Commit af9f589f authored by Kassio Borges's avatar Kassio Borges

Avoid double encoding of import url credentials

Import projects by URL, when the URLs credentials have characters that
require percent encoding, is currently not working. This feature is
failing because the import url credentials are being encoded before
saving on the database, on the `Project#import_url=`, and then it's
being encoded again when retrieving the credentials from the database,
on `Project#import_url`.

To solve the problem the credential is being percent decoded before
saving it on the database.
parent 04d8f2f0
...@@ -901,7 +901,9 @@ class Project < ApplicationRecord ...@@ -901,7 +901,9 @@ class Project < ApplicationRecord
if Gitlab::UrlSanitizer.valid?(value) if Gitlab::UrlSanitizer.valid?(value)
import_url = Gitlab::UrlSanitizer.new(value) import_url = Gitlab::UrlSanitizer.new(value)
super(import_url.sanitized_url) super(import_url.sanitized_url)
create_or_update_import_data(credentials: import_url.credentials)
credentials = import_url.credentials.to_h.transform_values { |value| CGI.unescape(value.to_s) }
create_or_update_import_data(credentials: credentials)
else else
super(value) super(value)
end end
......
---
title: Avoid double encoding of credential while importing a Project by URL
merge_request: 24514
author:
type: fixed
...@@ -1980,6 +1980,23 @@ describe Project do ...@@ -1980,6 +1980,23 @@ describe Project do
expect(project.reload.import_url).to eq('http://test.com') expect(project.reload.import_url).to eq('http://test.com')
end end
it 'saves the url credentials percent decoded' do
url = 'http://user:pass%21%3F%40@github.com/t.git'
project = build(:project, import_url: url)
# When the credentials are not decoded this expectation fails
expect(project.import_url).to eq(url)
expect(project.import_data.credentials).to eq(user: 'user', password: 'pass!?@')
end
it 'saves url with no credentials' do
url = 'http://github.com/t.git'
project = build(:project, import_url: url)
expect(project.import_url).to eq(url)
expect(project.import_data.credentials).to eq(user: nil, password: nil)
end
end end
describe '#container_registry_url' do describe '#container_registry_url' do
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment