Password files must be trimmed of newlines

api/adaptors/sql/src/lib.rs

@@ -188,11 +188,14 @@ fn get_connection_string() -> String {
     if let Some(password_file_location) = env::var_os("DATABASE_PASSWORD_FILE") {
         // The password can be left out of the URL, we add it from the specified
         // file (presumably under /run/secrets/)
-        let password = fs::read(&password_file_location).unwrap_or_else(|err| {
+        let password = fs::read(&password_file_location)
+            .unwrap_or_else(|err| {
                 panic!("could not read database password from {password_file_location:?}\n\t{err:?}")
             });
+        let password = String::from(String::from_utf8_lossy(password.as_slice()));
+        let password = password.trim_end();
         let mut url = Url::parse(&connection_string).expect("invalid connection string");
-        url.set_password(Some(String::from_utf8_lossy(password.as_slice()).as_ref()))
+        url.set_password(Some(password))
             .unwrap_or_else(|_| panic!("invalid database URL: {connection_string:?}"));
         url.to_string()
     } else {

api/src/routes/tasks.rs

@@ -35,7 +35,7 @@ pub async fn cleanup<A: Adaptor>(
             println!("Error reading CRON_KEY_FILE at {path:?}");
             return Err(ApiError::NotAuthorized);
         };
-        String::from_utf8_lossy(key.as_slice()).into()
+        String::from_utf8_lossy(key.as_slice()).to_owned().trim_end().to_string()
     } else {
         Default::default()
     };