Square brackets "]" and "[" in password crashes

[justinhoward]

Trying to authenticate with Almodovar crashes when using a password with a square bracket (and some other characters that must be escaped in URIs).

ruby --version: ruby 2.3.0p0 (2015-12-25 revision 53290) [x86_64-linux]
almodovar: 1.5.1

To reproduce:

auth = Almodovar::DigestAuth.new('realm', 'my_user', '[')
api = Almodovar::Resource('https://movida.bebanjo.net/api', auth)
puts api.platforms

/usr/lib/ruby/2.3.0/uri/generic.rb:430:in `check_password': bad component(expected user component): [ (URI::InvalidComponentError)
  from /usr/lib/ruby/2.3.0/uri/generic.rb:503:in `password='
  from ../ruby/2.3.0/gems/almodovar-1.5.1/lib/almodovar/http_client.rb:74:in `request'
  from ../ruby/2.3.0/gems/almodovar-1.5.1/lib/almodovar/http_client.rb:22:in `get'
  from ../ruby/2.3.0/gems/almodovar-1.5.1/lib/almodovar/http_accessor.rb:5:in `xml'
  from ../ruby/2.3.0/gems/almodovar-1.5.1/lib/almodovar/single_resource.rb:57:in `node'
  from ../ruby/2.3.0/gems/almodovar-1.5.1/lib/almodovar/single_resource.rb:46:in `method_missing'
  from ../ruby/2.3.0/gems/almodovar-1.5.1/lib/almodovar/resource.rb:22:in `method_missing'

It seems that URI::Generic.check_password validation rejects square brackets. For my case, simply removing the lines that set user and password on the uri object fixes the issue.

# http_client.rb:69
def request(method, uri, options = {})
  uri = URI.parse(URI.escape(URI.unescape(uri)))
  if (requires_auth?)
    domain = domain_for(uri)
    # uri.user = username
    # uri.password = password
    set_client_auth(domain)
  end

[maxcosworth]

Good catch! And thanks for the fix. We'll tackle this soon!