Merge branch 'backport-ee-changes-to-url-sanitizer' into 'master'

Backport more EE changes to Gitlab::UrlSanitizer See merge request !14150

Merge branch 'backport-ee-changes-to-url-sanitizer' into 'master'
Backport more EE changes to Gitlab::UrlSanitizer See merge request !14150
f06d370b · Rémy Coutable · 35273121 · b46d5b13 · f06d370b · f06d370b
隐藏空白更改
内联并排

Showing with 30 addition and 4 deletion

lib/gitlab/url_sanitizer.rb lib/gitlab/url_sanitizer.rb +21 -4

spec/lib/gitlab/url_sanitizer_spec.rb spec/lib/gitlab/url_sanitizer_spec.rb +9 -0

未找到文件。
--- a/lib/gitlab/url_sanitizer.rb
+++ b/lib/gitlab/url_sanitizer.rb
@@ -19,13 +19,12 @@ module Gitlab
    end

    def initialize(url, credentials: nil)
-      @url = Addressable::URI.parse(url.to_s.strip)
-
      %i[user password].each do |symbol|
        credentials[symbol] = credentials[symbol].presence if credentials&.key?(symbol)
      end

      @credentials = credentials
+      @url = parse_url(url)
    end

    def sanitized_url
@@ -49,12 +48,30 @@ module Gitlab

    private

+    def parse_url(url)
+      url             = url.to_s.strip
+      match           = url.match(%r{\A(?:git|ssh|http(?:s?))\://(?:(.+)(?:@))?(.+)})
+      raw_credentials = match[1] if match
+
+      if raw_credentials.present?
+        url.sub!("#{raw_credentials}@", '')
+
+        user, password = raw_credentials.split(':')
+        @credentials ||= { user: user.presence, password: password.presence }
+      end
+
+      url = Addressable::URI.parse(url)
+      url.password = password if password.present?
+      url.user = user if user.present?
+      url
+    end
+
    def generate_full_url
      return @url unless valid_credentials?
      @full_url = @url.dup

-      @full_url.password = credentials[:password]
-      @full_url.user = credentials[:user]
+      @full_url.password = credentials[:password] if credentials[:password].present?
+      @full_url.user = credentials[:user] if credentials[:user].present?

      @full_url
    end

--- a/spec/lib/gitlab/url_sanitizer_spec.rb
+++ b/spec/lib/gitlab/url_sanitizer_spec.rb
@@ -174,4 +174,13 @@ describe Gitlab::UrlSanitizer do
      end
    end
  end
+
+  context 'when credentials contains special chars' do
+    it 'should parse the URL without errors' do
+      url_sanitizer = described_class.new("https://foo:b?r@github.com/me/project.git")
+
+      expect(url_sanitizer.sanitized_url).to eq("https://github.com/me/project.git")
+      expect(url_sanitizer.full_url).to eq("https://foo:b?r@github.com/me/project.git")
+    end
+  end
 end