Skip to content

Commit

Permalink
fix: #184 Escape username before asigning it to URI userinfo attribute
Browse files Browse the repository at this point in the history
  • Loading branch information
Samuel McKendrick committed Jan 26, 2018
1 parent 8e45062 commit 81bb779
Show file tree
Hide file tree
Showing 2 changed files with 20 additions and 8 deletions.
2 changes: 1 addition & 1 deletion lib/pact_broker/domain/webhook_request.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -159,7 +159,7 @@ def build_uri pact

def url_with_credentials pact
u = build_uri(pact)
u.userinfo = "#{username}:#{display_password}" if username
u.userinfo = "#{CGI::escape username}:#{display_password}" if username
u
end

Expand Down
26 changes: 19 additions & 7 deletions spec/lib/pact_broker/domain/webhook_request_spec.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -175,10 +175,7 @@ module Domain
end
end

context "when a username and password are specified" do

let(:username) { 'username' }
let(:password) { 'password' }
describe "when a username and password are specified" do

let!(:http_request_with_basic_auth) do
stub_request(:post, "http://example.org/hook").
Expand All @@ -189,9 +186,24 @@ module Domain
to_return(:status => 200, :body => "respbod", :headers => {'Content-Type' => 'text/foo, blah'})
end

it "uses the credentials" do
subject.execute(pact, options)
expect(http_request_with_basic_auth).to have_been_made
context "with normal characters" do
let(:username) { "username" }
let(:password) { "password" }

it "uses the credentials" do
subject.execute(pact, options)
expect(http_request_with_basic_auth).to have_been_made
end
end

context "with special characters" do
let(:username) { "[email protected]" }
let(:password) { "p@$$w0rd!" }

it "uses the credentials" do
subject.execute(pact, options)
expect(http_request_with_basic_auth).to have_been_made
end
end
end

Expand Down

0 comments on commit 81bb779

Please sign in to comment.