Commit 37f4b059 authored by Imre Farkas's avatar Imre Farkas

Merge branch...

Merge branch '285076-400-bad-request-during-authentication-due-to-password-format-length-or-special-chars' into 'master'

Resolve ""400 Bad Request" during authentication due to password format (length or special chars)"

See merge request gitlab-org/gitlab!49044
parents 74efbc94 227ec822
---
title: Add different string encoding method in rack middleware
merge_request: 49044
author:
type: fixed
...@@ -93,7 +93,8 @@ module Gitlab ...@@ -93,7 +93,8 @@ module Gitlab
# We try to encode the string from ASCII-8BIT to UTF8. If we failed to do # We try to encode the string from ASCII-8BIT to UTF8. If we failed to do
# so for certain characters in the string, those chars are probably incomplete # so for certain characters in the string, those chars are probably incomplete
# multibyte characters. # multibyte characters.
string.encode(Encoding::UTF_8).match?(NULL_BYTE_REGEX) string.dup.force_encoding(Encoding::UTF_8).match?(NULL_BYTE_REGEX)
rescue ArgumentError, Encoding::UndefinedConversionError rescue ArgumentError, Encoding::UndefinedConversionError
# If we're here, we caught a malformed string. Return true # If we're here, we caught a malformed string. Return true
true true
......
# frozen_string_literal: true # frozen_string_literal: true
require 'spec_helper' require 'spec_helper'
require "rack/test" require "rack/test"
...@@ -104,6 +103,12 @@ RSpec.describe Gitlab::Middleware::HandleMalformedStrings do ...@@ -104,6 +103,12 @@ RSpec.describe Gitlab::Middleware::HandleMalformedStrings do
expect(subject.call(env)).not_to eq error_400 expect(subject.call(env)).not_to eq error_400
end end
it 'does not reject correct encoded password with special characters' do
env = env_for.merge(auth_env("username", "RçKszEwéC5kFnû∆f243fycGu§Gh9ftDj!U", nil))
expect(subject.call(env)).not_to eq error_400
end
end end
context 'in params' do context 'in params' do
......
...@@ -280,6 +280,20 @@ RSpec.describe 'Git HTTP requests' do ...@@ -280,6 +280,20 @@ RSpec.describe 'Git HTTP requests' do
project.add_developer(user) project.add_developer(user)
end end
context 'when user is using credentials with special characters' do
context 'with password with special characters' do
before do
user.update!(password: 'RKszEwéC5kFnû∆f243fycGu§Gh9ftDj!U')
end
it 'allows clones' do
download(path, user: user.username, password: user.password) do |response|
expect(response).to have_gitlab_http_status(:ok)
end
end
end
end
context 'but the repo is disabled' do context 'but the repo is disabled' do
let(:project) { create(:project, :wiki_repo, :private, :repository_disabled, :wiki_enabled) } let(:project) { create(:project, :wiki_repo, :private, :repository_disabled, :wiki_enabled) }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment