backends: Fix URL encoding in redirect_deactivated_user_to_login.

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2025-11-01 20:44:04 +00:00 · 2021-10-13 16:56:37 -07:00
parent cab0f9c219
commit cf7e8e3947
2 changed files with 11 additions and 5 deletions
--- a/zerver/tests/test_auth_backends.py
+++ b/zerver/tests/test_auth_backends.py
@@ -9,6 +9,7 @@ import urllib
 from contextlib import contextmanager
 from typing import Any, Callable, Dict, Iterator, List, Mapping, Optional, Sequence, Tuple, Type
 from unittest import mock
+from urllib.parse import urlencode

 import jwt
 import ldap
@@ -170,7 +171,8 @@ class AuthBackendTest(ZulipTestCase):
            self.assertEqual(result.status_code, 302)
            self.assertEqual(
                result.url,
-                f"{user_profile.realm.uri}/login/?is_deactivated={user_profile.delivery_email}",
+                f"{user_profile.realm.uri}/login/?"
+                + urlencode({"is_deactivated": user_profile.delivery_email}),
            )
        else:
            # Just takes you back to the login page treating as
@@ -905,7 +907,7 @@ class SocialAuthBase(DesktopFlowTestingLib, ZulipTestCase):
        params["next"] = next
        params["multiuse_object_key"] = multiuse_object_key
        if len(params) > 0:
-            url += f"?{urllib.parse.urlencode(params)}"
+            url += f"?{urlencode(params)}"
        if user_agent is not None:
            headers["HTTP_USER_AGENT"] = user_agent

@@ -1119,7 +1121,8 @@ class SocialAuthBase(DesktopFlowTestingLib, ZulipTestCase):
            self.assertEqual(result.status_code, 302)
            self.assertEqual(
                result.url,
-                f"{user_profile.realm.uri}/login/?is_deactivated={user_profile.delivery_email}",
+                f"{user_profile.realm.uri}/login/?"
+                + urlencode({"is_deactivated": user_profile.delivery_email}),
            )
        self.assertEqual(
            m.output,
@@ -2888,7 +2891,7 @@ class AppleAuthBackendNativeFlowTest(AppleAuthMixin, SocialAuthBase):

        params["user"] = json.dumps(account_data_dict)

-        url += f"&{urllib.parse.urlencode(params)}"
+        url += f"&{urlencode(params)}"
        return url, headers

    def social_auth_test(
--- a/zproject/backends.py
+++ b/zproject/backends.py
@@ -17,6 +17,7 @@ import json
 import logging
 from abc import ABC, abstractmethod
 from typing import Any, Callable, Dict, List, Optional, Set, Tuple, Type, TypeVar, Union, cast
+from urllib.parse import urlencode

 import magic
 import orjson
@@ -1428,7 +1429,9 @@ def redirect_deactivated_user_to_login(realm: Realm, email: str) -> HttpResponse
    # Specifying the template name makes sure that the user is not redirected to dev_login in case of
    # a deactivated account on a test server.
    login_url = reverse("login_page", kwargs={"template_name": "zerver/login.html"})
-    redirect_url = add_query_to_redirect_url(realm.uri + login_url, f"is_deactivated={email}")
+    redirect_url = add_query_to_redirect_url(
+        realm.uri + login_url, urlencode({"is_deactivated": email})
+    )
    return HttpResponseRedirect(redirect_url)