safe handling of RawStrs

src/api/identity.rs

@@ -525,9 +525,9 @@ fn invalid_json(error_message: &str, exception: bool) -> JsonResult {
 #[allow(non_snake_case)]
 fn prevalidate(domainHint: &RawStr, conn: DbConn) -> JsonResult {
     let empty_result = json!({});
-
-    // TODO as_str shouldn't be used here
-    let organization = Organization::find_by_identifier(domainHint.as_str(), &conn);
+    match domainHint.percent_decode() {
+        Ok(domain_hint) => {
+            let organization = Organization::find_by_identifier(&domain_hint.to_owned(), &conn);
             match organization {
                 Some(organization) => {
                     if !organization.use_sso {
@@ -544,6 +544,11 @@ fn prevalidate(domainHint: &RawStr, conn: DbConn) -> JsonResult {
             }
 
             Ok(Json(empty_result))
+        },
+        Err(_) => {
+            return invalid_json("Invalid domainHint received", false);
+        },
+    }
 }
 
 use openidconnect::core::{
@@ -601,7 +606,9 @@ fn authorize(
     state: &RawStr,
     conn: DbConn,
 ) -> Redirect {
-    let client = get_client_from_identifier(domain_hint.as_str(), &conn);
+    let domain_hint_decoded = &domain_hint.percent_decode().expect("Invalid domain_hint").into_owned();
+    let state_decoded = &state.percent_decode().expect("Invalid state").into_owned();
+    let client = get_client_from_identifier(domain_hint_decoded, &conn);
 
     let (mut authorize_url, _csrf_state, _nonce) = client
         .authorize_url(
@@ -619,7 +626,7 @@ fn authorize(
     let new_pairs = old_pairs.map(|pair| {
         let (key, value) = pair;
         if key == "state" {
-            return format!("{}={}", key, state);
+            return format!("{}={}", key, state_decoded);
         }
         return format!("{}={}", key, value);
     });