From 165039d3a1ce2207fd861665a9443aac24845d2e Mon Sep 17 00:00:00 2001
From: Ryan Barrett <git@ryanb.org>
Date: Mon, 8 Mar 2021 10:01:10 -0800
Subject: [PATCH] web demo UI: url-encode all parts of path

fixes https://console.cloud.google.com/errors/CLmUnOPr05b83gE
---
 app.py      |  6 +++---
 test_app.py | 28 ++++++++++++++++++++++++++++
 2 files changed, 31 insertions(+), 3 deletions(-)

diff --git a/app.py b/app.py
index bb16aa2c..1e1f508c 100644
--- a/app.py
+++ b/app.py
@@ -155,9 +155,9 @@ def get(self):
       'search_query': search_query,
     })
 
-    return self.redirect('/%s/%s/%s/@app/%s?%s' % (
-      site, urllib.parse.quote_plus(user), group, activity_id,
-      urllib.parse.urlencode(params)))
+    path = '/'.join(urllib.parse.quote_plus(part, safe='@')
+                    for part in (site, user, group, '@app', activity_id))
+    return self.redirect(f'/{path}?{urllib.parse.urlencode(params)}')
 
 
 class UrlHandler(api.Handler):
diff --git a/test_app.py b/test_app.py
index 56955da0..3cade7a5 100644
--- a/test_app.py
+++ b/test_app.py
@@ -728,3 +728,31 @@ def test_url_head_bad_output(self):
     self.assert_equals(400, resp.status_int)
     self.assert_equals('', resp.text)
 
+  def test_demo(self):
+    resp = app.application.get_response(
+      '/demo?site=sayt&user_id=me&group_id=@groop&activity_id=123')
+    self.assert_equals(302, resp.status_int, resp.text)
+    self.assert_equals('http://localhost/sayt/me/@groop/@app/123?site=sayt&user_id=me&group_id=%40groop&activity_id=123&plaintext=true&cache=false&search_query=',
+                       resp.headers['Location'])
+
+  def test_demo_search(self):
+    resp = app.application.get_response(
+      '/demo?site=sayt&user_id=me&group_id=@search&search_query=foo')
+    self.assert_equals(302, resp.status_int, resp.text)
+    self.assert_equals('http://localhost/sayt/me/@search/@app/?site=sayt&user_id=me&group_id=%40search&search_query=foo&plaintext=true&cache=false',
+                       resp.headers['Location'])
+
+  def test_demo_list(self):
+    resp = app.application.get_response(
+      '/demo?site=sayt&user_id=me&group_id=@list&list=ly%E2%98%95zt')
+    self.assert_equals(302, resp.status_int, resp.text)
+    self.assert_equals('http://localhost/sayt/me/ly%E2%98%95zt/@app/?site=sayt&user_id=me&group_id=%40list&list=ly%E2%98%95zt&plaintext=true&cache=false&search_query=',
+                       resp.headers['Location'])
+
+  def test_demo_non_ascii_params(self):
+    # %E2%98%95 is ☕
+    resp = app.application.get_response(
+      '/demo?site=%E2%98%95&user_id=%E2%98%95&group_id=%E2%98%95&activity_id=%E2%98%95&search_query=%E2%98%95&format=%E2%98%95')
+    self.assert_equals(302, resp.status_int, resp.text)
+    self.assert_equals('http://localhost/%E2%98%95/%E2%98%95/%E2%98%95/@app/%E2%98%95?site=%E2%98%95&user_id=%E2%98%95&group_id=%E2%98%95&activity_id=%E2%98%95&search_query=&format=%E2%98%95&plaintext=true&cache=false',
+                       resp.headers['Location'])