fix: URL-encode special characters in credentials for XMLRPC URI in nipap-cli.

fredsod · fredsod · commit e4cbf757beaf · 2026-03-09T10:47:41.000+01:00
Passwords (and usernames) containing special characters such as '/', '@' or ':' would break the XMLRPC URI used by nipap-cli because
urllib.parse.quote() defaults to safe='/', leaving '/' unencoded.
diff --git a/nipap-cli/nipap_cli/nipap_cli.py b/nipap-cli/nipap_cli/nipap_cli.py
@@ -87,8 +87,8 @@ def setup_connection():
         con_params['password'] = getpass.getpass()
 
     # Quote username & password
-    con_params['username'] = quote(con_params['username'])
-    con_params['password'] = quote(con_params['password'])
+    con_params['username'] = quote(con_params['username'], safe='')
+    con_params['password'] = quote(con_params['password'], safe='')
 
     # build XML-RPC URI
     pynipap.xmlrpc_uri = "%(protocol)s://%(username)s:%(password)s@%(hostname)s:%(port)s" % con_params
diff --git a/nipap-cli/tests/cli-test.py b/nipap-cli/tests/cli-test.py
@@ -9,6 +9,7 @@
 sys.path.insert(0, '..')
 from nipap_cli import nipap_cli
 from nipap_cli.command import Command, CommandError, InvalidCommand
+from urllib.parse import quote, urlparse
 
 #
 # command functions
@@ -297,5 +298,35 @@ def test_rest_argument(self):
         )
 
 
+class TestPasswordEncoding(unittest.TestCase):
+
+    def _build_uri(self, username, password):
+        return "http://%(username)s:%(password)s@localhost:1337" % {
+            'username': quote(username, safe=''),
+            'password': quote(password, safe=''),
+        }
+
+    def test_slash_in_password(self):
+        uri = self._build_uri('admin', 'pass/word')
+        parsed = urlparse(uri)
+        self.assertEqual(parsed.username, 'admin')
+        self.assertEqual(parsed.password, 'pass/word')
+
+    def test_at_in_password(self):
+        uri = self._build_uri('admin', 'p@ssword')
+        parsed = urlparse(uri)
+        self.assertEqual(parsed.password, 'p@ssword')
+
+    def test_colon_in_password(self):
+        uri = self._build_uri('admin', 'pass:word')
+        parsed = urlparse(uri)
+        self.assertEqual(parsed.password, 'pass:word')
+
+    def test_multiple_special_chars(self):
+        uri = self._build_uri('user/name', 'p@ss/w:rd!')
+        parsed = urlparse(uri)
+        self.assertEqual(parsed.username, 'user/name')
+        self.assertEqual(parsed.password, 'p@ss/w:rd!')
+        
 if __name__ == '__main__':
     unittest.main()
