fix(pageAPI): Apply Regex and sanitization correctly (dotCMS#31422)

### Problems found

1. Regarding the first mentioned issue, the vanityUrl was trying to
redirect to $1, this is because when handling regex in vanityUrl a
function was needed to be executed to process the url and get the final
one that the page should be redirected to, and in the cases of Temporary
and Permanent Redirect that function was not being executed
2. About the second issue, it was a case that was not being contemplated
when using vanityUrls. As the uri is `(.*)/index` and the forwardTo `$1`
this resulted in an empty string url that was generating a blank page
when accesing through browser.
3. Also the regex of the second issue was generating an infinite loop in
the UVE, this was because it was trying to forward to an empty string.
The frontend of the UVE was handling this case and fallbacking to
`index` in the url, then navigating to pageAPI to render `index` but
then the backend finds that there is a vanityUrl and forwards to empty
string, then the frontend redirects again to `index` and so on.

### Proposed Changes
* To solve the problem **1**: Apply a workaround to modify the forwardTo
value (executing the function that processes the url) and set it to the
CachedVanityUrl which is the entity used in the Temporary and Permanent
Redirect case. This way in those cases the forwardTo is going to be
correct, and return to the frontend as it should.
* To solve the problem **2**: Add an extra check in the `processForward`
function that verifies if the forward url is empty (this means that the
forward should redirect to the root) then set `/` as the final url. This
will make the url work as it should in the browser.
* To solve the problem **3**: Modify what the frontend send to the
backend in the cases where it receives from the frontend an empty url.
Instead of index, send to the backend `/`, this will result in the same
behaviour as index, but allowing the user to handle this last case. Now
when using a vanityUrl with `index` in the regex, and forwarding to `/`
it won't generate an infinite loop.
* Additional fix: when using a vanityUrl with regex, and forwarding to
an url that matches with that regex, it results in an infinite loop
error. So instead of using `DotPreconditions.checkArgument` to throw an
error, I made a check to see if the url is self referenced, and if it
true, then fallback to the main url.


**Note and question:** `final String urlIn =
!url.startsWith(StringPool.SLASH) ? StringPool.SLASH + url : url;` Was
added in the processForward function, this was because as navigating
through the UVE, the url that the backend gets doesn't have any starting
slashes, so in the case that the issue specifies, using `(.*)/index`
regex (and forwardTo $1) didn't match when navigating to index as the
url that the function receives would be `index` (without slash). So as
the `resolveVanityUrlIfPresent` does, this will try to check for matches
on the vanityUrl but with a `correctedUri` that will have a `/` at the
start. Before the addition of the slash and as the url didn't matched,
the forwardTo field remained on $1 and then we got the same error as the
problem 1. Adding the slash resulted in the problem 3, which was also
solved.
So the questions would be if this is ok. Should we handle it in a
different way? Could be some cases in where the addition of the slash
results in a wrong url or redirect?

### Checklist
- [x] Tests

---------

Co-authored-by: Jalinson Diaz <[email protected]>

Author: gortiz-dotcms

core-web/libs/portlets/edit-ema/portlet/src/lib/dot-ema-shell/dot-ema-shell.component.spec.ts

@@ -329,9 +329,9 @@ describe('DotEmaShellComponent', () => {
                 );
 
                 spectator.detectChanges();
-                expect(spyloadPageAsset).toHaveBeenCalledWith({ ...params, url: 'index' });
+                expect(spyloadPageAsset).toHaveBeenCalledWith({ ...params, url: '/index' });
                 expect(spyLocation).toHaveBeenCalledWith(
-                    '/?language_id=1&url=index&variantName=DEFAULT&mode=EDIT_MODE'
+                    '/?language_id=1&url=%2Findex&variantName=DEFAULT&mode=EDIT_MODE'
                 );
             });
 
