From b768ece2c0ecd235c418fe910b84ff88f69860d6 Mon Sep 17 00:00:00 2001
From: "James E. Blair" <jeblair@redhat.com>
Date: Fri, 11 Oct 2019 08:51:17 -0700
Subject: [PATCH] URL quote username/password in gerrit

When constructing a git url for a project, urlquote the username
and password component, taking particular care to escape '/' which
is not quoted by default in urllib.parse.quote (it is the only
'safe' character by default, but it's not safe here).

Change-Id: Ia7515acc63e7258e327948bfa621cccd60491baa
---
 tests/unit/test_gerrit.py              | 17 +++++++++++++++++
 zuul/driver/gerrit/gerritconnection.py |  7 ++++++-
 2 files changed, 23 insertions(+), 1 deletion(-)

diff --git a/tests/unit/test_gerrit.py b/tests/unit/test_gerrit.py
index af8e1cc3d4..2230d63271 100644
--- a/tests/unit/test_gerrit.py
+++ b/tests/unit/test_gerrit.py
@@ -109,6 +109,23 @@ class TestGerrit(BaseTestCase):
                 GerritConnection._checkRefFormat(ref),
                 ref + ' shall be ' + ('accepted' if accepted else 'rejected'))
 
+    def test_getGitURL(self):
+        gerrit_config = {
+            'user': 'gerrit',
+            'server': 'localhost',
+            'password': '1/badpassword',
+        }
+        # The 1/ in the password ensures we test the url encoding
+        # path; this is the format of password we get from
+        # googlesource.com.
+        driver = GerritDriver()
+        gerrit = GerritConnection(driver, 'review_gerrit', gerrit_config)
+        project = gerrit.source.getProject('org/project')
+        url = gerrit.source.getGitUrl(project)
+        self.assertEqual(
+            'https://gerrit:1%2Fbadpassword@localhost/org/project',
+            url)
+
 
 class TestGerritWeb(ZuulTestCase):
     config_file = 'zuul-gerrit-web.conf'
diff --git a/zuul/driver/gerrit/gerritconnection.py b/zuul/driver/gerrit/gerritconnection.py
index 2350efb965..03e948a611 100644
--- a/zuul/driver/gerrit/gerritconnection.py
+++ b/zuul/driver/gerrit/gerritconnection.py
@@ -1296,7 +1296,12 @@ class GerritConnection(BaseConnection):
     def getGitUrl(self, project: Project) -> str:
         if self.session:
             baseurl = list(urllib.parse.urlparse(self.baseurl))
-            baseurl[1] = '%s:%s@%s' % (self.user, self.password, baseurl[1])
+            # Make sure we escape '/' symbols, otherwise git's url
+            # parser will think the username is a hostname.
+            baseurl[1] = '%s:%s@%s' % (
+                urllib.parse.quote(self.user, safe=''),
+                urllib.parse.quote(self.password, safe=''),
+                baseurl[1])
             baseurl = urllib.parse.urlunparse(baseurl)
             url = ('%s/%s' % (baseurl, project.name))
         else: