From b69290425a301366b26042577e74f18abcb20f3f Mon Sep 17 00:00:00 2001
From: Emilien GUILMINEAU <guilmineau.emilien@gmail.com>
Date: Sat, 30 Mar 2024 20:46:02 +0100
Subject: [PATCH] :children_crossing: Remove URL encoding from token

---
 README.rst       | 7 ++++---
 snappass/main.py | 1 +
 2 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/README.rst b/README.rst
index 3f45ba8..8c55ce5 100644
--- a/README.rst
+++ b/README.rst
@@ -152,6 +152,7 @@ This will return a JSON response with a token and the password link:
 
     {
         "token": "snappassbedf19b161794fd288faec3eba15fa41~hHnILpQ50ZfJc3nurDfHCb_22rBr5gGEya68e_cZOrY%3D",
+        "token": "snappassbedf19b161794fd288faec3eba15fa41~hHnILpQ50ZfJc3nurDfHCb_22rBr5gGEya68e_cZOrY=",
         "links": [{
             "rel": "self",
             "href": "http://127.0.0.1:5000/api/v2/passwords/snappassbedf19b161794fd288faec3eba15fa41~hHnILpQ50ZfJc3nurDfHCb_22rBr5gGEya68e_cZOrY%3D",
@@ -187,7 +188,7 @@ Otherwise, the API will return a 404 (Not Found) response like so:
 Check if a password exists
 """"""""""""""""""""""""""
 
-To check if a password exists, send a HEAD request to ``/api/v2/passwords/<password_key>``, where ``<password_key>`` is the token of the API response when a password is created, or simply use the `self` link:
+To check if a password exists, send a HEAD request to ``/api/v2/passwords/<token>``, where ``<token>`` is the token of the API response when a password is created (url encoded), or simply use the `self` link:
 
 ::
 
@@ -233,9 +234,9 @@ To read a password, send a GET request to ``/api/v2/passwords/<password_key>``,
     $ curl -X GET http://localhost:5000/api/v2/passwords/snappassbedf19b161794fd288faec3eba15fa41~hHnILpQ50ZfJc3nurDfHCb_22rBr5gGEya68e_cZOrY%3D
 
 If :
-- the passwork_key is valid 
+- the token is valid 
 - the password :
-  - exists,
+  - exists
   - has not been read 
   - is not expired
 
diff --git a/snappass/main.py b/snappass/main.py
index 9ef5a43..9b04690 100644
--- a/snappass/main.py
+++ b/snappass/main.py
@@ -285,6 +285,7 @@ def api_v2_set_password():
     link = urljoin(base_url, request.path + "/" + url_token)
     response_content = {
         "token": url_token,
+        "token": token,
         "links": [{
             "rel": "self",
             "href": link