Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix replacing substring of params in search query #1226

Open
wants to merge 14 commits into
base: master
Choose a base branch
from
Open

Fix replacing substring of params in search query #1226

wants to merge 14 commits into from

Conversation

Xhofleer
Copy link

The tryLoginCodeFlow in the oAuth-service.ts clears the hash after login. The code removes the following parameters from the search query: code, scope, state and session_state. The regex that was used to remove these params was breaking different params that end on the same string.

e.g. if the param "zipcode=xxx" was used in the search query the string "code=xxx" was removed and the URL was not valid anymore.
"http://localhost:4300?zipcode=10115&consumption=2500"
Was resulting in
"http://localhost:4300?zip&consumption=2500"

In this PR I changed the regex to only remove the parameter if it's a total match.

@Xhofleer Xhofleer changed the title Feature/fix replacing substring of params in search query Fix replacing substring of params in search query Apr 25, 2022
Xhofleer
Xhofleer commented Apr 25, 2022
View reviewed changes
projects/lib/src/oauth-service.ts
Comment on lines -1752 to -1757
.replace(/^\?&/, '?')
.replace(/&$/, '')
.replace(/^\?$/, '')
.replace(/&+/g, '&')
.replace(/\?&/, '?')
.replace(/\?$/, '') +
Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The new way of matching will result in less situations that can break the format of the URL that's why these replace are not needed anymore.

@jeroenheijmans
Copy link
Collaborator

@GeorgeHarbers I think your recent updates make it so your private AWS and GitHub Workflow code became part of the PR to this upstream library, I presume that was not intended? I don't see any immediate secrets being leaked when scanning the changes in the PR, but I recommend double checking regardless.

@GeorgeHarbers
Copy link

Correct, my bad. I will restore it.

@L-X-T L-X-T force-pushed the master branch 4 times, most recently from a54ea92 to 078415b Compare December 2, 2024 12:32
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@Xhofleer @jeroenheijmans @GeorgeHarbers @joeystoffels