From 82cab306fc5231bec0287677645146bd5ca503b3 Mon Sep 17 00:00:00 2001
From: Jon Koops <jonkoops@gmail.com>
Date: Wed, 5 Apr 2023 13:14:10 +0200
Subject: [PATCH] Encode dynamic parts of the URI for API calls in the Account
 Console (#19521)

---
 .../src/app/content/applications-page/ApplicationsPage.tsx    | 2 +-
 .../app/content/device-activity-page/DeviceActivityPage.tsx   | 2 +-
 .../src/app/content/my-resources-page/EditTheResource.tsx     | 2 +-
 .../src/app/content/my-resources-page/PermissionRequest.tsx   | 4 ++--
 .../src/app/content/my-resources-page/ResourcesTable.tsx      | 4 ++--
 .../src/app/content/my-resources-page/ShareTheResource.tsx    | 4 ++--
 .../account/src/app/content/signingin-page/SigningInPage.tsx  | 2 +-
 7 files changed, 10 insertions(+), 10 deletions(-)

diff --git a/themes/src/main/resources/theme/keycloak.v2/account/src/app/content/applications-page/ApplicationsPage.tsx b/themes/src/main/resources/theme/keycloak.v2/account/src/app/content/applications-page/ApplicationsPage.tsx
index 7c9f6f1069..569dcdad15 100644
--- a/themes/src/main/resources/theme/keycloak.v2/account/src/app/content/applications-page/ApplicationsPage.tsx
+++ b/themes/src/main/resources/theme/keycloak.v2/account/src/app/content/applications-page/ApplicationsPage.tsx
@@ -100,7 +100,7 @@ export class ApplicationsPage extends React.Component<ApplicationsPageProps, App
   }
 
   private removeConsent = (clientId: string) => {
-    this.context!.doDelete("/applications/" + clientId + "/consent")
+    this.context!.doDelete("/applications/" + encodeURIComponent(clientId) + "/consent")
       .then(() => {
         this.fetchApplications();
       });
diff --git a/themes/src/main/resources/theme/keycloak.v2/account/src/app/content/device-activity-page/DeviceActivityPage.tsx b/themes/src/main/resources/theme/keycloak.v2/account/src/app/content/device-activity-page/DeviceActivityPage.tsx
index 549802b18a..48be15e170 100644
--- a/themes/src/main/resources/theme/keycloak.v2/account/src/app/content/device-activity-page/DeviceActivityPage.tsx
+++ b/themes/src/main/resources/theme/keycloak.v2/account/src/app/content/device-activity-page/DeviceActivityPage.tsx
@@ -116,7 +116,7 @@ export class DeviceActivityPage extends React.Component<DeviceActivityPageProps,
     }
 
     private signOutSession = (device: Device, session: Session) => {
-      this.context!.doDelete("/sessions/" + session.id)
+      this.context!.doDelete("/sessions/" + encodeURIComponent(session.id))
           .then (() => {
             this.fetchDevices();
             ContentAlert.success('signedOutSession', [session.browser, device.os]);
diff --git a/themes/src/main/resources/theme/keycloak.v2/account/src/app/content/my-resources-page/EditTheResource.tsx b/themes/src/main/resources/theme/keycloak.v2/account/src/app/content/my-resources-page/EditTheResource.tsx
index a5259d104b..463c995770 100644
--- a/themes/src/main/resources/theme/keycloak.v2/account/src/app/content/my-resources-page/EditTheResource.tsx
+++ b/themes/src/main/resources/theme/keycloak.v2/account/src/app/content/my-resources-page/EditTheResource.tsx
@@ -81,7 +81,7 @@ export class EditTheResource extends React.Component<EditTheResourceProps, EditT
     }
 
     async savePermission(permission: Permission): Promise<void> {
-        await this.context!.doPut(`/resources/${this.props.resource._id}/permissions`, [permission]);
+        await this.context!.doPut(`/resources/${encodeURIComponent(this.props.resource._id)}/permissions`, [permission]);
         ContentAlert.success(Msg.localize('updateSuccess'));
     }
 
diff --git a/themes/src/main/resources/theme/keycloak.v2/account/src/app/content/my-resources-page/PermissionRequest.tsx b/themes/src/main/resources/theme/keycloak.v2/account/src/app/content/my-resources-page/PermissionRequest.tsx
index 4b8557c534..f61e648ebb 100644
--- a/themes/src/main/resources/theme/keycloak.v2/account/src/app/content/my-resources-page/PermissionRequest.tsx
+++ b/themes/src/main/resources/theme/keycloak.v2/account/src/app/content/my-resources-page/PermissionRequest.tsx
@@ -76,7 +76,7 @@ export class PermissionRequest extends React.Component<PermissionRequestProps, P
         const id = this.props.resource._id
         this.handleToggleDialog();
 
