From 7e3acf26b4b6f3f1087beebea2ce300e5f89c283 Mon Sep 17 00:00:00 2001
From: hnolde <h.nolde@shopping2go.de>
Date: Tue, 4 Nov 2025 16:11:51 +0100
Subject: [PATCH] Fix: update OAuth2 state storage initialization and state
 token encoding

---
 src/api/admin.rs | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/api/admin.rs b/src/api/admin.rs
index a9d9a5b5..14c0aaee 100644
--- a/src/api/admin.rs
+++ b/src/api/admin.rs
@@ -106,7 +106,7 @@ static CAN_BACKUP: LazyLock<bool> =
 static CAN_BACKUP: LazyLock<bool> = LazyLock::new(|| false);
 
 // OAuth2 state storage for CSRF protection (state -> expiration timestamp)
-static OAUTH2_STATES: LazyLock<RwLock<HashMap<String, u64>>> = 
+static OAUTH2_STATES: LazyLock<RwLock<HashMap<String, u64>>> =
     LazyLock::new(|| RwLock::new(HashMap::new()));
 
 #[get("/")]
@@ -370,7 +370,7 @@ fn oauth2_authorize(_token: AdminToken) -> Result<Redirect, Error> {
     let scopes = CONFIG.smtp_oauth2_scopes();
 
     // Generate a random state token for CSRF protection
-    let state = crate::crypto::encode_random_bytes::<32>(BASE64URL_NOPAD);
+    let state = crate::crypto::encode_random_bytes::<32>(&BASE64URL_NOPAD);
 
     // Store state with expiration (10 minutes from now)
     let expiration = SystemTime::now().duration_since(UNIX_EPOCH).unwrap().as_secs() + 600;