If a user uses a password with certain characters (e.g. /, #, +, etc.)
UrlSanitizer#full_url will generate an invalid URL that cannot be
parsed properly by Addressable::URI. If used with UrlBlocker, this
will be flagged as an invalid URI.
Before b46d5b13ec, we relied on
`Addressable::URI` to parse the username/password in a URL, but this failed
when credentials contained special characters. However, this introduced a regression
where the parsing would incorrectly truncate the password if the password had a colon.
Closes#49080
New Gitlab::UrlSanitizer.http_credentials_for_user method responsible
for generating a credentials hash from a user.
Signed-off-by: Rémy Coutable <remy@rymai.me>
The API was returning 500 when `nil` is passed for the `import_url`.
In fact, it was `Gitlab::UrlSanitizer.valid?` which was throwing a
`NoMethodError` when `nil` value was passed.
gfyoung