Skip to content

Commit

Permalink
Use encodeURIComponent to encode goto urls during auth login
Browse files Browse the repository at this point in the history
  • Loading branch information
bmquinn committed Mar 5, 2024
1 parent 67287cd commit 03cb43e
Show file tree
Hide file tree
Showing 2 changed files with 5 additions and 16 deletions.
8 changes: 1 addition & 7 deletions node/src/handlers/get-auth-login.js
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,6 @@ const axios = require("axios").default;
const cookie = require("cookie");
const { wrap } = require("./middleware");
const Honeybadger = require("../honeybadger-setup");
const url = require("url");

/**
* Performs NUSSO login
Expand All @@ -19,12 +18,7 @@ exports.handler = wrap(async (event) => {
};
}

const parsedUrl = url.parse(returnPath, true);
const mergedQueryParams = { ...event.queryStringParameters };
delete mergedQueryParams.goto;
parsedUrl.search = null;
parsedUrl.query = { ...parsedUrl.query, ...mergedQueryParams };
returnPath = url.format(parsedUrl);
returnPath = encodeURIComponent(returnPath);

try {
const response = await axios.get(nussoUrl, {
Expand Down
13 changes: 4 additions & 9 deletions node/test/integration/get-auth-login.test.js
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,6 @@
const chai = require("chai");
const expect = chai.expect;
const nock = require("nock");
const url = require("url");

const getAuthLoginHandler = requireSource("handlers/get-auth-login");

Expand All @@ -14,7 +13,7 @@ describe("auth login", function () {
process.env.NUSSO_BASE_URL = "https://nusso-base.com/";
process.env.NUSSO_API_KEY = "abc123";

const gotoUrl = "https://test-goto.com";
const gotoUrl = "https://test-goto.com/api/search?=College+sports?ai=true";

nock(process.env.NUSSO_BASE_URL)
.get("/get-ldap-redirect-url")
Expand All @@ -26,9 +25,6 @@ describe("auth login", function () {
.mockEvent("GET", "/auth/login")
.queryParams({
goto: gotoUrl,
q: "baseball",
subject: "College+students",
ai: true,
})
.render();

Expand All @@ -39,9 +35,8 @@ describe("auth login", function () {
const [cookieName, encodedString] = cookie.split("=");
expect(cookieName).to.eq("redirectUrl");
const decoded = Buffer.from(encodedString, "base64").toString("utf8");
const parsed = url.parse(decoded, true);
expect(parsed.query.q).to.eq("baseball");
expect(parsed.query.subject).to.eq("College+students");
expect(parsed.query.ai).to.eq("true");
expect(decoded).to.eq(
"https%3A%2F%2Ftest-goto.com%2Fapi%2Fsearch%3F%3DCollege%2Bsports%3Fai%3Dtrue"
);
});
});

0 comments on commit 03cb43e

Please sign in to comment.