From 09c8b8a12a125e2de65aa667ba3cffa7039d73f1 Mon Sep 17 00:00:00 2001
From: Michael Mayr <mayr_michael@gmx.at>
Date: Wed, 1 Apr 2020 11:02:52 +0200
Subject: [PATCH] Handle url-encoded proxy user and password

---
 .../util/cache/download_cache.rb              |  7 ++--
 .../util/cache/download_cache_spec.rb         | 32 +++++++++++++++++++
 2 files changed, 37 insertions(+), 2 deletions(-)

diff --git a/lib/java_buildpack/util/cache/download_cache.rb b/lib/java_buildpack/util/cache/download_cache.rb
index a961097bc0..81faffd7df 100644
--- a/lib/java_buildpack/util/cache/download_cache.rb
+++ b/lib/java_buildpack/util/cache/download_cache.rb
@@ -314,8 +314,11 @@ def proxy(uri)
                         URI.parse(ENV['http_proxy'] || ENV['HTTP_PROXY'] || '')
                       end
 
-          @logger.debug { "Proxy: #{proxy_uri.host}, #{proxy_uri.port}, #{proxy_uri.user}, #{proxy_uri.password}" }
-          Net::HTTP::Proxy(proxy_uri.host, proxy_uri.port, proxy_uri.user, proxy_uri.password)
+          proxy_user = proxy_uri.user ? URI.decode_www_form_component(proxy_uri.user) : nil
+          proxy_pass = proxy_uri.password ? URI.decode_www_form_component(proxy_uri.password) : nil
+
+          @logger.debug { "Proxy: #{proxy_uri.host}, #{proxy_uri.port}, #{proxy_user}, #{proxy_pass}" }
+          Net::HTTP::Proxy(proxy_uri.host, proxy_uri.port, proxy_user, proxy_pass)
         end
 
         def redirect?(response)
diff --git a/spec/java_buildpack/util/cache/download_cache_spec.rb b/spec/java_buildpack/util/cache/download_cache_spec.rb
index 52ee0c3975..9a8c352e05 100644
--- a/spec/java_buildpack/util/cache/download_cache_spec.rb
+++ b/spec/java_buildpack/util/cache/download_cache_spec.rb
@@ -223,6 +223,22 @@
 
   end
 
+  context do
+
+    let(:environment) { { 'HTTP_PROXY' => 'http://user%21:pass%40@proxy:9000', 'http_proxy' => nil } }
+
+    it 'decodes user/pass from HTTP_PROXY if encoded' do
+      stub_request(:get, uri)
+        .to_return(status: 200, body: 'foo-cached', headers: { Etag: 'foo-etag',
+                                                               'Last-Modified' => 'foo-last-modified' })
+
+      allow(Net::HTTP).to receive(:Proxy).with('proxy', 9000, /user!/, /pass@/).and_call_original
+
+      download_cache.get(uri) {}
+    end
+
+  end
+
   context do
 
     let(:environment) { { 'https_proxy' => 'http://proxy:9000', 'HTTPS_PROXY' => nil } }
@@ -257,6 +273,22 @@
 
   end
 
+  context do
+
+    let(:environment) { { 'HTTPS_PROXY' => 'http://user%21:pass%40@proxy:9000', 'https_proxy' => nil } }
+
+    it 'decodes user/pass from HTTPS_PROXY if encoded' do
+      stub_request(:get, uri_secure)
+        .to_return(status: 200, body: 'foo-cached', headers: { Etag: 'foo-etag',
+                                                               'Last-Modified' => 'foo-last-modified' })
+
+      allow(Net::HTTP).to receive(:Proxy).with('proxy', 9000, /user!/, /pass@/).and_call_original
+
+      download_cache.get(uri_secure) {}
+    end
+
+  end
+
   context do
     let(:environment) { { 'NO_PROXY' => '127.0.0.1,localhost,foo-uri,.foo-uri', 'HTTPS_PROXY' => 'http://proxy:9000' } }