Permalink
Browse files

correctly url encode special chars in usernames and passwords when au…

…thenticating
  • Loading branch information...
1 parent 031a22a commit 0aee77bcf0fad54ac1a2f81eabb75d81c79cfc83 @gregormelhorn gregormelhorn committed Feb 8, 2012
Showing with 4 additions and 4 deletions.
  1. +1 −1 lib/databasedotcom/client.rb
  2. +3 −3 spec/lib/client_spec.rb
@@ -105,7 +105,7 @@ def authenticate(options = nil)
req = https_request(self.host)
user = self.username || options[:username]
pass = self.password || options[:password]
- path = "/services/oauth2/token?grant_type=password&client_id=#{self.client_id}&client_secret=#{client_secret}&username=#{user}&password=#{pass}"
+ path = "/services/oauth2/token?grant_type=password&client_id=#{self.client_id}&client_secret=#{client_secret}&username=#{CGI::escape(user)}&password=#{CGI::escape(pass)}"
log_request("https://#{self.host}/#{path}")
result = req.post(path, "")
log_response(result)
View
@@ -180,13 +180,13 @@
context "with a username and password" do
it "requests autonomous client authentication" do
response_body = File.read(File.join(File.dirname(__FILE__), '..', "fixtures/auth_success_response.json"))
- stub_request(:post, "https://bro.baz/services/oauth2/token?grant_type=password&client_id=client_id&client_secret=client_secret&username=username&password=password").to_return(:body => response_body, :status => 200)
+ stub_request(:post, "https://bro.baz/services/oauth2/token?grant_type=password&client_id=client_id&client_secret=client_secret&username=username%2Bspecial&password=password%2Bspecial").to_return(:body => response_body, :status => 200)
lambda {
- @client.authenticate(:username => "username", :password => "password")
+ @client.authenticate(:username => "username+special", :password => "password+special")
}.should_not raise_error
- WebMock.should have_requested(:post, "https://bro.baz/services/oauth2/token?grant_type=password&client_id=client_id&client_secret=client_secret&username=username&password=password")
+ WebMock.should have_requested(:post, "https://bro.baz/services/oauth2/token?grant_type=password&client_id=client_id&client_secret=client_secret&username=username%2Bspecial&password=password%2Bspecial")
end
context "with a success response" do

0 comments on commit 0aee77b

Please sign in to comment.