Commit 9440958f authored by Siddharth Dungarwal's avatar Siddharth Dungarwal Committed by Peter Leitzen

Urlencode the Elasticsearch Credentials

parent a70428b3
...@@ -316,8 +316,8 @@ module EE ...@@ -316,8 +316,8 @@ module EE
elasticsearch_url.map do |url| elasticsearch_url.map do |url|
uri = URI.parse(url) uri = URI.parse(url)
uri.user = elasticsearch_username uri.user = URI.encode_www_form_component(elasticsearch_username)
uri.password = elasticsearch_password.presence || '' uri.password = URI.encode_www_form_component(elasticsearch_password)
uri.to_s uri.to_s
end end
end end
......
...@@ -374,6 +374,17 @@ RSpec.describe ApplicationSetting do ...@@ -374,6 +374,17 @@ RSpec.describe ApplicationSetting do
expect(setting.elasticsearch_url_with_credentials).to eq(%w[http://username:password@example.com https://test:test@example2.com:9200]) expect(setting.elasticsearch_url_with_credentials).to eq(%w[http://username:password@example.com https://test:test@example2.com:9200])
end end
it 'encodes the credentials' do
setting.elasticsearch_url = 'http://username:password@example.com,https://test:test@example2.com:9200'
setting.elasticsearch_username = 'foo/admin'
setting.elasticsearch_password = 'b@r'
expect(setting.elasticsearch_url_with_credentials).to eq(%w[
http://foo%2Fadmin:b%40r@example.com
https://foo%2Fadmin:b%40r@example2.com:9200
])
end
end end
describe '#elasticsearch_password' do describe '#elasticsearch_password' do
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment