Commit 30f3844f authored by Stan Hu's avatar Stan Hu

Merge branch 'kborges/avoid-double-credential-encoding' into 'master'

Avoid double credential encoding

See merge request gitlab-org/gitlab!24514
parents 57acb8eb af9f589f
......@@ -901,7 +901,9 @@ class Project < ApplicationRecord
if Gitlab::UrlSanitizer.valid?(value)
import_url = Gitlab::UrlSanitizer.new(value)
super(import_url.sanitized_url)
create_or_update_import_data(credentials: import_url.credentials)
credentials = import_url.credentials.to_h.transform_values { |value| CGI.unescape(value.to_s) }
create_or_update_import_data(credentials: credentials)
else
super(value)
end
......
---
title: Avoid double encoding of credential while importing a Project by URL
merge_request: 24514
author:
type: fixed
......@@ -1980,6 +1980,23 @@ describe Project do
expect(project.reload.import_url).to eq('http://test.com')
end
it 'saves the url credentials percent decoded' do
url = 'http://user:pass%21%3F%40@github.com/t.git'
project = build(:project, import_url: url)
# When the credentials are not decoded this expectation fails
expect(project.import_url).to eq(url)
expect(project.import_data.credentials).to eq(user: 'user', password: 'pass!?@')
end
it 'saves url with no credentials' do
url = 'http://github.com/t.git'
project = build(:project, import_url: url)
expect(project.import_url).to eq(url)
expect(project.import_data.credentials).to eq(user: nil, password: nil)
end
end
describe '#container_registry_url' do
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment