Download as
Browse Code »

Commit dbd9d8d4c3c6a27ebf8add4fc20e790b94ca56a6

Authored by Dmitry Medvinsky
1 parent 292dffc2
Exists in master and in 4 other branches 6-8-stable, 7-0-stable, 7-0-stable-spb, spb-stable

Fix WebHook and special symbols in credentials 

When using web hook with credentials secured web resource, one needs to
put the credentials in the hook URL.

If the credentials contain special symbols (e.g. @ or #), it should be
URL-quoted (e.g. %40 instead of @).

But when Gitlab is making a request, it should unquote the symbols
before base64-encoding them.
Showing 1 changed file with 5 additions and 1 deletions   Show diff stats
app/models/web_hook.rb
  Diff comments   View file @dbd9d8d
... ... @@ -28,10 +28,14 @@ class WebHook < ActiveRecord::Base
28 28 WebHook.post(url, body: data.to_json, headers: { "Content-Type" => "application/json" })
29 29 else
30 30 post_url = url.gsub("#{parsed_url.userinfo}@", "")
  31 + auth = {
  32 + username: URI.decode(parsed_url.user),
  33 + password: URI.decode(parsed_url.password),
  34 + }
31 35 WebHook.post(post_url,
32 36 body: data.to_json,
33 37 headers: {"Content-Type" => "application/json"},
34   - basic_auth: {username: parsed_url.user, password: parsed_url.password})
  38 + basic_auth: auth)
35 39 end
36 40 end
37 41  
... ...