Merge branch 'kborges/avoid-double-credential-encoding' into 'master'

Avoid double credential encoding

See merge request gitlab-org/gitlab!24514

app/models/project.rb

@@ -901,7 +901,9 @@ class Project < ApplicationRecord
     if Gitlab::UrlSanitizer.valid?(value)
       import_url = Gitlab::UrlSanitizer.new(value)
       super(import_url.sanitized_url)
-      create_or_update_import_data(credentials: import_url.credentials)
+
+      credentials = import_url.credentials.to_h.transform_values { |value| CGI.unescape(value.to_s) }
+      create_or_update_import_data(credentials: credentials)
     else
       super(value)
     end

changelogs/unreleased/avoid-double-credential-encoding-on-project-importing.yml

+---
+title: Avoid double encoding of credential while importing a Project by URL
+merge_request: 24514
+author:
+type: fixed

spec/models/project_spec.rb

@@ -1980,6 +1980,23 @@ describe Project do
 
       expect(project.reload.import_url).to eq('http://test.com')
     end
+
+    it 'saves the url credentials percent decoded' do
+      url = 'http://user:pass%21%3F%40@github.com/t.git'
+      project = build(:project, import_url: url)
+
+      # When the credentials are not decoded this expectation fails
+      expect(project.import_url).to eq(url)
+      expect(project.import_data.credentials).to eq(user: 'user', password: 'pass!?@')
+    end
+
+    it 'saves url with no credentials' do
+      url = 'http://github.com/t.git'
+      project = build(:project, import_url: url)
+
+      expect(project.import_url).to eq(url)
+      expect(project.import_data.credentials).to eq(user: nil, password: nil)
+    end
   end
 
   describe '#container_registry_url' do