diff options
| author | Jiahui Li <54631519+jiahuili430@users.noreply.github.com> | 2021-05-04 09:39:50 -0500 |
|---|---|---|
| committer | Nick Vatamaniuc <nickva@users.noreply.github.com> | 2021-05-05 11:50:11 -0400 |
| commit | b972f126c0266c88bc492ec13e7631a70fb5c1cd (patch) | |
| tree | 03681674823d0f2c8dd5a0fe9626895742b09637 | |
| parent | 3030de040ddcd8e727d3810fa3ee42e1ff5001ad (diff) | |
| download | couchdb-b972f126c0266c88bc492ec13e7631a70fb5c1cd.tar.gz | |
Fix bug in Replicator authentication for password contains @
| -rw-r--r-- | src/couch_replicator/src/couch_replicator_auth_session.erl | 54 |
1 files changed, 53 insertions, 1 deletions
diff --git a/src/couch_replicator/src/couch_replicator_auth_session.erl b/src/couch_replicator/src/couch_replicator_auth_session.erl index 2f47fd60a..6ca30c806 100644 --- a/src/couch_replicator/src/couch_replicator_auth_session.erl +++ b/src/couch_replicator/src/couch_replicator_auth_session.erl @@ -296,7 +296,9 @@ extract_creds_from_url(Url) -> Prefix = lists:concat([Proto, "://", User, ":", Pass, "@"]), Suffix = lists:sublist(Url, length(Prefix) + 1, length(Url) + 1), NoCreds = lists:concat([Proto, "://", Suffix]), - {ok, User, Pass, NoCreds} + User1 = chttpd:unquote(User), + Pass1 = chttpd:unquote(Pass), + {ok, User1, Pass1, NoCreds} end. @@ -589,14 +591,38 @@ extract_creds_success_test_() -> {"u", "p", #httpdb{url = "http://x.y/db"}} }, { + #httpdb{url = "http://u%40:p%40@x.y/db"}, + {"u@", "p@", #httpdb{url = "http://x.y/db"}} + }, + { + #httpdb{url = "http://u%40u:p%40p@x.y/db"}, + {"u@u", "p@p", #httpdb{url = "http://x.y/db"}} + }, + { + #httpdb{url = "http://u%40%401:p%40%401@x.y/db"}, + {"u@@1", "p@@1", #httpdb{url = "http://x.y/db"}} + }, + { + #httpdb{url = "http://u%40%2540:p%40%2540@x.y/db"}, + {"u@%40", "p@%40", #httpdb{url = "http://x.y/db"}} + }, + { #httpdb{url = "http://u:p@h:80/db"}, {"u", "p", #httpdb{url = "http://h:80/db"}} }, { + #httpdb{url = "http://u%3A:p%3A@h:80/db"}, + {"u:", "p:", #httpdb{url = "http://h:80/db"}} + }, + { #httpdb{url = "https://u:p@h/db"}, {"u", "p", #httpdb{url = "https://h/db"}} }, { + #httpdb{url = "https://u%2F:p%2F@h/db"}, + {"u/", "p/", #httpdb{url = "https://h/db"}} + }, + { #httpdb{url = "http://u:p@127.0.0.1:5984/db"}, {"u", "p", #httpdb{url = "http://127.0.0.1:5984/db"}} }, @@ -609,10 +635,18 @@ extract_creds_success_test_() -> {"u", "p", #httpdb{url = "http://[2001:db8:a1b:12f9::1]:81/db"}} }, { + #httpdb{url = "http://u:p%3A%2F%5B%5D%40@[2001:db8:a1b:12f9::1]:81/db"}, + {"u", "p:/[]@", #httpdb{url = "http://[2001:db8:a1b:12f9::1]:81/db"}} + }, + { #httpdb{url = "http://u:p@x.y/db/other?query=Z&query=w"}, {"u", "p", #httpdb{url = "http://x.y/db/other?query=Z&query=w"}} }, { + #httpdb{url = "http://u:p%3F@x.y/db/other?query=Z&query=w"}, + {"u", "p?", #httpdb{url = "http://x.y/db/other?query=Z&query=w"}} + }, + { #httpdb{ url = "http://h/db", headers = DefaultHeaders ++ [ @@ -625,6 +659,24 @@ extract_creds_success_test_() -> #httpdb{ url = "http://h/db", headers = DefaultHeaders ++ [ + {"Authorization", "Basic " ++ b64creds("u", "p@")} + ] + }, + {"u", "p@", #httpdb{url = "http://h/db"}} + }, + { + #httpdb{ + url = "http://h/db", + headers = DefaultHeaders ++ [ + {"Authorization", "Basic " ++ b64creds("u", "p@%40")} + ] + }, + {"u", "p@%40", #httpdb{url = "http://h/db"}} + }, + { + #httpdb{ + url = "http://h/db", + headers = DefaultHeaders ++ [ {"aUthoriZation", "bASIC " ++ b64creds("U", "p")} ] }, |