417 fix credential special character encoding (#419)

IBM · Dec 1, 2021 · 232090e · 232090e
1 parent 9bf642d
commit 232090e
Show file tree

Hide file tree

Showing 4 changed files with 37 additions and 3 deletions.
diff --git a/.secrets.baseline b/.secrets.baseline
@@ -3,7 +3,7 @@
     "files": "package-lock.json|test/fixtures|^.secrets.baseline$",
     "lines": null
   },
-  "generated_at": "2021-12-01T09:41:51Z",
+  "generated_at": "2021-12-01T16:14:03Z",
   "plugins_used": [
     {
       "name": "AWSKeyDetector"
@@ -211,6 +211,16 @@
         "type": "Basic Auth Credentials",
         "verified_result": null
       }
+    ],
+    "test/request.js": [
+      {
+        "hashed_secret": "41a269ae4f24dab3ddf96b401f1ada5dfdfc5f08",
+        "is_secret": false,
+        "is_verified": false,
+        "line_number": 226,
+        "type": "Secret Keyword",
+        "verified_result": null
+      }
     ]
   },
   "version": "0.13.1+ibm.46.dss",

diff --git a/CHANGES.md b/CHANGES.md
@@ -1,3 +1,6 @@
+# Unreleased
+- [FIXED] Regression from version 2.7 resulting in incorrect handling of percent-encoded credentials in the URL user-info.
+
 # 2.8.0 (2021-11-25)
 - [FIXED] Corrected `user-agent` header on requests.
 - [FIXED] Restore of shallow backups created with versions <=2.4.2.

diff --git a/includes/request.js b/includes/request.js
@@ -122,8 +122,8 @@ module.exports = {
       authenticator = new IamAuthenticator(iamAuthOpts);
     } else if (url.username) {
       authenticator = new CouchdbSessionAuthenticator({
-        username: url.username,
-        password: url.password
+        username: decodeURIComponent(url.username),
+        password: decodeURIComponent(url.password)
       });
     } else {
       authenticator = new NoAuthAuthenticator();

diff --git a/test/request.js b/test/request.js
@@ -220,4 +220,25 @@ describe('#unit Check request response error callback', function() {
       done(err);
     });
   });
+  describe('#unit Check credentials', function() {
+    it('should properly decode username and password', function(done) {
+      const username = 'user%123';
+      const password = 'colon:at@321';
+      const url = `http://${encodeURIComponent(username)}:${encodeURIComponent(password)}@localhost:7777/testdb`;
+      const sessionUrl = 'http://localhost:7777';
+      const couch = nock(sessionUrl)
+        .post('/_session', { username: username, password: password })
+        .reply(200, { ok: true }, { 'Set-Cookie': 'AuthSession=ABC123DEF4356;' })
+        .get('/')
+        .reply(200);
+      const db = request.client(url, { parallelism: 1 });
+      db.service.getServerInformation().then(response => {
+        assert.ok(response);
+        assert.ok(couch.isDone());
+        done();
+      }).catch(err => {
+        done(err);
+      });
+    });
+  });
 });