Rate plan ids are not URL-safe and breaks the site

[mxr576]

Description

/ is an acceptable character in rate plan names by the Monetization API/MGMT UI. The auto-generated rate plan id also contains the / from the name. (See updated findings below in comments)

Steps to Reproduce

Steps to reproduce the behavior:

1. Create a rate plan on Monetization UI or via API calls with / in its name, e.g.:
   
2. Accept the rate plan via API calls. (Why API calls? See below.)

Actual Behavior

1. Rate plans with / in their ID are not visible on "Pricing & Plans".
2. "Purchased plans" page of a user is broken due to the following exception:

Symfony\Component\Routing\Exception\InvalidParameterException: Parameter "rate_plan" for route "entity.rate_plan.canonical" must match "[^/]++" ("petstore-jzbr_test/plan" given) to generate a corresponding URL. in Drupal\Core\Routing\UrlGenerator->doGenerate() (line 204 of  /mnt/files/local_mount/build/web/core/lib/Drupal/Core/Routing/UrlGenerator.php).

Expected Behavior

Everything works as expected :) ™️

Screenshots

Notes

https://www.drupal.org/docs/8/api/routing-system/parameters-in-routes/using-parameters-in-routes#s-example

In fact, unlike generic Symfony routes, Drupal requires that a slug occupies a complete path part - the portion between two slashes (or everything after the last slash). If you must pass a parameter containing slashes, apply the same trick as in PathProcessorFiles.

I wonder what other entity ids are not URL-safe in monetization, like package/product bundle ids?

Version Info

1.10.0

[mxr576]

Probably simply converting path parameters with a slash to query parameters is not going to work, possibly a new URL safe identity needs to be used in paths.

[mxr576]

That is even worse than I expected... you can create a rate plan with almost ANY character in the rate plan name and ID inherits it as-is... no sanitization. ID is officially not URL safe. (Fun fact, you can create a rate plan like this but you cannot edit it because it also breaks the Monetization UI). @cnovak Maybe this worth sharing with engineering.

[mxr576]

... and for the record, UTF8 emojies also work ™️ 🙈

[mxr576]

and this issue also causes troubles with caching

Drupal\Core\Entity\EntityStorageException: SQLSTATE[HY000]: General error: 1270 Illegal mix of collations (ascii_general_ci,IMPLICIT), (utf8mb4_general_ci,COERCIBLE), (utf8mb4_general_ci,COERCIBLE) for operation 'in': SELECT [tag], [invalidations] FROM {cachetags} WHERE [tag] IN ( :tags__0, :tags__1 ); Array ( [:tags__0] => product_bundle:px_site_factory_❤-iqrc [:tags__1] => product_bundle:px_site_factory_❤-iqrc:values ) in Drupal\apigee_edge\Entity\Storage\EdgeEntityStorageBase->withController() (line 220 of /mnt/files/local_mount/build/web/modules/contrib/apigee_edge/src/Entity/Storage/EdgeEntityStorageBase.php).

[mxr576]

Bump :)