Support auth credentials from URI for pull mirror validation (!158076) · Merge requests · GitLab.org / GitLab

Vasilii Iakliushin requested to merge 465311_extract_auth_credentials_before_url_validation into master Jul 02, 2024

What does this MR do and why?

Contributes to #465311

Problem

When pull mirroring is enabled for a project via the GitLab REST API and the remote repository is protected via basic auth, mirroring will fail if the provided username or password contain special characters such as @ or .

Solution

Extract auth crendentials from URL and provide them in Authorization header.

MR acceptance checklist

Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Screenshots or screen recordings

Before

curl --request PUT --header "PRIVATE-TOKEN: <token>" \
 --url "http://gdk.test:3000/api/v4/projects/285" \
 --data "mirror=true&import_url=http://johana:PasswordWithSpecialCh@racters@gdk.test:3000/gitlab-org/gitlab-test.git"

{"message":"Internal uri/invalid_uri_error error: bad URI(is not URI?): \"http://johana:PasswordWithSpecialCh@racters@gdk.test:3000/gitlab-org/gitlab-test.git/info/refs?service=git-upload-pack\""}

After

curl --request PUT --header "PRIVATE-TOKEN: <token>" \
 --url "http://gdk.test:3000/api/v4/projects/285" \
 --data "mirror=true&import_url=http://johana:PasswordWithSpecialCh@racters@gdk.test:3000/gitlab-org/gitlab-test.git"

{"id":285, ... }

# In Rails console
Project.find(285).import_data.credentials
=> {:user=>"johana", :password=>"PasswordWithSpecialCh@racters"}

How to set up and validate locally

Steps to reproduce

Support auth credentials from URI for pull mirror validation