[Auth] Fix parsing of code display when issuer/account contains special character (#1795)

## Description ## Tests
2024-05-21 14:48:12 +05:30 · 2024-05-21 14:48:12 +05:30 · d4b4007d96
commit d4b4007d96
parent 4dbc8ab31e 2daf5c8fde
4 changed files with 31 additions and 9 deletions
--- a/auth/lib/models/code.dart
+++ b/auth/lib/models/code.dart
@ -125,7 +125,7 @@ class Code {
    final issuer = _getIssuer(uri);

    try {
-      return Code(
+      final code = Code(
        _getAccount(uri),
        issuer,
        _getDigits(uri, issuer),
@ -137,6 +137,7 @@ class Code {
        rawData,
        display: CodeDisplay.fromUri(uri) ?? CodeDisplay(),
      );
+      return code;
    } catch (e) {
      // if account name contains # without encoding,
      // rest of the url are treated as url fragment
@ -174,12 +175,11 @@ class Code {
  }

  String toOTPAuthUrlFormat() {
-    final uri = Uri.parse(rawData);
+    final uri = Uri.parse(rawData.replaceAll("#", '%23'));
    final query = {...uri.queryParameters};
    query["codeDisplay"] = jsonEncode(display.toJson());

    final newUri = uri.replace(queryParameters: query);
-
    return jsonEncode(newUri.toString());
  }

--- a/auth/lib/models/code_display.dart
+++ b/auth/lib/models/code_display.dart
@ -1,6 +1,7 @@
 import 'dart:convert';

 import 'package:flutter/foundation.dart';
+import 'package:logging/logging.dart';

 /// Used to store the display settings of a code.
 class CodeDisplay {
@ -54,13 +55,34 @@ class CodeDisplay {
    );
  }

-  static CodeDisplay? fromUri(Uri uri) {
+  /// Converts the [CodeDisplay] to a json object.
+  /// When [safeParsing] is true, the json will be parsed safely.
+  /// If we fail to parse the json, we will return an empty [CodeDisplay].
+  static CodeDisplay? fromUri(Uri uri, {bool safeParsing = false}) {
    if (!uri.queryParameters.containsKey("codeDisplay")) return null;
    final String codeDisplay =
        uri.queryParameters['codeDisplay']!.replaceAll('%2C', ',');
-    final decodedDisplay = jsonDecode(codeDisplay);
+    return _parseCodeDisplayJson(codeDisplay, safeParsing);
+  }

-    return CodeDisplay.fromJson(decodedDisplay);
+  static CodeDisplay _parseCodeDisplayJson(String json, bool safeParsing) {
+    try {
+      final decodedDisplay = jsonDecode(json);
+      return CodeDisplay.fromJson(decodedDisplay);
+    } catch (e, s) {
+      Logger("CodeDisplay")
+          .severe("Could not parse code display from json", e, s);
+      // (ng/prateek) Handle the case where we have fragment in the rawDataUrl
+      if (!json.endsWith("}") && json.contains("}#")) {
+        Logger("CodeDisplay").warning("ignoring code display as it's invalid");
+        return CodeDisplay();
+      }
+      if (safeParsing) {
+        return CodeDisplay();
+      } else {
+        rethrow;
+      }
+    }
  }

  Map<String, dynamic> toJson() {
--- a/auth/lib/store/code_store.dart
+++ b/auth/lib/store/code_store.dart
@ -41,9 +41,9 @@ class CodeStore {
        } else {
          code = Code.fromExportJson(decodeJson);
        }
-      } catch (e) {
+      } catch (e, s) {
        code = Code.withError(e, entity.rawData);
-        _logger.severe("Could not parse code", code.err);
+        _logger.severe("Could not parse code", e, s);
      }
      code.generatedID = entity.generatedID;
      code.hasSynced = entity.hasSynced;
--- a/auth/pubspec.yaml
+++ b/auth/pubspec.yaml
@ -1,6 +1,6 @@
 name: ente_auth
 description: ente two-factor authenticator
-version: 3.0.3+303
+version: 3.0.4+304
 publish_to: none

 environment: