From b46d5b13ecb8e0c0793fa433bff7f49cb0612760 Mon Sep 17 00:00:00 2001
From: Nick Thomas <nick@gitlab.com>
Date: Fri, 8 Sep 2017 15:48:10 +0100
Subject: Backport more EE changes to Gitlab::UrlSanitizer

---
 lib/gitlab/url_sanitizer.rb           | 25 +++++++++++++++++++++----
 spec/lib/gitlab/url_sanitizer_spec.rb |  9 +++++++++
 2 files changed, 30 insertions(+), 4 deletions(-)

diff --git a/lib/gitlab/url_sanitizer.rb b/lib/gitlab/url_sanitizer.rb
index 703adae12cb..4e1ec1402ea 100644
--- a/lib/gitlab/url_sanitizer.rb
+++ b/lib/gitlab/url_sanitizer.rb
@@ -19,13 +19,12 @@ module Gitlab
     end
 
     def initialize(url, credentials: nil)
-      @url = Addressable::URI.parse(url.to_s.strip)
-
       %i[user password].each do |symbol|
         credentials[symbol] = credentials[symbol].presence if credentials&.key?(symbol)
       end
 
       @credentials = credentials
+      @url = parse_url(url)
     end
 
     def sanitized_url
@@ -49,12 +48,30 @@ module Gitlab
 
     private
 
+    def parse_url(url)
+      url             = url.to_s.strip
+      match           = url.match(%r{\A(?:git|ssh|http(?:s?))\://(?:(.+)(?:@))?(.+)})
+      raw_credentials = match[1] if match
+
+      if raw_credentials.present?
+        url.sub!("#{raw_credentials}@", '')
+
+        user, password = raw_credentials.split(':')
+        @credentials ||= { user: user.presence, password: password.presence }
+      end
+
+      url = Addressable::URI.parse(url)
+      url.password = password if password.present?
+      url.user = user if user.present?
+      url
+    end
+
     def generate_full_url
       return @url unless valid_credentials?
       @full_url = @url.dup
 
-      @full_url.password = credentials[:password]
-      @full_url.user = credentials[:user]
+      @full_url.password = credentials[:password] if credentials[:password].present?
+      @full_url.user = credentials[:user] if credentials[:user].present?
 
       @full_url
     end
diff --git a/spec/lib/gitlab/url_sanitizer_spec.rb b/spec/lib/gitlab/url_sanitizer_spec.rb
index fdc3990132a..59c28431e1e 100644
--- a/spec/lib/gitlab/url_sanitizer_spec.rb
+++ b/spec/lib/gitlab/url_sanitizer_spec.rb
@@ -174,4 +174,13 @@ describe Gitlab::UrlSanitizer do
       end
     end
   end
+
+  context 'when credentials contains special chars' do
+    it 'should parse the URL without errors' do
+      url_sanitizer = described_class.new("https://foo:b?r@github.com/me/project.git")
+
+      expect(url_sanitizer.sanitized_url).to eq("https://github.com/me/project.git")
+      expect(url_sanitizer.full_url).to eq("https://foo:b?r@github.com/me/project.git")
+    end
+  end
 end
-- 
cgit v1.2.1