cURL escape authenticators (fixes #89)

timhall · timhall · commit 75315bf49e9e · 2015-02-03T20:11:05.000-05:00
diff --git a/authenticators/DigestAuthenticator.cls b/authenticators/DigestAuthenticator.cls
@@ -122,7 +122,7 @@ End Sub
 ''
 Private Sub IWebAuthenticator_PrepareCurl(ByVal Client As WebClient, ByVal Request As WebRequest, ByRef Curl As String)
     ' http://curl.haxx.se/docs/manpage.html#--digest
-    Curl = Curl & " --digest --user " & Me.Username & ":" & Me.Password
+    Curl = Curl & " --digest --user " & WebHelpers.PrepareTextForShell(Me.Username) & ":" & WebHelpers.PrepareTextForShell(Me.Password)
 End Sub
 
 ''
diff --git a/authenticators/HttpBasicAuthenticator.cls b/authenticators/HttpBasicAuthenticator.cls
@@ -91,6 +91,6 @@ End Sub
 ''
 Private Sub IWebAuthenticator_PrepareCurl(ByVal Client As WebClient, ByVal Request As WebRequest, ByRef Curl As String)
     ' e.g. Add flags to cURL
-    Curl = Curl & " --basic --user " & Me.Username & ":" & Me.Password
+    Curl = Curl & " --basic --user " & WebHelpers.PrepareTextForShell(Me.Username) & ":" & WebHelpers.PrepareTextForShell(Me.Password)
 End Sub
 
diff --git a/specs/Specs_HttpBasicAuthenticator.bas b/specs/Specs_HttpBasicAuthenticator.bas
@@ -25,6 +25,7 @@ Public Function Specs() As SpecSuite
         Request.AddUrlSegment "user", "Tim"
         Request.AddUrlSegment "password", "Secret123"
         
+        Set Client.Authenticator = Nothing
         Set Response = Client.Execute(Request)
         .Expect(Response.StatusCode).ToEqual WebStatusCode.Unauthorized
         
@@ -36,6 +37,24 @@ Public Function Specs() As SpecSuite
         .Expect(Response.Data("authenticated")).ToEqual True
     End With
     
+    With Specs.It("should properly escape username and password")
+        Set Request = New WebRequest
+        Request.Resource = "basic-auth/{user}/{password}"
+        Request.AddUrlSegment "user", "Tim\`$""!"
+        Request.AddUrlSegment "password", "Secret123\`$""!"
+        
+        Set Client.Authenticator = Nothing
+        Set Response = Client.Execute(Request)
+        .Expect(Response.StatusCode).ToEqual WebStatusCode.Unauthorized
+        
+        Auth.Setup "Tim\`$""!", "Secret123\`$""!"
+        Set Client.Authenticator = Auth
+        
+        Set Response = Client.Execute(Request)
+        .Expect(Response.StatusCode).ToEqual 200
+        .Expect(Response.Data("authenticated")).ToEqual True
+    End With
+    
     InlineRunner.RunSuite Specs
 End Function
 
diff --git a/specs/Specs_WebHelpers.bas b/specs/Specs_WebHelpers.bas
@@ -399,8 +399,7 @@ Public Function Specs() As SpecSuite
     ' ============================================= '
     ' 7. Mac
     ' ============================================= '
-
-#If Mac Then
+    
     ' ExecuteInShell
     
     ' PrepareTextForShell
@@ -410,7 +409,6 @@ Public Function Specs() As SpecSuite
         .Expect(WebHelpers.PrepareTextForShell("!abc!123!")).ToEqual "'!'""abc""'!'""123""'!'"
         .Expect(WebHelpers.PrepareTextForShell("`!$\""%")).ToEqual """\`""'!'""\$\\\""\%"""
     End With
-#End If
     
     ' ============================================= '
     ' 8. Cryptography
diff --git a/src/WebHelpers.bas b/src/WebHelpers.bas
@@ -1414,7 +1414,6 @@ End Sub
 ' ============================================= '
 ' 7. Mac
 ' ============================================= '
-#If Mac Then
 
 ''
 ' Execute the given command
@@ -1425,6 +1424,7 @@ End Sub
 ' @return {ShellResult}
 ''
 Public Function ExecuteInShell(web_Command As String) As ShellResult
+#If Mac Then
     Dim web_File As Long
     Dim web_Chunk As String
     Dim web_Read As Long
@@ -1450,6 +1450,7 @@ Public Function ExecuteInShell(web_Command As String) As ShellResult
 web_Cleanup:
 
     ExecuteInShell.ExitCode = web_pclose(web_File)
+#End If
 End Function
 
 ''
@@ -1488,8 +1489,6 @@ Public Function PrepareTextForShell(ByVal web_Text As String) As String
     PrepareTextForShell = web_Text
 End Function
 
-#End If
-
 ' ============================================= '
 ' 8. Cryptography
 ' ============================================= '
