diff options
| author | Jiahui Li <54631519+jiahuili430@users.noreply.github.com> | 2021-05-04 09:39:50 -0500 |
|---|---|---|
| committer | Nick Vatamaniuc <nickva@users.noreply.github.com> | 2021-05-04 17:03:58 -0400 |
| commit | f672b911db19981a81d7fc6ce8ac33b150234fd7 (patch) | |
| tree | 7664ceab8e335e63e3986a8fab7108de85527c43 | |
| parent | a0603b77160c01eca4c701b0c6cb7f21b9e2380c (diff) | |
| download | couchdb-f672b911db19981a81d7fc6ce8ac33b150234fd7.tar.gz | |
Fix bug in Replicator authentication for password contains @
| -rw-r--r-- | src/couch_replicator/src/couch_replicator_auth_session.erl | 54 |
1 files changed, 53 insertions, 1 deletions
diff --git a/src/couch_replicator/src/couch_replicator_auth_session.erl b/src/couch_replicator/src/couch_replicator_auth_session.erl index 30f499a33..8daa7bc70 100644 --- a/src/couch_replicator/src/couch_replicator_auth_session.erl +++ b/src/couch_replicator/src/couch_replicator_auth_session.erl @@ -288,7 +288,9 @@ extract_creds_from_url(Url) -> Prefix = lists:concat([Proto, "://", User, ":", Pass, "@"]), Suffix = lists:sublist(Url, length(Prefix) + 1, length(Url) + 1), NoCreds = lists:concat([Proto, "://", Suffix]), - {ok, User, Pass, NoCreds} + User1 = chttpd:unquote(User), + Pass1 = chttpd:unquote(Pass), + {ok, User1, Pass1, NoCreds} end. @@ -576,14 +578,38 @@ extract_creds_success_test_() -> {"u", "p", #httpdb{url = "http://x.y/db"}} }, { + #httpdb{url = "http://u%40:p%40@x.y/db"}, + {"u@", "p@", #httpdb{url = "http://x.y/db"}} + }, + { + #httpdb{url = "http://u%40u:p%40p@x.y/db"}, + {"u@u", "p@p", #httpdb{url = "http://x.y/db"}} + }, + { + #httpdb{url = "http://u%40%401:p%40%401@x.y/db"}, + {"u@@1", "p@@1", #httpdb{url = "http://x.y/db"}} + }, + { + #httpdb{url = "http://u%40%2540:p%40%2540@x.y/db"}, + {"u@%40", "p@%40", #httpdb{url = "http://x.y/db"}} + }, + { #httpdb{url = "http://u:p@h:80/db"}, {"u", "p", #httpdb{url = "http://h:80/db"}} }, { + #httpdb{url = "http://u%3A:p%3A@h:80/db"}, + {"u:", "p:", #httpdb{url = "http://h:80/db"}} + }, + { #httpdb{url = "https://u:p@h/db"}, {"u", "p", #httpdb{url = "https://h/db"}} }, { + #httpdb{url = "https://u%2F:p%2F@h/db"}, + {"u/", "p/", #httpdb{url = "https://h/db"}} + }, + { #httpdb{url = "http://u:p@127.0.0.1:5984/db"}, {"u", "p", #httpdb{url = "http://127.0.0.1:5984/db"}} }, @@ -596,10 +622,18 @@ extract_creds_success_test_() -> {"u", "p", #httpdb{url = "http://[2001:db8:a1b:12f9::1]:81/db"}} }, { + #httpdb{url = "http://u:p%3A%2F%5B%5D%40@[2001:db8:a1b:12f9::1]:81/db"}, + {"u", "p:/[]@", #httpdb{url = "http://[2001:db8:a1b:12f9::1]:81/db"}} + }, + { #httpdb{url = "http://u:p@x.y/db/other?query=Z&query=w"}, {"u", "p", #httpdb{url = "http://x.y/db/other?query=Z&query=w"}} }, { + #httpdb{url = "http://u:p%3F@x.y/db/other?query=Z&query=w"}, + {"u", "p?", #httpdb{url = "http://x.y/db/other?query=Z&query=w"}} + }, + { #httpdb{ url = "http://h/db", headers = DefaultHeaders ++ [ @@ -612,6 +646,24 @@ extract_creds_success_test_() -> #httpdb{ url = "http://h/db", headers = DefaultHeaders ++ [ + {"Authorization", "Basic " ++ b64creds("u", "p@")} + ] + }, + {"u", "p@", #httpdb{url = "http://h/db"}} + }, + { + #httpdb{ + url = "http://h/db", + headers = DefaultHeaders ++ [ + {"Authorization", "Basic " ++ b64creds("u", "p@%40")} + ] + }, + {"u", "p@%40", #httpdb{url = "http://h/db"}} + }, + { + #httpdb{ + url = "http://h/db", + headers = DefaultHeaders ++ [ {"aUthoriZation", "bASIC " ++ b64creds("U", "p")} ] }, |