bitwarden/browser
1
0
Fork 0
mirror of https://github.com/bitwarden/browser synced 2025-12-10 13:23:34 +00:00
Code Issues Releases Wiki Activity

[PM-814] Breach Report Escape Characters (#16264)

Browse Source 
* encode username for uri and add spec

* verify response from getHibpBreach method

* test/validate for BreachAccountResponse type and length instead of mock response
This commit is contained in:
Alex
2025-09-08 10:23:29 -04:00
committed by GitHub
parent b93602b09e
commit 3bc3bef50b
2 changed files with 25 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
libs/common/src/services/api.service.spec.ts
View File

@@ -14,6 +14,7 @@ import {
VaultTimeoutSettingsService,
VaultTimeoutStringType,
} from "../key-management/vault-timeout";
import { BreachAccountResponse } from "../models/response/breach-account.response";
import { ErrorResponse } from "../models/response/error.response";
import { AppIdService } from "../platform/abstractions/app-id.service";
import { Environment, EnvironmentService } from "../platform/abstractions/environment.service";
@@ -411,4 +412,26 @@ describe("ApiService", () => {
).rejects.toMatchObject(error);
},
);
describe("getHibpBreach", () => {
it("should properly URL encode username with special characters", async () => {
const mockResponse = [{ name: "test" }];
const username = "connect#bwpm@simplelogin.co";
jest.spyOn(sut, "send").mockResolvedValue(mockResponse);
const result = await sut.getHibpBreach(username);
expect(sut.send).toHaveBeenCalledWith(
"GET",
"/hibp/breach?username=" + encodeURIComponent(username),
null,
true,
true,
);
expect(result).toBeInstanceOf(Array);
expect(result).toHaveLength(1);
expect(result[0]).toBeInstanceOf(BreachAccountResponse);
});
});
});

3
libs/common/src/services/api.service.ts
View File

@@ -1434,7 +1434,8 @@ export class ApiService implements ApiServiceAbstraction {
// HIBP APIs
async getHibpBreach(username: string): Promise<BreachAccountResponse[]> {
const r = await this.send("GET", "/hibp/breach?username=" + username, null, true, true);
const encodedUsername = encodeURIComponent(username);
const r = await this.send("GET", "/hibp/breach?username=" + encodedUsername, null, true, true);
return r.map((a: any) => new BreachAccountResponse(a));
}