darkhelm/notifications-api
1
0
Fork 0
mirror of https://github.com/GSA/notifications-api.git synced 2025-12-21 07:51:13 -05:00
Code Issues Packages Projects Releases Wiki Activity

make state non-arbitrary

Browse Source
This commit is contained in:
Kenneth Kehl
2024-04-02 13:18:21 -07:00
parent 9ecbfd24ff
commit 23e66db2a9
3 changed files with 34 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
app/organization/invite_rest.py
View File

@@ -52,6 +52,15 @@ def invite_user_to_org(organization_id):
current_app.config["ORGANIZATION_INVITATION_EMAIL_TEMPLATE_ID"]
)
token = generate_token(
str(invited_org_user.email_address),
current_app.config["SECRET_KEY"],
current_app.config["DANGEROUS_SALT"],
)
url = os.environ["LOGIN_DOT_GOV_REGISTRATION_URL"]
url = url.replace("NONCE", token)
url = url.replace("STATE", token)
personalisation = {
"user_name": (
"The Notify.gov team"
@@ -59,7 +68,7 @@ def invite_user_to_org(organization_id):
else invited_org_user.invited_by.name
),
"organization_name": invited_org_user.organization.name,
"url": os.environ["LOGIN_DOT_GOV_REGISTRATION_URL"],
"url": url,
}
saved_notification = persist_notification(
template_id=template.id,