From a3251394e1882b3db041cd0f207bf92db81af810 Mon Sep 17 00:00:00 2001 From: Jessica Lawshe <5312836+lawshe@users.noreply.github.com> Date: Mon, 30 Oct 2023 08:52:12 -0500 Subject: [PATCH] Merge pull request #15473 from overleaf/jel-remove-encoded-hash [web] Remove encoded hashtag when checking token hash prefix GitOrigin-RevId: 2b9c369beceb7897d0f6f165b4c3a70b79c14469 --- .../Features/TokenAccess/TokenAccessHandler.js | 2 +- .../src/TokenAccess/TokenAccessHandlerTests.js | 18 ++++++++++++++++++ 2 files changed, 19 insertions(+), 1 deletion(-) diff --git a/services/web/app/src/Features/TokenAccess/TokenAccessHandler.js b/services/web/app/src/Features/TokenAccess/TokenAccessHandler.js index 705fa21312..234d3e836a 100644 --- a/services/web/app/src/Features/TokenAccess/TokenAccessHandler.js +++ b/services/web/app/src/Features/TokenAccess/TokenAccessHandler.js @@ -291,7 +291,7 @@ const TokenAccessHandler = { let hashPrefixStatus if (tokenHashPrefix) { - tokenHashPrefix = tokenHashPrefix.replace('#', '') + tokenHashPrefix = tokenHashPrefix.replace('#', '').replace('%23', '') } if (!tokenHashPrefix) { diff --git a/services/web/test/unit/src/TokenAccess/TokenAccessHandlerTests.js b/services/web/test/unit/src/TokenAccess/TokenAccessHandlerTests.js index ad9633b874..3d8d681a18 100644 --- a/services/web/test/unit/src/TokenAccess/TokenAccessHandlerTests.js +++ b/services/web/test/unit/src/TokenAccess/TokenAccessHandlerTests.js @@ -719,5 +719,23 @@ describe('TokenAccessHandler', function () { } ) }) + it('it handles encoded hashtags', function () { + const token = 'zxpxjrwdtsgd' + const prefix = this.TokenAccessHandler.createTokenHashPrefix(token) + + this.TokenAccessHandler.checkTokenHashPrefix( + token, + `%23${prefix}`, + 'readOnly' + ) + + expect(this.Metrics.inc).to.have.been.calledWith( + 'link-sharing.hash-check', + { + path: 'readOnly', + status: 'match', + } + ) + }) }) })