File tree Expand file tree Collapse file tree 3 files changed +19
-4
lines changed Expand file tree Collapse file tree 3 files changed +19
-4
lines changed Original file line number Diff line number Diff line change @@ -109,9 +109,22 @@ function parseGitUrl (giturl) {
109109 if ( ! matched ) {
110110 var legacy = url . parse ( giturl )
111111 if ( legacy . auth ) {
112- var whatwg = new url . URL ( giturl )
113- legacy . auth = whatwg . username || ''
114- if ( whatwg . password ) legacy . auth += ':' + whatwg . password
112+ // git urls can be in the form of scp-style/ssh-connect strings, like
113+ // git+ssh://user@host.com:some/path, which the legacy url parser
114+ // supports, but WhatWG url.URL class does not. However, the legacy
115+ // parser de-urlencodes the username and password, so something like
116+ // https://user%3An%40me:p%40ss%3Aword@x.com/ becomes
117+ // https://user:n@me :p@ss:word@x.com/ which is all kinds of wrong.
118+ // Pull off just the auth and host, so we dont' get the confusing
119+ // scp-style URL, then pass that to the WhatWG parser to get the
120+ // auth properly escaped.
121+ const authmatch = giturl . match ( / [ ^ @ ] + @ [ ^ : / ] + / )
122+ /* istanbul ignore else - this should be impossible */
123+ if ( authmatch ) {
124+ var whatwg = new url . URL ( authmatch [ 0 ] )
125+ legacy . auth = whatwg . username || ''
126+ if ( whatwg . password ) legacy . auth += ':' + whatwg . password
127+ }
115128 }
116129 return legacy
117130 }
Original file line number Diff line number Diff line change 2222 "scripts" : {
2323 "prerelease" : " npm t"
2424 "postrelease" : " npm publish --tag=ancient-legacy-fixes && git push --follow-tags"
25- "pretest " : " standard"
25+ "posttest " : " standard"
2626 "release" : " standard-version -s"
2727 "test:coverage" : " tap --coverage-report=html -J --100 --no-esm test/*.js"
2828 "test" : " tap -J --100 --no-esm test/*.js"
Original file line number Diff line number Diff line change @@ -37,6 +37,8 @@ test('basic', function (t) {
3737 t . is ( HostedGit . fromUrl ( 'github.com/abc/def/' ) , undefined , 'forgot the protocol' )
3838 t . is ( HostedGit . fromUrl ( 'completely-invalid' ) , undefined , 'not a url is not hosted' )
3939
40+ t . is ( HostedGit . fromUrl ( 'git+ssh://git@git.unlucky.com:RND/electron-tools/some-tool#2.0.1' ) , undefined , 'properly ignores non-hosted scp style urls' )
41+
4042 t . is ( HostedGit . fromUrl ( 'http://github.com/foo/bar' ) . toString ( ) , 'git+ssh://git@github.com/foo/bar.git' , 'github http protocol use git+ssh urls' )
4143 t . end ( )
4244} )
You can’t perform that action at this time.
0 commit comments