Encode single quoptes in usernamesbackport/854/stable-2.10

Signed-off-by: Álvaro Brey Vilas <alvaro.brey@nextcloud.com>

4 files changed, 58 insertions, 14 deletions

diff --git a/library/src/androidTest/java/com/owncloud/android/lib/common/OwnCloudClientTest.kt b/library/src/androidTest/java/com/owncloud/android/lib/common/OwnCloudClientTest.kt
index 4786ecc0..5daa7f10 100644
--- a/library/src/androidTest/java/com/owncloud/android/lib/common/OwnCloudClientTest.kt
+++ b/library/src/androidTest/java/com/owncloud/android/lib/common/OwnCloudClientTest.kt
@@ -66,13 +66,15 @@ class OwnCloudClientTest : AbstractIT() {
         val credentials = basic("user", "password")
         val nextcloudClient = NextcloudClient(url, "user", credentials, context)
 
-        val testList = ArrayList<Pair<String, String>>()
-        testList.add(Pair("test@test.de", "test@test.de"))
-        testList.add(Pair("Test User", "Test%20User"))
-        testList.add(Pair("test", "test"))
-        testList.add(Pair("test+test@test.localhost", "test+test@test.localhost"))
-        testList.add(Pair("test - ab4c", "test%20-%20ab4c"))
-        testList.add(Pair("test.-&51_+-?@test.localhost", "test.-%2651_+-%3F@test.localhost"))
+        val testList = listOf(
+            Pair("test@test.de", "test@test.de"),
+            Pair("Test User", "Test%20User"),
+            Pair("test", "test"),
+            Pair("test+test@test.localhost", "test+test@test.localhost"),
+            Pair("test - ab4c", "test%20-%20ab4c"),
+            Pair("test.-&51_+-?@test.localhost", "test.-%2651_+-%3F@test.localhost"),
+            Pair("test'ab4c", "test%27ab4c")
+        )
 
         testList.forEach { pair ->
             client.userId = pair.first
diff --git a/library/src/main/java/com/nextcloud/common/NextcloudClient.kt b/library/src/main/java/com/nextcloud/common/NextcloudClient.kt
index 76a24938..fdd805ae 100644
--- a/library/src/main/java/com/nextcloud/common/NextcloudClient.kt
+++ b/library/src/main/java/com/nextcloud/common/NextcloudClient.kt
@@ -171,7 +171,7 @@ class NextcloudClient(
     }
 
     fun getUserIdEncoded(): String {
-        return Uri.encode(userId, OwnCloudClient.ALLOWED_USERID_CHARACTERS)
+        return UserIdEncoder.encode(userId)
     }
 
     fun getUserIdPlain(): String {
diff --git a/library/src/main/java/com/nextcloud/common/UserIdEncoder.kt b/library/src/main/java/com/nextcloud/common/UserIdEncoder.kt
new file mode 100644
index 00000000..336e7aa6
--- /dev/null
+++ b/library/src/main/java/com/nextcloud/common/UserIdEncoder.kt
@@ -0,0 +1,43 @@
+/*
+ *  Nextcloud Android Library is available under MIT license
+ *
+ *  @author Álvaro Brey Vilas
+ *  Copyright (C) 2022 Álvaro Brey Vilas
+ *  Copyright (C) 2022 Nextcloud GmbH
+ *
+ *  Permission is hereby granted, free of charge, to any person obtaining a copy
+ *  of this software and associated documentation files (the "Software"), to deal
+ *  in the Software without restriction, including without limitation the rights
+ *  to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ *  copies of the Software, and to permit persons to whom the Software is
+ *  furnished to do so, subject to the following conditions:
+ *
+ *  The above copyright notice and this permission notice shall be included in
+ *  all copies or substantial portions of the Software.
+ *
+ *  THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+ *  EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+ *  MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+ *  NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
+ *  BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
+ *  ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+ *  CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ *  THE SOFTWARE.
+ */
+package com.nextcloud.common
+
+import android.net.Uri
+
+object UserIdEncoder {
+    /**
+     * Characters to skip during userID encoding
+     */
+    private const val ALLOWED_USERID_CHARACTERS = "@+"
+
+    @JvmStatic
+    fun encode(userId: String): String {
+        return Uri.encode(userId, ALLOWED_USERID_CHARACTERS)
+            // single quote is not automatically encoded by Uri but is encoded in NC server
+            .replace("'", "%27")
+    }
+}
diff --git a/library/src/main/java/com/owncloud/android/lib/common/OwnCloudClient.java b/library/src/main/java/com/owncloud/android/lib/common/OwnCloudClient.java
index b94e6abc..3d990a08 100644
--- a/library/src/main/java/com/owncloud/android/lib/common/OwnCloudClient.java
+++ b/library/src/main/java/com/owncloud/android/lib/common/OwnCloudClient.java
@@ -28,6 +28,7 @@ package com.owncloud.android.lib.common;
 import android.net.Uri;
 
 import com.nextcloud.common.DNSCache;
+import com.nextcloud.common.UserIdEncoder;
 import com.owncloud.android.lib.common.accounts.AccountUtils;
 import com.owncloud.android.lib.common.network.RedirectionPath;
 import com.owncloud.android.lib.common.network.WebdavUtils;
@@ -63,11 +64,6 @@ public class OwnCloudClient extends HttpClient {
     private static final String PARAM_SINGLE_COOKIE_HEADER = "http.protocol.single-cookie-header";
     private static final boolean PARAM_SINGLE_COOKIE_HEADER_VALUE = true;
     private static final String PARAM_PROTOCOL_VERSION = "http.protocol.version";
-    /**
-     * Characters to skip during userID encoding
-     */
-    public static final String ALLOWED_USERID_CHARACTERS = "@+";
-
 
     private static byte[] sExhaustBuffer = new byte[1024];
 
@@ -440,7 +436,10 @@ public class OwnCloudClient extends HttpClient {
      * @return uri-encoded userId
      */
     public String getUserId() {
-        return Uri.encode(userId, ALLOWED_USERID_CHARACTERS);
+        if (userId == null) {
+            return null;
+        }
+        return UserIdEncoder.encode(userId);
     }
 
     public String getUserIdPlain() {