fix URL parsing with paths that look like basic auth

featurist · May 3, 2019 · 4557ad1 · 4557ad1
1 parent 1354f3e
commit 4557ad1
Show file tree

Hide file tree

Showing 4 changed files with 84 additions and 8 deletions.
diff --git a/middleware/prepareForLogging.js b/middleware/prepareForLogging.js
@@ -14,8 +14,14 @@ module.exports = function prepareForLogging (r) {
 function obfuscateHeaders (headers) {
   var result = {}
   Object.keys(headers).forEach(function (key) {
-    if (key === 'authorization') {
-      result[key] = String(headers[key]).split(' ')[0] + ' ********'
+    if (key.toLowerCase() === 'authorization') {
+      var auth = headers[key].split(/\s*/g)
+
+      if (auth.length > 1) {
+        result[key] = String(headers[key]).split(' ')[0] + ' ********'
+      } else {
+        result[key] = '********'
+      }
     } else {
       result[key] = headers[key]
     }

diff --git a/parseUri.js b/parseUri.js
@@ -1,8 +1,7 @@
 // from https://gist.github.com/Yaffle/1088850
 
 module.exports = function parseURI (url) {
-  var m = String(url).replace(/^\s+|\s+$/g, '').match(/^([^:/?#]+:)?(\/\/(?:([^:@]*(?::[^:@]*)?)@)?(([^:/?#]*)(?::(\d*))?))?([^?#]*)(\?[^#]*)?(#[\s\S]*)?/)
-  // authority = '//' + user + ':' + pass '@' + hostname + ':' port
+  var m = String(url).replace(/^\s+|\s+$/g, '').match(/^([^:/?#]+:)?(\/\/(?:([^:@/]*(?::[^:@/]*)?)@)?(([^:/?#]*)(?::(\d*))?))?([^?#]*)(\?[^#]*)?(#[\s\S]*)?/)
   return (m ? {
     href: m[0] || '',
     protocol: m[1] || '',

diff --git a/test/httpismSpec.js b/test/httpismSpec.js
@@ -389,7 +389,7 @@ describe('httpism', function () {
             })
           })
 
-          var client = httpism.client('/', { headers: { x: '123' } }).client('/', { headers: { y: '456' } })
+          var client = httpism.client({ headers: { x: '123' } }).client({ headers: { y: '456' } })
 
           return client.get(baseurl).then(function (body) {
             expect(body).to.eql({
@@ -408,8 +408,8 @@ describe('httpism', function () {
           })
 
           var client = httpism
-            .client('/', { params: { x: 'original x', y: 'original y' } })
-            .client('/', { params: { y: 'new y' } })
+            .client({ params: { x: 'original x', y: 'original y' } })
+            .client({ params: { y: 'new y' } })
 
           return client.get(baseurl).then(function (body) {
             expect(body).to.eql({
@@ -428,7 +428,7 @@ describe('httpism', function () {
           })
 
           var client = httpism
-            .client('/', { params: { x: 'original x', y: 'original y' } })
+            .client({ params: { x: 'original x', y: 'original y' } })
 
           return client.get(baseurl, { params: { y: 'new y' } }).then(function (body) {
             expect(body).to.eql({

diff --git a/test/parseUriSpec.js b/test/parseUriSpec.js
@@ -0,0 +1,71 @@
+/* eslint-env mocha */
+
+var parseUri = require('../parseUri')
+var chai = require('chai')
+var expect = chai.expect
+
+describe('parseUri', function () {
+  function assertURL (url, object) {
+    expect(parseUri(url)).to.eql(object)
+  }
+
+  it('can parse a URL', function () {
+    assertURL('http://localhost:1234/', {
+      auth: '',
+      authority: '//localhost:1234',
+      hash: '',
+      host: 'localhost:1234',
+      hostname: 'localhost',
+      href: 'http://localhost:1234/',
+      pathname: '/',
+      port: '1234',
+      protocol: 'http:',
+      search: ''
+    })
+  })
+
+  it('can parse a URL with path and query', function () {
+    assertURL('http://localhost:1234/a/path?a=A&b=B', {
+      auth: '',
+      authority: '//localhost:1234',
+      hash: '',
+      host: 'localhost:1234',
+      hostname: 'localhost',
+      href: 'http://localhost:1234/a/path?a=A&b=B',
+      pathname: '/a/path',
+      port: '1234',
+      protocol: 'http:',
+      search: '?a=A&b=B'
+    })
+  })
+
+  it('can parse a URL with username and password', function () {
+    assertURL('http://user%20name:pass%20word@localhost:1234/a/path?a=A&b=B', {
+      auth: 'user name:pass word',
+      authority: '//user%20name:pass%20word@localhost:1234',
+      hash: '',
+      host: 'localhost:1234',
+      hostname: 'localhost',
+      href: 'http://user%20name:pass%20word@localhost:1234/a/path?a=A&b=B',
+      pathname: '/a/path',
+      port: '1234',
+      protocol: 'http:',
+      search: '?a=A&b=B'
+    })
+  })
+
+  it('can parse a URL with @ and : in the path', function () {
+    assertURL('http://localhost:1234/a/path@with:isnotauth?a=A&b=B', {
+      auth: '',
+      authority: '//localhost:1234',
+      hash: '',
+      host: 'localhost:1234',
+      hostname: 'localhost',
+      href: 'http://localhost:1234/a/path@with:isnotauth?a=A&b=B',
+      pathname: '/a/path@with:isnotauth',
+      port: '1234',
+      protocol: 'http:',
+      search: '?a=A&b=B'
+    })
+  })
+})