From 11e0f889a7a9534664a9f424ea156780e191b19f Mon Sep 17 00:00:00 2001 From: Brendan Quinn Date: Tue, 5 Mar 2024 23:27:29 +0000 Subject: [PATCH] Use encodeURIComponent to encode goto urls during auth login --- node/src/handlers/get-auth-login.js | 7 +------ node/test/integration/get-auth-login.test.js | 12 ++++-------- 2 files changed, 5 insertions(+), 14 deletions(-) diff --git a/node/src/handlers/get-auth-login.js b/node/src/handlers/get-auth-login.js index d84c0ff2..1d4085de 100644 --- a/node/src/handlers/get-auth-login.js +++ b/node/src/handlers/get-auth-login.js @@ -19,12 +19,7 @@ exports.handler = wrap(async (event) => { }; } - const parsedUrl = url.parse(returnPath, true); - const mergedQueryParams = { ...event.queryStringParameters }; - delete mergedQueryParams.goto; - parsedUrl.search = null; - parsedUrl.query = { ...parsedUrl.query, ...mergedQueryParams }; - returnPath = url.format(parsedUrl); + returnPath = encodeURIComponent(returnPath); try { const response = await axios.get(nussoUrl, { diff --git a/node/test/integration/get-auth-login.test.js b/node/test/integration/get-auth-login.test.js index ae7f6c53..4ce04c53 100644 --- a/node/test/integration/get-auth-login.test.js +++ b/node/test/integration/get-auth-login.test.js @@ -14,7 +14,7 @@ describe("auth login", function () { process.env.NUSSO_BASE_URL = "https://nusso-base.com/"; process.env.NUSSO_API_KEY = "abc123"; - const gotoUrl = "https://test-goto.com"; + const gotoUrl = "https://test-goto.com/api/search?=College+sports?ai=true"; nock(process.env.NUSSO_BASE_URL) .get("/get-ldap-redirect-url") @@ -26,9 +26,6 @@ describe("auth login", function () { .mockEvent("GET", "/auth/login") .queryParams({ goto: gotoUrl, - q: "baseball", - subject: "College+students", - ai: true, }) .render(); @@ -39,9 +36,8 @@ describe("auth login", function () { const [cookieName, encodedString] = cookie.split("="); expect(cookieName).to.eq("redirectUrl"); const decoded = Buffer.from(encodedString, "base64").toString("utf8"); - const parsed = url.parse(decoded, true); - expect(parsed.query.q).to.eq("baseball"); - expect(parsed.query.subject).to.eq("College+students"); - expect(parsed.query.ai).to.eq("true"); + expect(decoded).to.eq( + "https%3A%2F%2Ftest-goto.com%2Fapi%2Fsearch%3F%3DCollege%2Bsports%3Fai%3Dtrue" + ); }); });