Decode and document URL-encoded passwords

clue · clue · commit 0b5afb280afe · 2017-09-19T09:51:39.000+02:00
diff --git a/README.md b/README.md
@@ -134,12 +134,13 @@ $factory->createClient('redis://localhost:6379');
 
 Redis supports password-based authentication (`AUTH` command). Note that Redis'
 authentication mechanism does not employ a username, so you can pass the
-password "secret" as part of the URI like this:
+password `h@llo` URL-encoded (percent-encoded) as part of the URI like this:
 
 ```php
-// both forms are equivalent
-$factory->createClient('redis://ignored:secret@localhost');
-$factory->createClient('redis://localhost?password=secret');
+// all forms are equivalent
+$factory->createClient('redis://:h%40llo@localhost');
+$factory->createClient('redis://ignored:h%40llo@localhost');
+$factory->createClient('redis://localhost?password=h%40llo');
 ```
 
 > Legacy notice: The `redis://` scheme is defined and preferred as of `v1.2.0`.
diff --git a/src/Factory.php b/src/Factory.php
@@ -123,10 +123,10 @@ private function parseUrl($target)
 
         $auth = null;
         if (isset($parts['user']) && $parts['scheme'] === 'tcp') {
-            $auth = $parts['user'];
+            $auth = rawurldecode($parts['user']);
         }
         if (isset($parts['pass'])) {
-            $auth .= ($parts['scheme'] === 'tcp' ? ':' : '') . $parts['pass'];
+            $auth .= ($parts['scheme'] === 'tcp' ? ':' : '') . rawurldecode($parts['pass']);
         }
         if ($auth !== null) {
             $parts['auth'] = $auth;
diff --git a/tests/FactoryTest.php b/tests/FactoryTest.php
@@ -86,6 +86,15 @@ public function testWillWriteAuthCommandIfRedisUriContainsUserInfo()
         $this->factory->createClient('redis://hello:world@example.com');
     }
 
+    public function testWillWriteAuthCommandIfRedisUriContainsEncodedUserInfo()
+    {
+        $stream = $this->getMockBuilder('React\Socket\ConnectionInterface')->getMock();
+        $stream->expects($this->once())->method('write')->with("*2\r\n$4\r\nauth\r\n$5\r\nh@llo\r\n");
+
+        $this->connector->expects($this->once())->method('connect')->with('example.com:6379')->willReturn(Promise\resolve($stream));
+        $this->factory->createClient('redis://:h%40llo@example.com');
+    }
+
     public function testWillWriteAuthCommandIfTargetContainsPasswordQueryParameter()
     {
         $stream = $this->getMockBuilder('React\Socket\ConnectionInterface')->getMock();
@@ -95,6 +104,15 @@ public function testWillWriteAuthCommandIfTargetContainsPasswordQueryParameter()
         $this->factory->createClient('redis://example.com?password=secret');
     }
 
+    public function testWillWriteAuthCommandIfTargetContainsEncodedPasswordQueryParameter()
+    {
+        $stream = $this->getMockBuilder('React\Socket\ConnectionInterface')->getMock();
+        $stream->expects($this->once())->method('write')->with("*2\r\n$4\r\nauth\r\n$5\r\nh@llo\r\n");
+
+        $this->connector->expects($this->once())->method('connect')->with('example.com:6379')->willReturn(Promise\resolve($stream));
+        $this->factory->createClient('redis://example.com?password=h%40llo');
+    }
+
     public function testWillWriteAuthCommandIfRedissUriContainsUserInfo()
     {
         $stream = $this->getMockBuilder('React\Socket\ConnectionInterface')->getMock();

Original file line number	Diff line number	Diff line change
`@@ -123,10 +123,10 @@ private function parseUrl($target)`
`123`	`123`
`124`	`124`	`$auth = null;`
`125`	`125`	`if (isset($parts['user']) && $parts['scheme'] === 'tcp') {`
`126`		`- $auth = $parts['user'];`
	`126`	`+ $auth = rawurldecode($parts['user']);`
`127`	`127`	`}`
`128`	`128`	`if (isset($parts['pass'])) {`
`129`		`- $auth .= ($parts['scheme'] === 'tcp' ? ':' : '') . $parts['pass'];`
	`129`	`+ $auth .= ($parts['scheme'] === 'tcp' ? ':' : '') . rawurldecode($parts['pass']);`
`130`	`130`	`}`
`131`	`131`	`if ($auth !== null) {`
`132`	`132`	`$parts['auth'] = $auth;`