From 0446d977d19920df9fce2d9186cea4a29e5f2093 Mon Sep 17 00:00:00 2001
From: Thomas VEILLARD <thomasveillard@live.fr>
Date: Sat, 13 Nov 2021 20:36:10 +0100
Subject: [PATCH] fix: invitation link for new session should be get http verb

---
 src/mailers/session-mailer.ts | 2 +-
 src/routes/sessions.ts        | 6 +++---
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/src/mailers/session-mailer.ts b/src/mailers/session-mailer.ts
index 4278483..de25e0c 100644
--- a/src/mailers/session-mailer.ts
+++ b/src/mailers/session-mailer.ts
@@ -14,7 +14,7 @@ export async function sendInvitation(user: User) {
 Hello ${user.firstname},
 
 Use the above link to login on the peer review app for the practical activity.
-${BASE_URL}/?token=${user.loginToken}
+${BASE_URL}/sessions/establish?token=${user.loginToken}
 
 This link works only once, but can be renewed multiple times.
 
diff --git a/src/routes/sessions.ts b/src/routes/sessions.ts
index 60a7598..135a10b 100644
--- a/src/routes/sessions.ts
+++ b/src/routes/sessions.ts
@@ -11,11 +11,11 @@ import { randomBytes } from 'crypto'
 import { sendInvitation } from '../mailers/session-mailer'
 
 export async function sessionRoutes(fastify: FastifyInstance) {
-  fastify.post<{ Querystring: SessionsCreateQuerystring }>('/', {
+  fastify.get<{ Querystring: SessionsCreateQuerystring }>('/establish', {
     schema: {
       querystring: sessionsCreateQuerystringSchema
     },
-    handler: async function create(request, reply) {
+    handler: async function establish(request, reply) {
       // should be handled by the schema validation, but is too critical so we check it again.
       if (!request.query.token) throw new Error('Never lookup for a null loginToken, it will match the wrong user.')
 
@@ -34,7 +34,7 @@ export async function sessionRoutes(fastify: FastifyInstance) {
     },
     handler: async function invite(request) {
       const user = await getRepository(User).findOneOrFail({ where: { email: request.body.email } })
-      user.loginToken = (await promisify(randomBytes)(64)).toString('base64')
+      user.loginToken = (await promisify(randomBytes)(64)).toString('hex')
       await getRepository(User).save(user)
       await sendInvitation(user)
       return { success: true }