respect return url on sign in link

2025-07-13 05:38:25 -05:00 · 2018-03-22 13:18:18 -04:00
parent ff9f605b7d
commit 14039d7d1a
6 changed files with 57 additions and 9 deletions
--- a/src/Core/Services/Implementations/MarkdownMailService.cs
+++ b/src/Core/Services/Implementations/MarkdownMailService.cs
@ -6,6 +6,7 @@ using Bit.Core.Models.Mail;
 using System.IO;
 using System.Net;
 using System.Reflection;
+using Bit.Core.Utilities;

 namespace Bit.Core.Services
 {
@ -172,10 +173,14 @@ namespace Bit.Core.Services

        public async Task SendPasswordlessSignInAsync(string baseUrl, string token, string email)
        {
+            var url = CoreHelpers.ExtendQuery(new Uri(baseUrl), new Dictionary<string, string>
+            {
+                ["email"] = email,
+                ["token"] = token,
+            });
            var model = new Dictionary<string, string>
            {
-                ["url"] = string.Format("{0}?email={1}&token={2}", baseUrl, WebUtility.UrlEncode(email),
-                    WebUtility.UrlEncode(token))
+                ["url"] = url.ToString()
            };

            var message = await CreateMessageAsync("Continue Logging In", email, "PasswordlessSignIn", model);
--- a/src/Core/Services/Implementations/RazorMailService.cs
+++ b/src/Core/Services/Implementations/RazorMailService.cs
@ -206,10 +206,15 @@ namespace Bit.Core.Services
        public async Task SendPasswordlessSignInAsync(string baseUrl, string token, string email)
        {
            var message = CreateDefaultMessage("Continue Logging In", email);
+
+            var url = CoreHelpers.ExtendQuery(new Uri(baseUrl), new Dictionary<string, string>
+            {
+                ["email"] = email,
+                ["token"] = token,
+            });
            var model = new PasswordlessSignInModel
            {
-                Url = string.Format("{0}?email={1}&token={2}", baseUrl, WebUtility.UrlEncode(email),
-                    WebUtility.UrlEncode(token))
+                Url = url.ToString()
            };
            message.HtmlContent = await _engine.CompileRenderAsync("PasswordlessSignIn", model);
            message.TextContent = await _engine.CompileRenderAsync("PasswordlessSignIn.text", model);
--- a/src/Core/Utilities/CoreHelpers.cs
+++ b/src/Core/Utilities/CoreHelpers.cs
@ -12,6 +12,7 @@ using System.Text;
 using System.Text.RegularExpressions;
 using Dapper;
 using System.Globalization;
+using System.Web;

 namespace Bit.Core.Utilities
 {
@ -425,5 +426,31 @@ namespace Bit.Core.Utilities

            return _max.Subtract(date.Value).TotalMilliseconds.ToString(CultureInfo.InvariantCulture);
        }
+
+        // ref: https://stackoverflow.com/a/27545010/1090359
+        public static Uri ExtendQuery(Uri uri, IDictionary<string, string> values)
+        {
+            var baseUri = uri.ToString();
+            var queryString = string.Empty;
+            if(baseUri.Contains("?"))
+            {
+                var urlSplit = baseUri.Split('?');
+                baseUri = urlSplit[0];
+                queryString = urlSplit.Length > 1 ? urlSplit[1] : string.Empty;
+            }
+
+            var queryCollection = HttpUtility.ParseQueryString(queryString);
+            foreach(var kvp in values ?? new Dictionary<string, string>())
+            {
+                queryCollection[kvp.Key] = kvp.Value;
+            }
+
+            var uriKind = uri.IsAbsoluteUri ? UriKind.Absolute : UriKind.Relative;
+            if(queryCollection.Count == 0)
+            {
+                return new Uri(baseUri, uriKind);
+            }
+            return new Uri(string.Format("{0}?{1}", baseUri, queryCollection), uriKind);
+        }
    }
 }