Encode URLs before saving them to the database

Otherwise the notifications will fail with URI::InvalidURIError: bad URI(is not URI?) ``` irb(main):009:0> CASino::ServiceTicket.where('service like "%test%"').first.service CASino::ServiceTicket Load (0.2ms) SELECT `casino_service_tickets`.* FROM `casino_service_tickets` WHERE (service like "%test%") LIMIT 1 => "https://example.org/This is a test/dscn0115.jpg" irb(main):013:0> CASino::ServiceTicket.where('service like "%test%"').first.send(:send_single_sign_out_notification) CASino::ServiceTicket Load (0.4ms) SELECT `casino_service_tickets`.* FROM `casino_service_tickets` WHERE (service like "%test%") LIMIT 1 URI::InvalidURIError: bad URI(is not URI?): https://example.org/This is a test/dscn0115.jpg from /usr/lib/ruby/1.9.1/uri/generic.rb:1202:in `rescue in merge' from /usr/lib/ruby/1.9.1/uri/generic.rb:1199:in `merge' from /home/www-data/sso/shared/bundle/ruby/1.9.1/gems/faraday-0.8.8/lib/faraday/connection.rb:303:in `build_exclusive_url' from /home/www-data/sso/shared/bundle/ruby/1.9.1/gems/faraday-0.8.8/lib/faraday/request.rb:94:in `to_env' from /home/www-data/sso/shared/bundle/ruby/1.9.1/gems/faraday-0.8.8/lib/faraday/connection.rb:252:in `run_request' from /home/www-data/sso/shared/bundle/ruby/1.9.1/gems/faraday-0.8.8/lib/faraday/connection.rb:118:in `post' from /home/www-data/sso/shared/bundle/ruby/1.9.1/gems/faraday-0.8.8/lib/faraday.rb:24:in `method_missing' from /home/www-data/sso/shared/bundle/ruby/1.9.1/gems/casino-2.0.2/app/models/casino/service_ticket/single_sign_out_notifier.rb:30:in `send_notification' from /home/www-data/sso/shared/bundle/ruby/1.9.1/gems/casino-2.0.2/app/models/casino/service_ticket/single_sign_out_notifier.rb:10:in `notify' from /home/www-data/sso/shared/bundle/ruby/1.9.1/gems/casino-2.0.2/app/models/casino/service_ticket.rb:40:in `send_single_sign_out_notification' from (irb):13 from /home/www-data/sso/shared/bundle/ruby/1.9.1/gems/railties-3.2.17/lib/rails/commands/console.rb:47:in `start' from /home/www-data/sso/shared/bundle/ruby/1.9.1/gems/railties-3.2.17/lib/rails/commands/console.rb:8:in `start' from /home/www-data/sso/shared/bundle/ruby/1.9.1/gems/railties-3.2.17/lib/rails/commands.rb:41:in `<top (required)>' from script/rails:6:in `require' from script/rails:6:in `<main>' ```
rbCAS · Mar 10, 2014 · cfc157f · cfc157f
1 parent 6f7ab94
commit cfc157f
Show file tree

Hide file tree

Showing 3 changed files with 25 additions and 4 deletions.
diff --git a/app/models/casino/service_ticket.rb b/app/models/casino/service_ticket.rb
@@ -19,6 +19,13 @@ def self.cleanup_consumed_hard
     self.delete_all(['created_at < ? AND consumed = ?', (CASino.config.service_ticket[:lifetime_consumed].seconds * 2).ago, true])
   end
 
+
+  def service=(value)
+    value = Addressable::URI.encode(value)
+    super(value)
+  end
+
+
   def service_with_ticket_url
     service_uri = Addressable::URI.parse(self.service)
     service_uri.query_values = (service_uri.query_values(Array) || []) << ['ticket', self.ticket]

diff --git a/spec/model/service_ticket_spec.rb b/spec/model/service_ticket_spec.rb
@@ -1,3 +1,5 @@
+# encoding: utf-8
+
 require 'spec_helper'
 
 describe CASino::ServiceTicket do
@@ -116,9 +118,21 @@
   end
 
   describe '#service_with_ticket_url' do
-    it 'does not escape the url from the database' do
-      unconsumed_ticket.service = 'https://host.example.org/test.php?t=other&other=testing'
-      unconsumed_ticket.service_with_ticket_url.should eq('https://host.example.org/test.php?t=other&other=testing&ticket=ST-12345')
+    it 'appends the service ticket id to the querystring' do
+      unconsumed_ticket.service = 'https://host.example.org/test.php?iam=testing'
+      unconsumed_ticket.service_with_ticket_url.should eq('https://host.example.org/test.php?iam=testing&ticket=ST-12345')
+    end
+  end
+
+  describe '#service=' do
+    it 'encodes the url before writing to the database' do
+      unconsumed_ticket.service = 'https://example.org/this is a test/jö.png'
+      unconsumed_ticket.service.should eq('https://example.org/this%20is%20a%20test/j%C3%B6.png')
+    end
+
+    it 'does not encode the querystring symbols (&?=) before writing to the database' do
+      unconsumed_ticket.service = 'https://example.org/test.php?t=other&other=testing'
+      unconsumed_ticket.service.should eq('https://example.org/test.php?t=other&other=testing')
     end
   end
 end
diff --git a/spec/processor/processor_concern/service_tickets_spec.rb b/spec/processor/processor_concern/service_tickets_spec.rb
@@ -46,4 +46,4 @@
       end
     end
   end
-end
+end