-        const permissionsRequest: HttpResponse<Permission[]> = await this.context!.doGet(`/resources/${id}/permissions`);
+        const permissionsRequest: HttpResponse<Permission[]> = await this.context!.doGet(`/resources/${encodeURIComponent(id)}/permissions`);
         const permissions = permissionsRequest.data || [];
         const foundPermission = permissions.find(p => p.username === username);
         const userScopes = foundPermission ? (foundPermission.scopes as Scope[]): [];
@@ -84,7 +84,7 @@ export class PermissionRequest extends React.Component<PermissionRequestProps, P
             userScopes.push(...scopes);
         }
         try {
-            await this.context!.doPut(`/resources/${id}/permissions`, [{ username: username, scopes: userScopes }] )
+            await this.context!.doPut(`/resources/${encodeURIComponent(id)}/permissions`, [{ username: username, scopes: userScopes }] )
             ContentAlert.success(Msg.localize('shareSuccess'));
             this.props.onClose();
         } catch (e) {
diff --git a/themes/src/main/resources/theme/keycloak.v2/account/src/app/content/my-resources-page/ResourcesTable.tsx b/themes/src/main/resources/theme/keycloak.v2/account/src/app/content/my-resources-page/ResourcesTable.tsx
index 0344ef8c71..00b4789052 100644
--- a/themes/src/main/resources/theme/keycloak.v2/account/src/app/content/my-resources-page/ResourcesTable.tsx
+++ b/themes/src/main/resources/theme/keycloak.v2/account/src/app/content/my-resources-page/ResourcesTable.tsx
@@ -91,7 +91,7 @@ export class ResourcesTable extends AbstractResourcesTable<CollapsibleResourcesT
     }
 
     private fetchPermissions(resource: Resource, row: number): void {
-        this.context!.doGet(`/resources/${resource._id}/permissions`)
+        this.context!.doGet(`/resources/${encodeURIComponent(resource._id)}/permissions`)
             .then((response: HttpResponse<Permission[]>) => {
                 const newPermissions: Map<number, Permission[]> = new Map(this.state.permissions);
                 newPermissions.set(row, response.data || []);
@@ -101,7 +101,7 @@ export class ResourcesTable extends AbstractResourcesTable<CollapsibleResourcesT
 
     private removeShare(resource: Resource, row: number): Promise<void> {
         const permissions = this.state.permissions.get(row)!.map(a => ({ username: a.username, scopes: [] }));
-        return this.context!.doPut(`/resources/${resource._id}/permissions`, permissions)
+        return this.context!.doPut(`/resources/${encodeURIComponent(resource._id)}/permissions`, permissions)
             .then(() => {
                 ContentAlert.success(Msg.localize('unShareSuccess'));
             });
diff --git a/themes/src/main/resources/theme/keycloak.v2/account/src/app/content/my-resources-page/ShareTheResource.tsx b/themes/src/main/resources/theme/keycloak.v2/account/src/app/content/my-resources-page/ShareTheResource.tsx
index b0cece9235..f01ae09bbd 100644
--- a/themes/src/main/resources/theme/keycloak.v2/account/src/app/content/my-resources-page/ShareTheResource.tsx
+++ b/themes/src/main/resources/theme/keycloak.v2/account/src/app/content/my-resources-page/ShareTheResource.tsx
@@ -99,7 +99,7 @@ export class ShareTheResource extends React.Component<ShareTheResourceProps, Sha
 
         this.handleToggleDialog();
 
-        this.context!.doPut(`/resources/${rscId}/permissions`, permissions)
+        this.context!.doPut(`/resources/${encodeURIComponent(rscId)}/permissions`, permissions)
             .then(() => {
                 ContentAlert.success('shareSuccess');
                 this.props.onClose();
@@ -122,7 +122,7 @@ export class ShareTheResource extends React.Component<ShareTheResourceProps, Sha
 
     private handleAddUsername = async () => {
         if ((this.state.usernameInput !== '') && (!this.state.usernames.includes(this.state.usernameInput))) {
-            const response = await this.context!.doGet<{username: string}>(`/resources/${this.props.resource._id}/user`, { params: { value: this.state.usernameInput } });
+            const response = await this.context!.doGet<{username: string}>(`/resources/${encodeURIComponent(this.props.resource._id)}/user`, { params: { value: this.state.usernameInput } });
             if (response.data && response.data.username) {
                 this.setState({ usernameInput: '', usernames: [...this.state.usernames, this.state.usernameInput] });
             } else {
diff --git a/themes/src/main/resources/theme/keycloak.v2/account/src/app/content/signingin-page/SigningInPage.tsx b/themes/src/main/resources/theme/keycloak.v2/account/src/app/content/signingin-page/SigningInPage.tsx
index 95945c902e..6ba14d2836 100644
--- a/themes/src/main/resources/theme/keycloak.v2/account/src/app/content/signingin-page/SigningInPage.tsx
+++ b/themes/src/main/resources/theme/keycloak.v2/account/src/app/content/signingin-page/SigningInPage.tsx
@@ -147,7 +147,7 @@ class SigningInPage extends React.Component<
     }
 
     private handleRemove = (credentialId: string, userLabel: string) => {
-        this.context!.doDelete("/credentials/" + credentialId).then(() => {
+        this.context!.doDelete("/credentials/" + encodeURIComponent(credentialId)).then(() => {
             this.getCredentialContainers();
             ContentAlert.success("successRemovedMessage", [userLabel]);
         });