@@ -342,7 +342,7 @@ describe('DotEmaShellComponent', () => {
 
                 const params = {
                     ...INITIAL_PAGE_PARAMS,
-                    url: '/some-url/some-nested-url/'
+                    url: '/some-url/some-nested-url'
                 };
 
                 overrideRouteSnashot(
@@ -353,10 +353,10 @@ describe('DotEmaShellComponent', () => {
                 spectator.detectChanges();
                 expect(spyloadPageAsset).toHaveBeenCalledWith({
                     ...params,
-                    url: 'some-url/some-nested-url'
+                    url: '/some-url/some-nested-url'
                 });
                 expect(spyLocation).toHaveBeenCalledWith(
-                    '/?language_id=1&url=some-url%2Fsome-nested-url&variantName=DEFAULT&mode=EDIT_MODE'
+                    '/?language_id=1&url=%2Fsome-url%2Fsome-nested-url&variantName=DEFAULT&mode=EDIT_MODE'
                 );
             });
 
@@ -375,9 +375,12 @@ describe('DotEmaShellComponent', () => {
                 );
 
                 spectator.detectChanges();
-                expect(spyloadPageAsset).toHaveBeenCalledWith({ ...params, url: 'some-url/' });
+                expect(spyloadPageAsset).toHaveBeenCalledWith({
+                    ...params,
+                    url: '/some-url/index'
+                });
                 expect(spyLocation).toHaveBeenCalledWith(
-                    '/?language_id=1&url=some-url%2F&variantName=DEFAULT&mode=EDIT_MODE'
+                    '/?language_id=1&url=%2Fsome-url%2Findex&variantName=DEFAULT&mode=EDIT_MODE'
                 );
             });
 
@@ -392,7 +395,7 @@ describe('DotEmaShellComponent', () => {
                 };
 
                 const expectedParams = {
-                    url: 'some-url/',
+                    url: '/some-url/index',
                     [PERSONA_KEY]: 'someCoolDude',
                     mode: UVE_MODE.EDIT,
                     language_id: 1
@@ -406,7 +409,7 @@ describe('DotEmaShellComponent', () => {
                 spectator.detectChanges();
                 expect(spyloadPageAsset).toHaveBeenCalledWith(expectedParams);
                 expect(spyLocation).toHaveBeenCalledWith(
-                    '/?url=some-url%2F&language_id=1&mode=EDIT_MODE&personaId=someCoolDude'
+                    '/?url=%2Fsome-url%2Findex&language_id=1&mode=EDIT_MODE&personaId=someCoolDude'
                 );
             });
         });
@@ -657,7 +660,7 @@ describe('DotEmaShellComponent', () => {
                 const baseClientHost = 'http://localhost:3000/';
                 const params = {
                     ...INITIAL_PAGE_PARAMS,
-                    clientHost: 'http://localhost:3000' // No trailing slash
+                    clientHost: 'http://localhost:3000/' // No trailing slash
                 };
 
                 // Set up route with uveConfig.url that has trailing slash

core-web/libs/portlets/edit-ema/portlet/src/lib/edit-ema-editor/components/dot-uve-toolbar/components/dot-uve-workflow-actions/dot-uve-workflow-actions.component.spec.ts

@@ -204,7 +204,7 @@ describe('DotUveWorkflowActionsComponent', () => {
             expect(spySetWorkflowActionLoading).toHaveBeenCalledWith(true);
             expect(spyLoadPageAsset).toHaveBeenCalledWith({
                 language_id: dotcmsContentletMock.languageId.toString(),
-                url: dotcmsContentletMock.url
+                url: '/'
             });
             expect(spyMessage).toHaveBeenCalledTimes(2);
 

core-web/libs/portlets/edit-ema/portlet/src/lib/edit-ema-editor/edit-ema-editor.component.spec.ts

@@ -370,7 +370,7 @@ describe('EditEmaEditorComponent', () => {
 
         beforeEach(() => {
             spectator = createComponent({
-                queryParams: { language_id: 1, url: 'page-one' },
+                queryParams: { language_id: 1, url: 'index' },
                 data: {
                     data: {
                         url: 'http://localhost:3000'
@@ -2589,7 +2589,7 @@ describe('EditEmaEditorComponent', () => {
                     const iframe = spectator.debugElement.query(By.css('[data-testId="iframe"]'));
 
                     expect(iframe.nativeElement.src).toBe(
-                        'http://localhost:3000/page-one?language_id=1'
+                        'http://localhost:3000/index?language_id=1'
                     );
                 });
 

core-web/libs/portlets/edit-ema/portlet/src/lib/services/guards/edit-ema.guard.spec.ts

@@ -95,12 +95,12 @@ describe('EditEmaGuard', () => {
         expect(didEnteredPortlet).toBe(true);
     });
 
-    it('should navigate to "edit-page" with url as "index" when the initial url queryParam is "/"', () => {
+    it('should navigate to "edit-page" with url as "/" when the initial url queryParam is ""', () => {
         const route: ActivatedRouteSnapshot = {
             firstChild: {
                 url: [{ path: 'content' }]
             },
-            queryParams: { url: '/' }
+            queryParams: { url: '' }
             // eslint-disable-next-line @typescript-eslint/no-explicit-any
         } as any;
 
@@ -110,7 +110,7 @@ describe('EditEmaGuard', () => {
             queryParams: {
                 [PERSONA_KEY]: 'modes.persona.no.persona',
                 language_id: 1,
-                url: 'index'
+                url: '/'
             },
             replaceUrl: true
         });

core-web/libs/portlets/edit-ema/portlet/src/lib/services/guards/edit-ema.guard.ts

@@ -36,15 +36,15 @@ function confirmQueryParams(queryParams: Params): {
 } {
     const { missing, ...missingQueryParams } = DEFAULT_QUERY_PARAMS.reduce(
         (acc, { key, value }) => {
-            if (!queryParams[key]) {
-                acc[key] = value;
+            if (key === 'url' && queryParams[key]?.trim()?.length === 0) {
+                acc[key] = '/';
                 acc.missing = true;
 
                 return acc;
             }
 
-            if (key === 'url' && queryParams[key] === '/') {
-                acc[key] = 'index';
+            if (!queryParams[key]) {
+                acc[key] = value;
                 acc.missing = true;
 
                 return acc;
@@ -77,7 +77,7 @@ const DEFAULT_QUERY_PARAMS = [
     },
     {
         key: 'url',
-        value: 'index'
+        value: '/'
     },
     {
         key: 'com.dotmarketing.persona.id',

core-web/libs/portlets/edit-ema/portlet/src/lib/store/features/editor/withEditor.spec.ts

@@ -244,11 +244,17 @@ describe('withEditor', () => {
                             ...MOCK_RESPONSE_HEADLESS.vanityUrl,
                             url: 'first'
                         }
+                    },
+                    pageParams: {
+                        language_id: '1',
+                        variantName: 'DEFAULT',
+                        url: 'first',
+                        [PERSONA_KEY]: 'dot:persona'
                     }
                 });
 
                 expect(store.$iframeURL()).toBe(
-                    'http://localhost:3000/first?language_id=1&variantName=DEFAULT&personaId=dot%3Apersona'
+                    'http://localhost/first?language_id=1&variantName=DEFAULT&personaId=dot%3Apersona'
                 );
             });
         });

core-web/libs/portlets/edit-ema/portlet/src/lib/store/features/editor/withEditor.ts

@@ -209,9 +209,7 @@ export function withEditor() {
                     };
                 }),
                 $iframeURL: computed<string | InstanceType<typeof String>>(() => {
-                    const page = store.pageAPIResponse().page;
-                    const vanityURL = store.pageAPIResponse().vanityUrl?.url;
-                    const sanitizedURL = sanitizeURL(vanityURL ?? page?.pageURI);
+                    const sanitizedURL = sanitizeURL(store.pageParams().url);
 
                     const url = buildIframeURL({
                         url: sanitizedURL,

core-web/libs/portlets/edit-ema/portlet/src/lib/store/features/load/withLoad.ts

@@ -82,10 +82,9 @@ export function withLoad() {
                                         }
 
                                         // Maybe we can use retryWhen() instead of this navigate.
-                                        const url = vanityUrl.forwardTo.replace('/', '');
                                         router.navigate([], {
                                             queryParamsHandling: 'merge',
-                                            queryParams: { url }
+                                            queryParams: { url: vanityUrl.forwardTo }
                                         });
 
                                         // EMPTY is a simple Observable that only emits the complete notification.

core-web/libs/portlets/edit-ema/portlet/src/lib/utils/index.ts

@@ -196,15 +196,19 @@ function insertPositionedContentletInContainer(payload: ActionPayload): {
 }
 
 /**
- * Remove the index from the end of the url if it's nested and also remove extra slashes
+ * Sanitizes a URL by:
+ * 1. Removing extra leading/trailing slashes
+ * 2. Preserving 'index' in the URL path
  *
  * @param {string} url
  * @return {*}  {string}
  */
 export function sanitizeURL(url?: string): string {
-    return url
-        ?.replace(/^\/+|\/+$/g, '') // Remove starting and trailing slashes
-        ?.replace(/^(index)$|(.*?)(?:\/)?index\/?$/, (_, g1, g2) => g1 || `${g2}/`); // Keep 'index' or add slash for paths
+    if (!url || url === '/') {
+        return '/';
+    }
+
+    return url.replace(/\/+/g, '/'); // Convert multiple slashes to single slash
 }
 
 /**
@@ -292,7 +296,10 @@ export function normalizeQueryParams(params, baseClientHost?: string) {
         delete queryParams[PERSONA_KEY];
     }
 
-    if (baseClientHost && sanitizeURL(baseClientHost) === sanitizeURL(params.clientHost)) {
+    if (
+        baseClientHost &&
+        new URL(baseClientHost).toString() === new URL(params.clientHost).toString()
+    ) {
         delete queryParams.clientHost;
     }
 
@@ -633,8 +640,8 @@ export const checkClientHostAccess = (
     }
 
     // Most IDEs and terminals add a / at the end of the URL, so we need to sanitize it
-    const sanitizedClientHost = sanitizeURL(clientHost);
-    const sanitizedAllowedDevURLs = allowedDevURLs.map(sanitizeURL);
+    const sanitizedClientHost = new URL(clientHost).toString();
+    const sanitizedAllowedDevURLs = allowedDevURLs.map((url) => new URL(url).toString());
 
     return sanitizedAllowedDevURLs.includes(sanitizedClientHost);
 };

core-web/libs/portlets/edit-ema/portlet/src/lib/utils/utils.spec.ts

@@ -309,50 +309,30 @@ describe('utils functions', () => {
     });
 
     describe('url sanitize', () => {
-        it('should remove the slash from the start', () => {
-            expect(sanitizeURL('/cool')).toEqual('cool');
+        it('should left the / as /', () => {
+            expect(sanitizeURL('/')).toEqual('/');
         });
 
-        it("should remove the slash from the end if it's not the only character", () => {
-            expect(sanitizeURL('super-cool/')).toEqual('super-cool');
+        it('should clean multiple slashes', () => {
+            expect(sanitizeURL('//////')).toEqual('/');
         });
 
-        it('should remove the slash from the end and the beggining', () => {
-            expect(sanitizeURL('/hello-there/')).toEqual('hello-there');
-        });
-
-        it('should leave as it is for valid url', () => {
-            expect(sanitizeURL('this-is-where-the-fun-begins')).toEqual(
-                'this-is-where-the-fun-begins'
-            );
-        });
-
-        it('should return index if the url is index without nested path', () => {
-            expect(sanitizeURL('index')).toEqual('index');
-            expect(sanitizeURL('index/')).toEqual('index');
-            expect(sanitizeURL('/index/')).toEqual('index');
+        it('should clean multiple slashes', () => {
+            expect(sanitizeURL('//index////')).toEqual('/index/');
         });
 
         describe('nested url', () => {
             it('should leave as it is for a nested valid url', () => {
-                expect(sanitizeURL('hello-there/general-kenobi')).toEqual(
-                    'hello-there/general-kenobi'
+                expect(sanitizeURL('hello-there/general-kenobi/')).toEqual(
+                    'hello-there/general-kenobi/'
                 );
             });
 
-            it('should remove index from the end of the url but keep the slash if is a nested path', () => {
-                expect(sanitizeURL('my-nested-path/index/')).toEqual('my-nested-path/');
-            });
-
-            it('should remove the index if a nested path', () => {
-                expect(sanitizeURL('i-have-the-high-ground/index')).toEqual(
-                    'i-have-the-high-ground/'
+            it('should clean multiple slashes in a nested url', () => {
+                expect(sanitizeURL('hello-there////general-kenobi//////')).toEqual(
+                    'hello-there/general-kenobi/'
                 );
             });
-
-            it('should remove the index if a nested path with slash', () => {
-                expect(sanitizeURL('no-index-please/index/')).toEqual('no-index-please/');
-            });
         });
     });