From 54ac963bcd7851f9b0f102752ac740a5d9be5ac2 Mon Sep 17 00:00:00 2001 From: Marshall Bowers Date: Sun, 1 Sep 2024 09:53:34 -0400 Subject: [PATCH] client: Ensure query string values are URL-encoded (#17235) This PR fixes an issue where the query string values weren't URL-encoded when authenticating as an admin in development. Release Notes: - N/A --- crates/client/src/client.rs | 28 ++++++++++++++++++++++------ 1 file changed, 22 insertions(+), 6 deletions(-) diff --git a/crates/client/src/client.rs b/crates/client/src/client.rs index 3a0f83bc1c..9d7fe7545e 100644 --- a/crates/client/src/client.rs +++ b/crates/client/src/client.rs @@ -1456,16 +1456,32 @@ impl Client { user }; + let query_params = [ + ("github_login", &github_user.login), + ("github_user_id", &github_user.id.to_string()), + ( + "github_user_created_at", + &github_user.created_at.to_rfc3339(), + ), + ]; + // Use the collab server's admin API to retrieve the ID // of the impersonated user. let mut url = self.rpc_url(http.clone(), None).await?; url.set_path("/user"); - url.set_query(Some(&format!( - "github_login={login}&github_user_id={id}&github_user_created_at={created_at}", - login = github_user.login, - id = github_user.id, - created_at = github_user.created_at.to_rfc3339() - ))); + url.set_query(Some( + &query_params + .iter() + .map(|(key, value)| { + format!( + "{}={}", + key, + url::form_urlencoded::byte_serialize(value.as_bytes()).collect::() + ) + }) + .collect::>() + .join("&"), + )); let request: http_client::Request = Request::get(url.as_str()) .header("Authorization", format!("token {api_token}")) .body("".into())?;