Merge branch...

Merge branch '285076-400-bad-request-during-authentication-due-to-password-format-length-or-special-chars' into 'master' Resolve ""400 Bad Request" during authentication due to password format (length or special chars)" See merge request gitlab-org/gitlab!49044

Merge branch...
Merge branch '285076-400-bad-request-during-authentication-due-to-password-format-length-or-special-chars' into 'master' Resolve ""400 Bad Request" during authentication due to password format (length or special chars)" See merge request gitlab-org/gitlab!49044
37f4b059 · Imre Farkas · 74efbc94 · 227ec822 · 37f4b059 · 37f4b059
Commit 37f4b059 authored Dec 08, 2020 by Imre Farkas
4 changed files
--- a/changelogs/unreleased/285076-400-bad-request-during-authentication-due-to-password-format-lengt.yml
+++ b/changelogs/unreleased/285076-400-bad-request-during-authentication-due-to-password-format-lengt.yml
+---
+title: Add different string encoding method in rack middleware
+merge_request: 49044
+author:
+type: fixed
--- a/lib/gitlab/middleware/handle_malformed_strings.rb
+++ b/lib/gitlab/middleware/handle_malformed_strings.rb
@@ -93,7 +93,8 @@ module Gitlab
        # We try to encode the string from ASCII-8BIT to UTF8. If we failed to do
        # so for certain characters in the string, those chars are probably incomplete
        # multibyte characters.
-        string.encode(Encoding::UTF_8).match?(NULL_BYTE_REGEX)
+        string.dup.force_encoding(Encoding::UTF_8).match?(NULL_BYTE_REGEX)
+
      rescue ArgumentError, Encoding::UndefinedConversionError
        # If we're here, we caught a malformed string. Return true
        true

--- a/spec/lib/gitlab/middleware/handle_malformed_strings_spec.rb
+++ b/spec/lib/gitlab/middleware/handle_malformed_strings_spec.rb
 # frozen_string_literal: true
-
 require 'spec_helper'
 require "rack/test"

@@ -104,6 +103,12 @@ RSpec.describe Gitlab::Middleware::HandleMalformedStrings do

      expect(subject.call(env)).not_to eq error_400
    end
+
+    it 'does not reject correct encoded password with special characters' do
+      env = env_for.merge(auth_env("username", "RçKszEwéC5kFnû∆f243fycGu§Gh9ftDj!U", nil))
+
+      expect(subject.call(env)).not_to eq error_400
+    end
  end

  context 'in params' do

--- a/spec/requests/git_http_spec.rb
+++ b/spec/requests/git_http_spec.rb
@@ -280,6 +280,20 @@ RSpec.describe 'Git HTTP requests' do
              project.add_developer(user)
            end

+            context 'when user is using credentials with special characters' do
+              context 'with password with special characters' do
+                before do
+                  user.update!(password: 'RKszEwéC5kFnû∆f243fycGu§Gh9ftDj!U')
+                end
+
+                it 'allows clones' do
+                  download(path, user: user.username, password: user.password) do |response|
+                    expect(response).to have_gitlab_http_status(:ok)
+                  end
+                end
+              end
+            end
+
            context 'but the repo is disabled' do
              let(:project) { create(:project, :wiki_repo, :private, :repository_disabled, :wiki_enabled) }