Scott.Idem/OSIT-AE-App-Svelte
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(pres_mgmt): encodeURIComponent for poc_sign_in_url + null-key guard

Browse Source 
- poc_sign_in_url derived: replace encodeURI() with per-param
  encodeURIComponent() — same fix applied to presenter URLs. passcodes
  may contain special characters; encodeURI() would leave them unencoded.
- session_sign_in(): guard the presentation_id and presenter_id auth__kv
  writes so they only run when non-null. A pure POC link has neither param
  in the URL, so writing auth__kv[null] was creating junk 'null' string
  keys that never matched anything.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Scott Idem
2026-06-23 14:48:25 -04:00
parent 52d1dca32a
commit 5d6008431c
2 changed files with 9 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
src/routes/events/[event_id]/(pres_mgmt)/session/[session_id]/ae_comp__session_view.svelte
View File

@@ -145,9 +145,7 @@ let default_end_datetime = $derived(event_start_date ? `${event_start_date}T09:0
// session_id is required as a query param so sign_in_out.svelte calls session_sign_in().
let poc_sign_in_url = $derived(
$lq__event_session_obj?.poc_person_id && $lq__event_session_obj?.poc_person_passcode
? encodeURI(
`${$ae_loc.url_origin}/events/${$lq__event_session_obj.event_id}/session/${$lq__event_session_obj.event_session_id}?person_id=${$lq__event_session_obj.poc_person_id}&person_pass=${$lq__event_session_obj.poc_person_passcode}&session_id=${$lq__event_session_obj.event_session_id}`
)
? `${$ae_loc.url_origin}/events/${$lq__event_session_obj.event_id}/session/${$lq__event_session_obj.event_session_id}?person_id=${encodeURIComponent($lq__event_session_obj.poc_person_id)}&person_pass=${encodeURIComponent($lq__event_session_obj.poc_person_passcode)}&session_id=${encodeURIComponent($lq__event_session_obj.event_session_id)}`
: null
);

13
src/routes/events/[event_id]/sign_in_out.svelte
View File

@@ -275,11 +275,14 @@ function session_sign_in() {
events_auth_loc.current.auth__kv.person[$events_sess.auth__person.person_id] = true;
events_auth_loc.current.auth__kv.session[$events_sess.auth__person.session_id] = true;
events_auth_loc.current.auth__kv.presentation[
$events_sess.auth__person.presentation_id
] = false; // Set to false for session POC (LCI Champions).
events_auth_loc.current.auth__kv.presenter[$events_sess.auth__person.presenter_id] =
false; // Set to false for session POC (LCI Champions).
// Only write these if non-null — a POC link has no presentation_id/presenter_id in the
// URL, and writing auth__kv[null] would set a junk 'null' string key.
if ($events_sess.auth__person.presentation_id) {
events_auth_loc.current.auth__kv.presentation[$events_sess.auth__person.presentation_id] = false; // false = POC has no presentation-level access
}
if ($events_sess.auth__person.presenter_id) {
events_auth_loc.current.auth__kv.presenter[$events_sess.auth__person.presenter_id] = false; // false = POC is not a presenter
}
// Setting again here... just because for now.
// $events_slct.event_presentation_id = $events_sess.auth__person.presentation_id;