🐛 fixes confirmation link (ITISFoundation#5444)

bisgaard-itis · Mar 8, 2024 · 38cf314 · 38cf314
1 parent 9b8adcd
commit 38cf314
Showing 1 changed file with 8 additions and 5 deletions.
diff --git a/services/web/server/src/simcore_service_webserver/login/storage.py b/services/web/server/src/simcore_service_webserver/login/storage.py
@@ -4,7 +4,7 @@
 
 import asyncpg
 from aiohttp import web
-from servicelib.utils_secrets import generate_password
+from servicelib.utils_secrets import generate_passcode
 
 from . import _sql
 
@@ -80,13 +80,16 @@ async def create_confirmation(
         async with self.pool.acquire() as conn:
             # generate different code
             while True:
-                code: str = generate_password(30)
-                if not await _sql.find_one(conn, self.confirm_tbl, {"code": code}):
+                # NOTE: use only numbers (i.e. avoid generate_password) since front-end does not handle well url encoding
+                numeric_code: str = generate_passcode(20)
+                if not await _sql.find_one(
+                    conn, self.confirm_tbl, {"code": numeric_code}
+                ):
                     break
             # insert confirmation
             # NOTE: returns timestamp generated at the server-side
             confirmation = ConfirmationTokenDict(
-                code=code,
+                code=numeric_code,
                 action=action,
                 user_id=user_id,
                 data=data,
@@ -95,7 +98,7 @@ async def create_confirmation(
             c = await _sql.insert(
                 conn, self.confirm_tbl, confirmation, returning="code"
             )
-            assert code == c  # nosec
+            assert numeric_code == c  # nosec
             return confirmation
 
     async def get_confirmation(self, filter_dict) -> ConfirmationTokenDict | None: