fixing double encoding bug for OAuth JWTs

apache · Oct 24, 2024 · 5872351 · 5872351
1 parent 6e42328
commit 5872351
Showing 1 changed file with 3 additions and 0 deletions.
diff --git a/superset/utils/oauth2.py b/superset/utils/oauth2.py
@@ -24,6 +24,7 @@
 import jwt
 from flask import current_app, url_for
 from marshmallow import EXCLUDE, fields, post_load, Schema
+from urllib.parse import unquote
 
 from superset import db
 from superset.distributed_lock import KeyValueDistributedLock
@@ -169,6 +170,8 @@ def decode_oauth2_state(encoded_state: str) -> OAuth2State:
     """
     Decode the OAuth2 state.
     """
+    # Before escaping periods, the % need to be escaped
+    encoded_state = unquote(encoded_state)
     # Google OAuth2 needs periods to be escaped.
     encoded_state = encoded_state.replace("%2E", ".")