[Auth] Fix parsing of code display when issuer/account contains speci…

…al character (#1795) ## Description ## Tests
ente-io · May 21, 2024 · d4b4007 · d4b4007
2 parents 4dbc8ab + 2daf5c8
commit d4b4007
Show file tree

Hide file tree

Showing 4 changed files with 31 additions and 9 deletions.
diff --git a/auth/lib/models/code.dart b/auth/lib/models/code.dart
@@ -125,7 +125,7 @@ class Code {
     final issuer = _getIssuer(uri);
 
     try {
-      return Code(
+      final code = Code(
         _getAccount(uri),
         issuer,
         _getDigits(uri, issuer),
@@ -137,6 +137,7 @@ class Code {
         rawData,
         display: CodeDisplay.fromUri(uri) ?? CodeDisplay(),
       );
+      return code;
     } catch (e) {
       // if account name contains # without encoding,
       // rest of the url are treated as url fragment
@@ -174,12 +175,11 @@ class Code {
   }
 
   String toOTPAuthUrlFormat() {
-    final uri = Uri.parse(rawData);
+    final uri = Uri.parse(rawData.replaceAll("#", '%23'));
     final query = {...uri.queryParameters};
     query["codeDisplay"] = jsonEncode(display.toJson());
 
     final newUri = uri.replace(queryParameters: query);
-
     return jsonEncode(newUri.toString());
   }
 

diff --git a/auth/lib/models/code_display.dart b/auth/lib/models/code_display.dart
@@ -1,6 +1,7 @@
 import 'dart:convert';
 
 import 'package:flutter/foundation.dart';
+import 'package:logging/logging.dart';
 
 /// Used to store the display settings of a code.
 class CodeDisplay {
@@ -54,13 +55,34 @@ class CodeDisplay {
     );
   }
 
-  static CodeDisplay? fromUri(Uri uri) {
+  /// Converts the [CodeDisplay] to a json object.
+  /// When [safeParsing] is true, the json will be parsed safely.
+  /// If we fail to parse the json, we will return an empty [CodeDisplay].
+  static CodeDisplay? fromUri(Uri uri, {bool safeParsing = false}) {
     if (!uri.queryParameters.containsKey("codeDisplay")) return null;
     final String codeDisplay =
         uri.queryParameters['codeDisplay']!.replaceAll('%2C', ',');
-    final decodedDisplay = jsonDecode(codeDisplay);
+    return _parseCodeDisplayJson(codeDisplay, safeParsing);
+  }
 
-    return CodeDisplay.fromJson(decodedDisplay);
+  static CodeDisplay _parseCodeDisplayJson(String json, bool safeParsing) {
+    try {
+      final decodedDisplay = jsonDecode(json);
+      return CodeDisplay.fromJson(decodedDisplay);
+    } catch (e, s) {
+      Logger("CodeDisplay")
+          .severe("Could not parse code display from json", e, s);
+      // (ng/prateek) Handle the case where we have fragment in the rawDataUrl
+      if (!json.endsWith("}") && json.contains("}#")) {
+        Logger("CodeDisplay").warning("ignoring code display as it's invalid");
+        return CodeDisplay();
+      }
+      if (safeParsing) {
+        return CodeDisplay();
+      } else {
+        rethrow;
+      }
+    }
   }
 
   Map<String, dynamic> toJson() {

diff --git a/auth/lib/store/code_store.dart b/auth/lib/store/code_store.dart
@@ -41,9 +41,9 @@ class CodeStore {
         } else {
           code = Code.fromExportJson(decodeJson);
         }
-      } catch (e) {
+      } catch (e, s) {
         code = Code.withError(e, entity.rawData);
-        _logger.severe("Could not parse code", code.err);
+        _logger.severe("Could not parse code", e, s);
       }
       code.generatedID = entity.generatedID;
       code.hasSynced = entity.hasSynced;

diff --git a/auth/pubspec.yaml b/auth/pubspec.yaml
@@ -1,6 +1,6 @@
 name: ente_auth
 description: ente two-factor authenticator
-version: 3.0.3+303
+version: 3.0.4+304
 publish_to: none
 
 environment: