Merge pull request #15473 from overleaf/jel-remove-encoded-hash

[web] Remove encoded hashtag when checking token hash prefix

GitOrigin-RevId: 2b9c369beceb7897d0f6f165b4c3a70b79c14469

services/web/app/src/Features/TokenAccess/TokenAccessHandler.js

@@ -291,7 +291,7 @@ const TokenAccessHandler = {
     let hashPrefixStatus
 
     if (tokenHashPrefix) {
-      tokenHashPrefix = tokenHashPrefix.replace('#', '')
+      tokenHashPrefix = tokenHashPrefix.replace('#', '').replace('%23', '')
     }
 
     if (!tokenHashPrefix) {

services/web/test/unit/src/TokenAccess/TokenAccessHandlerTests.js

@@ -719,5 +719,23 @@ describe('TokenAccessHandler', function () {
         }
       )
     })
+    it('it handles encoded hashtags', function () {
+      const token = 'zxpxjrwdtsgd'
+      const prefix = this.TokenAccessHandler.createTokenHashPrefix(token)
+
+      this.TokenAccessHandler.checkTokenHashPrefix(
+        token,
+        `%23${prefix}`,
+        'readOnly'
+      )
+
+      expect(this.Metrics.inc).to.have.been.calledWith(
+        'link-sharing.hash-check',
+        {
+          path: 'readOnly',
+          status: 'match',
+        }
+      )
+    })
   })
 })