From 346ac409a2b84c4de8495afa3658ff14c3d41b76 Mon Sep 17 00:00:00 2001
From: Benjamin Foote <git@bnf.net>
Date: Thu, 2 May 2019 21:25:00 -0700
Subject: [PATCH] fix #115 state variable alpha num

---
 handlers/handlers.go | 14 +++++++++++++-
 1 file changed, 13 insertions(+), 1 deletion(-)

diff --git a/handlers/handlers.go b/handlers/handlers.go
index ffa02527..f7b2ead1 100644
--- a/handlers/handlers.go
+++ b/handlers/handlers.go
@@ -10,6 +10,7 @@ import (
 	"mime/multipart"
 	"net/http"
 	"net/url"
+	"regexp"
 	"strconv"
 	"strings"
 
@@ -261,6 +262,17 @@ func HealthcheckHandler(w http.ResponseWriter, r *http.Request) {
 	fmt.Fprintf(w, "{ \"ok\": true }")
 }
 
+var regExJustAlphaNum, _ = regexp.Compile("[^a-zA-Z0-9]+")
+
+func generateStateNonce() (string, error) {
+	state, err := securerandom.URLBase64InBytes(base64Bytes)
+	if err != nil {
+		return "", err
+	}
+	state = regExJustAlphaNum.ReplaceAllString(state, "")
+	return state, nil
+}
+
 // LoginHandler /login
 // currently performs a 302 redirect to Google
 func LoginHandler(w http.ResponseWriter, r *http.Request) {
@@ -273,7 +285,7 @@ func LoginHandler(w http.ResponseWriter, r *http.Request) {
 		log.Warnf("couldn't find existing encrypted secure cookie with name %s: %s (probably fine)", cfg.Cfg.Session.Name, err)
 	}
 
-	state, err := securerandom.URLBase64OfBytes(base64Bytes)
+	state, err := generateStateNonce()
 	if err != nil {
 		log.Error(err)
 	}