From 2ce921245778a031d8a817193d6b20d32474c67c Mon Sep 17 00:00:00 2001
From: Manav Rathi <manav@mrmr.io>
Date: Fri, 24 May 2024 09:57:16 +0530
Subject: [PATCH] We encodeURIComponent the pathname

---
 web/apps/auth/src/services/code.ts | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/web/apps/auth/src/services/code.ts b/web/apps/auth/src/services/code.ts
index 835bb689dd..a43a3d4730 100644
--- a/web/apps/auth/src/services/code.ts
+++ b/web/apps/auth/src/services/code.ts
@@ -45,6 +45,8 @@ export interface Code {
  *
  * - (TOTP)
  *   otpauth://totp/ACME:user@example.org?algorithm=SHA1&digits=6&issuer=acme&period=30&secret=ALPHANUM
+ *
+ * See also `auth/test/models/code_test.dart`.
  */
 export const codeFromURIString = (id: string, uriString: string): Code => {
     const url = new URL(uriString);
@@ -70,7 +72,7 @@ const parseType = (url: URL): Code["type"] => {
 
 const parseAccount = (url: URL): string | undefined => {
     // "/ACME:user@example.org" => "user@example.org"
-    let p = url.pathname;
+    let p = decodeURIComponent(url.pathname);
     if (p.startsWith("/")) p = p.slice(1);
     if (p.includes(":")) p = p.split(":").slice(1).join(":");
     return p;
@@ -89,7 +91,7 @@ const parseIssuer = (url: URL): string => {
 
     // Otherwise use the `prefix:` from the account as the issuer.
     // "/ACME:user@example.org" => "ACME"
-    let p = url.pathname;
+    let p = decodeURIComponent(url.pathname);
     if (p.startsWith("/")) p = p.slice(1);
 
     if (p.includes(":")) p = p.split(":")[0];