encode uri

JohannesDoberer · Mar 30, 2020 · cd05b2e · cd05b2e
1 parent 45c6f7d
commit cd05b2e
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 5 deletions.
diff --git a/plugins/auth/public/auth-oauth2/callback.html b/plugins/auth/public/auth-oauth2/callback.html
@@ -87,7 +87,7 @@
           var decodedState = atob(
             decodeURIComponent(hashParams['state'])
           ).split('_luigiNonce=');
-          var appState = decodedState[0] || '';
+          var appState = decodeURI(decodedState[0]) || '';
           var nonce = decodedState[1];
 
           if (nonce !== sessionStorage.getItem('luigi.nonceValue')) {

diff --git a/plugins/auth/src/auth-oauth2/index.js b/plugins/auth/src/auth-oauth2/index.js
@@ -75,11 +75,9 @@ export default class oAuth2ImplicitGrant {
       settings.oAuthData.redirect_uri = `${Helpers.prependOrigin(
         settings.oAuthData.redirect_uri
       )}?storageType=${Luigi.auth().store.getStorageType()}`;
-      const nonceSegment = '_luigiNonce=' + generatedNonce;
-      const encodedNonceUrl = encodeURIComponent(
-        window.location.href + nonceSegment
+      settings.oAuthData.state = btoa(
+        encodeURI(window.location.href) + '_luigiNonce=' + generatedNonce
       );
-      settings.oAuthData.state = btoa(decodeURIComponent(encodedNonceUrl));
 
       for (const name in settings.oAuthData) {
         const node = createInputElement(name, settings.oAuthData[name]);