From ab45bd487a935ae9558e814ca06b1e4e71ba554a Mon Sep 17 00:00:00 2001
From: Jeremy Kemper <jeremy@bitsweat.net>
Date: Tue, 19 Feb 2008 23:06:09 +0000
Subject: URI.decode site username/password. Closes #11169 [Ernesto Jimenez]

git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@8900 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
---
 activeresource/lib/active_resource/base.rb       | 4 ++--
 activeresource/lib/active_resource/connection.rb | 4 ++--
 activeresource/test/authorization_test.rb        | 9 +++++++++
 activeresource/test/base_test.rb                 | 7 +++++++
 4 files changed, 20 insertions(+), 4 deletions(-)

diff --git a/activeresource/lib/active_resource/base.rb b/activeresource/lib/active_resource/base.rb
index d79198f49b..4d43a800eb 100644
--- a/activeresource/lib/active_resource/base.rb
+++ b/activeresource/lib/active_resource/base.rb
@@ -204,8 +204,8 @@ module ActiveResource
           @site = nil
         else
           @site = create_site_uri_from(site)
-          @user = @site.user if @site.user
-          @password = @site.password if @site.password
+          @user = URI.decode(@site.user) if @site.user
+          @password = URI.decode(@site.password) if @site.password
         end
       end
 
diff --git a/activeresource/lib/active_resource/connection.rb b/activeresource/lib/active_resource/connection.rb
index cf4681b25b..c8cee7aaa3 100644
--- a/activeresource/lib/active_resource/connection.rb
+++ b/activeresource/lib/active_resource/connection.rb
@@ -76,8 +76,8 @@ module ActiveResource
     # Set URI for remote service.
     def site=(site)
       @site = site.is_a?(URI) ? site : URI.parse(site)
-      @user = @site.user if @site.user
-      @password = @site.password if @site.password
+      @user = URI.decode(@site.user) if @site.user
+      @password = URI.decode(@site.password) if @site.password
     end
 
     # Set user for remote service.
diff --git a/activeresource/test/authorization_test.rb b/activeresource/test/authorization_test.rb
index 05be7e3ef0..9215227620 100644
--- a/activeresource/test/authorization_test.rb
+++ b/activeresource/test/authorization_test.rb
@@ -45,6 +45,15 @@ class AuthorizationTest < Test::Unit::TestCase
     assert_equal ["", "test123"], ActiveSupport::Base64.decode64(authorization[1]).split(":")[0..1]
   end
   
+  def test_authorization_header_with_decoded_credentials_from_url
+    @conn = ActiveResource::Connection.new("http://my%40email.com:%31%32%33@localhost")
+    authorization_header = @conn.send!(:authorization_header)
+    authorization = authorization_header["Authorization"].to_s.split
+
+    assert_equal "Basic", authorization[0]
+    assert_equal ["my@email.com", "123"], ActiveSupport::Base64.decode64(authorization[1]).split(":")[0..1]
+  end
+
   def test_authorization_header_explicitly_setting_username_and_password
     @authenticated_conn = ActiveResource::Connection.new("http://@localhost")
     @authenticated_conn.user = 'david'
diff --git a/activeresource/test/base_test.rb b/activeresource/test/base_test.rb
index 5db6f9113d..c85d40f8fa 100644
--- a/activeresource/test/base_test.rb
+++ b/activeresource/test/base_test.rb
@@ -103,6 +103,13 @@ class BaseTest < Test::Unit::TestCase
     assert_nil actor.connection.password
   end
 
+  def test_credentials_from_site_are_decoded
+    actor = Class.new(ActiveResource::Base)
+    actor.site = 'http://my%40email.com:%31%32%33@cinema'
+    assert_equal("my@email.com", actor.user)
+    assert_equal("123", actor.password)
+  end
+
   def test_site_reader_uses_superclass_site_until_written
     # Superclass is Object so returns nil.
     assert_nil ActiveResource::Base.site
-- 
cgit v1.2.3