Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

WEB UI fails to list secrets when the path contains a % character #11616

Closed
AjmalH-G opened this issue May 16, 2021 · 1 comment · Fixed by #20430
Closed

WEB UI fails to list secrets when the path contains a % character #11616

AjmalH-G opened this issue May 16, 2021 · 1 comment · Fixed by #20430
Labels
bug Used to indicate a potential bug good-first-issue ui

Comments

@AjmalH-G
Copy link

Describe the bug
the web UI fails to list secrets when a component of the path contains a % character

To Reproduce

  1. Create a secret with a % character on the title, whether web UI or CLI. eg. 'Test %1'
  2. Login on ther web UI
  3. Select Secret 'Test %1' from the list
  4. Got 404 error

I've noticed the URL is well encoded :
http://localhost:8200/ui/vault/secrets/secret/show/Test %251

Expected behavior

The secret is correctly shown in the web UI.

Environment:

  • Vault Server Version: 1.7.1
  • Vault CLI Version: 1.7.1
  • Server Operating System/Architecture: CentOS 8

Additional context
The secert is displayed via CLI.
The secret is listed : http://localhost:8200/ui/vault/secrets/secret/list
@vishalnayak vishalnayak added bug Used to indicate a potential bug ui good-first-issue labels Jun 3, 2021
@balent
Copy link
Contributor

balent commented Jul 3, 2021
edited

This is caused by normalizePath() from route-recognizer package which will not revert escaped % character. This causes the % character to be escaped for the 2nd time later in the code. Should we just use the decodeURIComponent() instead?

See:

vault/ui/app/routes/vault/cluster/secrets/backend/secret-edit.js

Line 14 in de13b64

return secret ? normalizePath(secret) : '';

vault/ui/app/utils/path-encoding-helpers.js

Line 16 in de13b64

export { normalizePath, encodePathSegment };

hashishaw added a commit that referenced this issue Apr 28, 2023
@hashishaw
Use encode/decode uri component instead of route-recognizer. Fixes #1…
f6f61fb 
…1616
@hashishaw hashishaw mentioned this issue Apr 28, 2023
Merged
hashishaw added a commit that referenced this issue May 1, 2023
@hashishaw
UI: fix secret with % in path (#20430)
5e45d5c 
* Use encode/decode uri component instead of route-recognizer. Fixes #11616

* Remove route-recognizer explicit dependency

* Add changelog
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Used to indicate a potential bug good-first-issue ui
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

UI: fix secret with % in path hashicorp/vault
3 participants
@balent @vishalnayak @AjmalH-G