From 1ee216cb7d508b0e5c3ff64ce94cafe834240c0a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andre=CC=81=20Bispo?= Date: Fri, 19 Jul 2024 12:28:18 +0100 Subject: [PATCH] [PM-6702] Sanitize AppLink Uri by removing the fragment char --- .../data/auth/util/CompleteRegistrationDataUtils.kt | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/app/src/main/java/com/x8bit/bitwarden/data/auth/util/CompleteRegistrationDataUtils.kt b/app/src/main/java/com/x8bit/bitwarden/data/auth/util/CompleteRegistrationDataUtils.kt index 600949abe2..03e886eeda 100644 --- a/app/src/main/java/com/x8bit/bitwarden/data/auth/util/CompleteRegistrationDataUtils.kt +++ b/app/src/main/java/com/x8bit/bitwarden/data/auth/util/CompleteRegistrationDataUtils.kt @@ -1,6 +1,7 @@ package com.x8bit.bitwarden.data.auth.util import android.content.Intent +import android.net.Uri import com.x8bit.bitwarden.data.platform.manager.model.CompleteRegistrationData import com.x8bit.bitwarden.data.platform.repository.model.Environment @@ -9,10 +10,10 @@ import com.x8bit.bitwarden.data.platform.repository.model.Environment * The [CompleteRegistrationData] will be returned when present. */ fun Intent.getCompleteRegistrationDataIntentOrNull(): CompleteRegistrationData? { - val uri = data ?: return null + val sanitizedUriString = data.toString().replace("/#/","/") + val uri = runCatching { Uri.parse(sanitizedUriString) }.getOrNull() ?: return null val host = uri.host ?: return null - if (!host.contains("bitwarden.eu") && !host.contains("bitwarden.com")) return null - if (uri.path != "finish-signup") return null + if (uri.path != "/finish-signup") return null val email = uri?.getQueryParameter("email") ?: return null val verificationToken = uri.getQueryParameter("token") ?: return null val fromEmail = uri.getBooleanQueryParameter("fromEmail", true)