From 7cb78f13c048e73205f154c3d1578a00c724e7c2 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Cau=C3=AA=20Faleiros?= <cauefaleiros@gmail.com>
Date: Wed, 11 Mar 2026 15:13:19 -0300
Subject: [PATCH] fix: pad base64 string when parsing jwt during impersonation
 exit

- Prevented the browser's atob() function from throwing a 'String contains an invalid character' exception by adding proper Base64 padding to the JWT payload before decoding.
---
 services/dataService.ts | 14 +++++++++++++-
 1 file changed, 13 insertions(+), 1 deletion(-)

diff --git a/services/dataService.ts b/services/dataService.ts
index 8588ceb..2686600 100644
--- a/services/dataService.ts
+++ b/services/dataService.ts
@@ -417,7 +417,19 @@ export const returnToSuperAdmin = (): boolean => {
   const superAdminToken = localStorage.getItem('ctms_super_admin_token');
   if (superAdminToken) {
     try {
-      const payload = JSON.parse(atob(superAdminToken.split('.')[1]));
+      // Correctly decode Base64Url JWT payload with proper padding
+      const base64Url = superAdminToken.split('.')[1];
+      let base64 = base64Url.replace(/-/g, '+').replace(/_/g, '/');
+      const pad = base64.length % 4;
+      if (pad) {
+        base64 += '='.repeat(4 - pad);
+      }
+      
+      const jsonPayload = decodeURIComponent(atob(base64).split('').map(function(c) {
+          return '%' + ('00' + c.charCodeAt(0).toString(16)).slice(-2);
+      }).join(''));
+      const payload = JSON.parse(jsonPayload);
+
       localStorage.setItem('ctms_token', superAdminToken);
       localStorage.setItem('ctms_user_id', payload.id);
       localStorage.setItem('ctms_tenant_id', payload.tenant_id || 'system');