Commit 0003af6c authored by Rémy Coutable's avatar Rémy Coutable

Merge branch '46571-webhooks-nil-password' into 'master'

Resolve "WebHookService doesn't handle user info with nil passwords"

Closes #46571

See merge request gitlab-org/gitlab-ce!19945
parents 7da7af3a 1345968e
...@@ -82,7 +82,7 @@ class WebHookService ...@@ -82,7 +82,7 @@ class WebHookService
post_url = hook.url.gsub("#{parsed_url.userinfo}@", '') post_url = hook.url.gsub("#{parsed_url.userinfo}@", '')
basic_auth = { basic_auth = {
username: CGI.unescape(parsed_url.user), username: CGI.unescape(parsed_url.user),
password: CGI.unescape(parsed_url.password) password: CGI.unescape(parsed_url.password.presence || '')
} }
make_request(post_url, basic_auth) make_request(post_url, basic_auth)
end end
......
---
title: Fix webhook error when password is not present
merge_request: 19945
author: Jan Beckmann
type: fixed
...@@ -60,6 +60,36 @@ describe WebHookService do ...@@ -60,6 +60,36 @@ describe WebHookService do
).once ).once
end end
context 'when auth credentials are present' do
let(:url) {'https://example.org'}
let(:project_hook) { create(:project_hook, url: 'https://demo:demo@example.org/') }
it 'uses the credentials' do
WebMock.stub_request(:post, url)
service_instance.execute
expect(WebMock).to have_requested(:post, url).with(
headers: headers.merge('Authorization' => 'Basic ZGVtbzpkZW1v')
).once
end
end
context 'when auth credentials are partial present' do
let(:url) {'https://example.org'}
let(:project_hook) { create(:project_hook, url: 'https://demo@example.org/') }
it 'uses the credentials anyways' do
WebMock.stub_request(:post, url)
service_instance.execute
expect(WebMock).to have_requested(:post, url).with(
headers: headers.merge('Authorization' => 'Basic ZGVtbzo=')
).once
end
end
it 'catches exceptions' do it 'catches exceptions' do
WebMock.stub_request(:post, project_hook.url).to_raise(StandardError.new('Some error')) WebMock.stub_request(:post, project_hook.url).to_raise(StandardError.new('Some error'))
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment