From 0892edc4328340a6142f457f4f2c86ee915dbab2 Mon Sep 17 00:00:00 2001
From: David Baker <dave@matrix.org>
Date: Mon, 9 Oct 2023 10:08:10 +0100
Subject: [PATCH] Use base64url encoding for the password param

As base64 is fairly obviously not sensible for URLs and we were not
URL encoding it so we were ending up with spaces in the URL.

Also base 64 encode the password in case, as per comment.
---
 src/matrix-utils.ts | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/src/matrix-utils.ts b/src/matrix-utils.ts
index 58f8bab5..778e4c6a 100644
--- a/src/matrix-utils.ts
+++ b/src/matrix-utils.ts
@@ -76,9 +76,13 @@ function waitForSync(client: MatrixClient) {
 function secureRandomString(entropyBytes: number): string {
   const key = new Uint8Array(entropyBytes);
   crypto.getRandomValues(key);
+  // encode to base64url as this value goes into URLs
   return btoa(
     key.reduce((acc, current) => acc + String.fromCharCode(current), "")
-  ).replace(/=*$/, "");
+  )
+    .replace("+", "-")
+    .replace("/", "_")
+    .replace(/=*$/, "");
 }
 
 /**
@@ -395,9 +399,13 @@ export function getRelativeRoomUrl(
   roomName?: string,
   password?: string
 ): string {
+  // The password shouldn't need URL encoding here (we generate URL-safe ones) but encode
+  // it in case it came from another client that generated a non url-safe one
   return `/room/#${
     roomName ? "/" + roomAliasLocalpartFromRoomName(roomName) : ""
-  }?roomId=${roomId}${password ? "&" + PASSWORD_STRING + password : ""}`;
+  }?roomId=${roomId}${
+    password ? "&" + PASSWORD_STRING + encodeURIComponent(password) : ""
+  }`;
 }
 
 export function getAvatarUrl(