Encode dynamic parts of the URI for API calls in the Account Console (#19521)

2023-04-05 13:14:10 +02:00 · 2023-04-05 13:14:10 +02:00 · 82cab306fc
commit 82cab306fc
parent d540f449f0
7 changed files with 10 additions and 10 deletions
--- a/themes/src/main/resources/theme/keycloak.v2/account/src/app/content/applications-page/ApplicationsPage.tsx
+++ b/themes/src/main/resources/theme/keycloak.v2/account/src/app/content/applications-page/ApplicationsPage.tsx
@ -100,7 +100,7 @@ export class ApplicationsPage extends React.Component<ApplicationsPageProps, App
  }

  private removeConsent = (clientId: string) => {
-    this.context!.doDelete("/applications/" + clientId + "/consent")
+    this.context!.doDelete("/applications/" + encodeURIComponent(clientId) + "/consent")
      .then(() => {
        this.fetchApplications();
      });
--- a/themes/src/main/resources/theme/keycloak.v2/account/src/app/content/device-activity-page/DeviceActivityPage.tsx
+++ b/themes/src/main/resources/theme/keycloak.v2/account/src/app/content/device-activity-page/DeviceActivityPage.tsx
@ -116,7 +116,7 @@ export class DeviceActivityPage extends React.Component<DeviceActivityPageProps,
    }

    private signOutSession = (device: Device, session: Session) => {
-      this.context!.doDelete("/sessions/" + session.id)
+      this.context!.doDelete("/sessions/" + encodeURIComponent(session.id))
          .then (() => {
            this.fetchDevices();
            ContentAlert.success('signedOutSession', [session.browser, device.os]);
--- a/themes/src/main/resources/theme/keycloak.v2/account/src/app/content/my-resources-page/EditTheResource.tsx
+++ b/themes/src/main/resources/theme/keycloak.v2/account/src/app/content/my-resources-page/EditTheResource.tsx
@ -81,7 +81,7 @@ export class EditTheResource extends React.Component<EditTheResourceProps, EditT
    }

    async savePermission(permission: Permission): Promise<void> {
-        await this.context!.doPut(`/resources/${this.props.resource._id}/permissions`, [permission]);
+        await this.context!.doPut(`/resources/${encodeURIComponent(this.props.resource._id)}/permissions`, [permission]);
        ContentAlert.success(Msg.localize('updateSuccess'));
    }

--- a/themes/src/main/resources/theme/keycloak.v2/account/src/app/content/my-resources-page/PermissionRequest.tsx
+++ b/themes/src/main/resources/theme/keycloak.v2/account/src/app/content/my-resources-page/PermissionRequest.tsx
@ -76,7 +76,7 @@ export class PermissionRequest extends React.Component<PermissionRequestProps, P
        const id = this.props.resource._id
        this.handleToggleDialog();

-        const permissionsRequest: HttpResponse<Permission[]> = await this.context!.doGet(`/resources/${id}/permissions`);
+        const permissionsRequest: HttpResponse<Permission[]> = await this.context!.doGet(`/resources/${encodeURIComponent(id)}/permissions`);
        const permissions = permissionsRequest.data || [];
        const foundPermission = permissions.find(p => p.username === username);
        const userScopes = foundPermission ? (foundPermission.scopes as Scope[]): [];
@ -84,7 +84,7 @@ export class PermissionRequest extends React.Component<PermissionRequestProps, P
            userScopes.push(...scopes);
        }
        try {
-            await this.context!.doPut(`/resources/${id}/permissions`, [{ username: username, scopes: userScopes }] )
+            await this.context!.doPut(`/resources/${encodeURIComponent(id)}/permissions`, [{ username: username, scopes: userScopes }] )
            ContentAlert.success(Msg.localize('shareSuccess'));
            this.props.onClose();
        } catch (e) {
--- a/themes/src/main/resources/theme/keycloak.v2/account/src/app/content/my-resources-page/ResourcesTable.tsx
+++ b/themes/src/main/resources/theme/keycloak.v2/account/src/app/content/my-resources-page/ResourcesTable.tsx
@ -91,7 +91,7 @@ export class ResourcesTable extends AbstractResourcesTable<CollapsibleResourcesT
    }

    private fetchPermissions(resource: Resource, row: number): void {
-        this.context!.doGet(`/resources/${resource._id}/permissions`)
+        this.context!.doGet(`/resources/${encodeURIComponent(resource._id)}/permissions`)
            .then((response: HttpResponse<Permission[]>) => {
                const newPermissions: Map<number, Permission[]> = new Map(this.state.permissions);
                newPermissions.set(row, response.data || []);
@ -101,7 +101,7 @@ export class ResourcesTable extends AbstractResourcesTable<CollapsibleResourcesT

    private removeShare(resource: Resource, row: number): Promise<void> {
        const permissions = this.state.permissions.get(row)!.map(a => ({ username: a.username, scopes: [] }));
-        return this.context!.doPut(`/resources/${resource._id}/permissions`, permissions)
+        return this.context!.doPut(`/resources/${encodeURIComponent(resource._id)}/permissions`, permissions)
            .then(() => {
                ContentAlert.success(Msg.localize('unShareSuccess'));
            });
--- a/themes/src/main/resources/theme/keycloak.v2/account/src/app/content/my-resources-page/ShareTheResource.tsx
+++ b/themes/src/main/resources/theme/keycloak.v2/account/src/app/content/my-resources-page/ShareTheResource.tsx
@ -99,7 +99,7 @@ export class ShareTheResource extends React.Component<ShareTheResourceProps, Sha

        this.handleToggleDialog();

-        this.context!.doPut(`/resources/${rscId}/permissions`, permissions)
+        this.context!.doPut(`/resources/${encodeURIComponent(rscId)}/permissions`, permissions)
            .then(() => {
                ContentAlert.success('shareSuccess');
                this.props.onClose();
@ -122,7 +122,7 @@ export class ShareTheResource extends React.Component<ShareTheResourceProps, Sha

    private handleAddUsername = async () => {
        if ((this.state.usernameInput !== '') && (!this.state.usernames.includes(this.state.usernameInput))) {
-            const response = await this.context!.doGet<{username: string}>(`/resources/${this.props.resource._id}/user`, { params: { value: this.state.usernameInput } });
+            const response = await this.context!.doGet<{username: string}>(`/resources/${encodeURIComponent(this.props.resource._id)}/user`, { params: { value: this.state.usernameInput } });
            if (response.data && response.data.username) {
                this.setState({ usernameInput: '', usernames: [...this.state.usernames, this.state.usernameInput] });
            } else {
--- a/themes/src/main/resources/theme/keycloak.v2/account/src/app/content/signingin-page/SigningInPage.tsx
+++ b/themes/src/main/resources/theme/keycloak.v2/account/src/app/content/signingin-page/SigningInPage.tsx
@ -147,7 +147,7 @@ class SigningInPage extends React.Component<
    }

    private handleRemove = (credentialId: string, userLabel: string) => {
-        this.context!.doDelete("/credentials/" + credentialId).then(() => {
+        this.context!.doDelete("/credentials/" + encodeURIComponent(credentialId)).then(() => {
            this.getCredentialContainers();
            ContentAlert.success("successRemovedMessage", [userLabel]);
        });