do not validate against http+usernames after all

2026-06-13 18:10:59 +00:00 · 2023-01-09 17:24:40 -05:00
parent 240282fc6f
commit 1a201ab913
2 changed files with 30 additions and 22 deletions
--- a/api/internal/git/repospec.go
+++ b/api/internal/git/repospec.go
@@ -298,18 +298,8 @@ func validateUsernameAndScheme(username, scheme string, acceptSCPStyle bool) err
 		if !acceptSCPStyle {
 			return fmt.Errorf("no username or scheme found")
 		}
-	case "ssh://":
-		// usernames are optional for ssh protocol
-		return nil
-	case "file://":
-		// everything following the scheme in the file protocol is a path on the local filesystem,
-		// which may contain arbitrary characters (theoretically including `@`, which we'd mistake for a username)
-		return nil
-	case "https://", "http://":
-		// usernames are not supported by the http protocol
-		if username != "" {
-			return fmt.Errorf("username %q specified, but %s does not support usernames", username, scheme)
-		}
+	case "ssh://", "file://", "https://", "http://":
+		// These are all supported schemes
 	default:
 		// At time of writing, we should never end up here because we do not parse out
 		// unsupported schemes to begin with.
--- a/api/internal/git/repospec_test.go
+++ b/api/internal/git/repospec_test.go
@@ -120,14 +120,6 @@ func TestNewRepoSpecFromUrlErrors(t *testing.T) {
 			"gh:org/repo",
 			"url lacks repoPath",
 		},
-		"username unsupported with http": {
-			"http://git@foo.com/path/to/repo",
-			"url lacks host",
-		},
-		"username unsupported with https": {
-			"https://git@foo.com/path/to/repo",
-			"url lacks host",
-		},
 	}

 	for name, testCase := range badData {
@@ -522,7 +514,33 @@ func TestNewRepoSpecFromUrl_Smoke(t *testing.T) {
 			},
 		},
 		{
-			name:      "unsupported protocol after username (invalid and will be rejected by git)",
+			name:      "username with http protocol (invalid but currently passed through to git)",
+			input:     "http://git@home.com/path/to/repository.git//path?ref=branch",
+			cloneSpec: "http://git@home.com/path/to/repository.git",
+			absPath:   notCloned.Join("path"),
+			repoSpec: RepoSpec{
+				Host:         "http://git@home.com/",
+				RepoPath:     "path/to/repository",
+				KustRootPath: "/path",
+				Ref:          "branch",
+				GitSuffix:    ".git",
+			},
+		},
+		{
+			name:      "username with https protocol (invalid but currently passed through to git)",
+			input:     "https://git@home.com/path/to/repository.git//path?ref=branch",
+			cloneSpec: "https://git@home.com/path/to/repository.git",
+			absPath:   notCloned.Join("path"),
+			repoSpec: RepoSpec{
+				Host:         "https://git@home.com/",
+				RepoPath:     "path/to/repository",
+				KustRootPath: "/path",
+				Ref:          "branch",
+				GitSuffix:    ".git",
+			},
+		},
+		{
+			name:      "unsupported protocol after username (invalid but currently passed through to git)",
 			input:     "git@scp://github.com/org/repo.git//path",
 			cloneSpec: "git@scp://github.com/org/repo.git",
 			absPath:   notCloned.Join("path"),
@@ -534,7 +552,7 @@ func TestNewRepoSpecFromUrl_Smoke(t *testing.T) {
 			},
 		},
 		{
-			name:      "supported protocol after username (invalid and will be rejected by git)",
+			name:      "supported protocol after username (invalid but currently passed through to git)",
 			input:     "git@ssh://github.com/org/repo.git//path",
 			cloneSpec: "git@ssh://github.com/org/repo.git",
 			absPath:   notCloned.Join("path"),