, dbHash);
}).then(function (resetToken) {
var baseUrl = config.forceAdminSSL ? (config.urlSSL || config.url) : config.url,
resetUrl = baseUrl.replace(/\/$/, '') + '/ghost/reset/' + resetToken + '/';
resetUrl = baseUrl.replace(/\/$/, '') + '/ghost/reset/' + utils.encodeBase64URLsafe(resetToken) + '/';

This comment was marked as abuse.

Sign in to view

This comment was marked as abuse.

Sign in to view

This comment was marked as abuse.

Sign in to view

@sebgie
URL safe base64 encoding
9ddabff 
closes TryGhost#3872
- updated base64 escaping to respect + and \
- updated base64 escaping to remove = during transport
- updated tests
ErisDS added a commit that referenced this pull request Dec 1, 2014
@ErisDS
Merge pull request #4554 from sebgie/issue#3872
c06e649 
URL safe base64 encoding
@ErisDS ErisDS merged commit c06e649 into TryGhost:master Dec 1, 2014
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Password Forget and Reset Password
2 participants
@sebgie @ErisDS