From 81bb779fcff3746568338b24c1593f8d3ac8e928 Mon Sep 17 00:00:00 2001
From: Samuel McKendrick <smckend@thoughtworks.com>
Date: Thu, 25 Jan 2018 19:13:24 +0100
Subject: [PATCH] fix: #184 Escape username before asigning it to URI userinfo
 attribute

---
 lib/pact_broker/domain/webhook_request.rb     |  2 +-
 .../domain/webhook_request_spec.rb            | 26 ++++++++++++++-----
 2 files changed, 20 insertions(+), 8 deletions(-)

diff --git a/lib/pact_broker/domain/webhook_request.rb b/lib/pact_broker/domain/webhook_request.rb
index cf96b5c7f..c51d1ca47 100644
--- a/lib/pact_broker/domain/webhook_request.rb
+++ b/lib/pact_broker/domain/webhook_request.rb
@@ -159,7 +159,7 @@ def build_uri pact
 
       def url_with_credentials pact
         u = build_uri(pact)
-        u.userinfo = "#{username}:#{display_password}" if username
+        u.userinfo = "#{CGI::escape username}:#{display_password}" if username
         u
       end
 
diff --git a/spec/lib/pact_broker/domain/webhook_request_spec.rb b/spec/lib/pact_broker/domain/webhook_request_spec.rb
index 448c75853..3fa434c16 100644
--- a/spec/lib/pact_broker/domain/webhook_request_spec.rb
+++ b/spec/lib/pact_broker/domain/webhook_request_spec.rb
@@ -175,10 +175,7 @@ module Domain
           end
         end
 
-        context "when a username and password are specified" do
-
-          let(:username) { 'username' }
-          let(:password) { 'password' }
+        describe "when a username and password are specified" do
 
           let!(:http_request_with_basic_auth) do
             stub_request(:post, "http://example.org/hook").
@@ -189,9 +186,24 @@ module Domain
               to_return(:status => 200, :body => "respbod", :headers => {'Content-Type' => 'text/foo, blah'})
           end
 
-          it "uses the credentials" do
-            subject.execute(pact, options)
-            expect(http_request_with_basic_auth).to have_been_made
+          context "with normal characters" do
+            let(:username) { "username" }
+            let(:password) { "password" }
+
+            it "uses the credentials" do
+              subject.execute(pact, options)
+              expect(http_request_with_basic_auth).to have_been_made
+            end
+          end
+
+          context "with special characters" do
+            let(:username) { "user_name@site.com" }
+            let(:password) { "p@$$w0rd!" }
+
+            it "uses the credentials" do
+              subject.execute(pact, options)
+              expect(http_request_with_basic_auth).to have_been_made
+            end
           end
         end