feat!: support passwords in urls.

It's now possible to use urls like `https://user:pass@host/repo` without loosing
the password portion of the URL.

We also change the `from_parts()` method to take all parts needed to describe a URL,
which is a breaking change.

Author: Byron

gix-url/src/impls.rs

@@ -13,6 +13,7 @@ impl Default for Url {
             serialize_alternative_form: false,
             scheme: Scheme::Ssh,
             user: None,
+            password: None,
             host: None,
             port: None,
             path: bstr::BString::default(),

gix-url/src/lib.rs

@@ -38,6 +38,8 @@ pub struct Url {
     pub scheme: Scheme,
     /// The user to impersonate on the remote.
     user: Option<String>,
+    /// The password associated with a user.
+    password: Option<String>,
     /// The host to which to connect. Localhost is implied if `None`.
     host: Option<String>,
     /// When serializing, use the alternative forms as it was parsed as such.
@@ -50,44 +52,25 @@ pub struct Url {
 
 /// Instantiation
 impl Url {
-    /// Create a new instance from the given parts, which will be validated by parsing them back.
+    /// Create a new instance from the given parts, including a password, which will be validated by parsing them back.
     pub fn from_parts(
         scheme: Scheme,
         user: Option<String>,
+        password: Option<String>,
         host: Option<String>,
         port: Option<u16>,
         path: BString,
+        serialize_alternative_form: bool,
     ) -> Result<Self, parse::Error> {
         parse(
             Url {
                 scheme,
                 user,
+                password,
                 host,
                 port,
                 path,
-                serialize_alternative_form: false,
-            }
-            .to_bstring()
-            .as_ref(),
-        )
-    }
-
-    /// Create a new instance from the given parts, which will be validated by parsing them back from its alternative form.
-    pub fn from_parts_as_alternative_form(
-        scheme: Scheme,
-        user: Option<String>,
-        host: Option<String>,
-        port: Option<u16>,
-        path: BString,
-    ) -> Result<Self, parse::Error> {
-        parse(
-            Url {
-                scheme,
-                user,
-                host,
-                port,
-                path,
-                serialize_alternative_form: true,
+                serialize_alternative_form,
             }
             .to_bstring()
             .as_ref(),
@@ -133,6 +116,10 @@ impl Url {
     pub fn user(&self) -> Option<&str> {
         self.user.as_deref()
     }
+    /// Returns the password mentioned in the url, if present.
+    pub fn password(&self) -> Option<&str> {
+        self.password.as_deref()
+    }
     /// Returns the host mentioned in the url, if present.
     pub fn host(&self) -> Option<&str> {
         self.host.as_deref()
@@ -178,6 +165,10 @@ impl Url {
         match (&self.user, &self.host) {
             (Some(user), Some(host)) => {
                 out.write_all(user.as_bytes())?;
+                if let Some(password) = &self.password {
+                    out.write_all(&[b':'])?;
+                    out.write_all(password.as_bytes())?;
+                }
                 out.write_all(&[b'@'])?;
                 out.write_all(host.as_bytes())?;
             }

gix-url/src/parse.rs

@@ -66,10 +66,12 @@ fn has_no_explicit_protocol(url: &[u8]) -> bool {
 }
 
 fn to_owned_url(url: url::Url) -> Result<crate::Url, Error> {
+    let password = url.password();
     Ok(crate::Url {
         serialize_alternative_form: false,
         scheme: str_to_protocol(url.scheme()),
-        user: if url.username().is_empty() {
+        password: password.map(ToOwned::to_owned),
+        user: if url.username().is_empty() && password.is_none() {
             None
         } else {
             Some(url.username().into())

gix-url/tests/parse/http.rs

@@ -0,0 +1,76 @@
+use gix_url::Scheme;
+
+use crate::parse::{assert_url, assert_url_roundtrip, url, url_with_pass};
+
+#[test]
+fn username_expansion_is_unsupported() -> crate::Result {
+    assert_url_roundtrip(
+        "http://example.com/~byron/hello",
+        url(Scheme::Http, None, "example.com", None, b"/~byron/hello"),
+    )
+}
+
+#[test]
+fn empty_user_cannot_roundtrip() -> crate::Result {
+    let actual = gix_url::parse("http://@example.com/~byron/hello".into())?;
+    let expected = url(Scheme::Http, "", "example.com", None, b"/~byron/hello");
+    assert_eq!(actual, expected);
+    assert_eq!(
+        actual.to_bstring(),
+        "http://example.com/~byron/hello",
+        "we cannot differentiate between empty user and no user"
+    );
+    Ok(())
+}
+
+#[test]
+fn username_and_password() -> crate::Result {
+    assert_url_roundtrip(
+        "http://user:password@example.com/~byron/hello",
+        url_with_pass(Scheme::Http, "user", "password", "example.com", None, b"/~byron/hello"),
+    )
+}
+
+#[test]
+fn username_and_password_and_port() -> crate::Result {
+    assert_url_roundtrip(
+        "http://user:password@example.com:8080/~byron/hello",
+        url_with_pass(Scheme::Http, "user", "password", "example.com", 8080, b"/~byron/hello"),
+    )
+}
+
+#[test]
+fn only_password() -> crate::Result {
+    assert_url_roundtrip(
+        "http://:password@example.com/~byron/hello",
+        url_with_pass(Scheme::Http, "", "password", "example.com", None, b"/~byron/hello"),
+    )
+}
+
+#[test]
+fn username_and_empty_password() -> crate::Result {
+    let actual = gix_url::parse("http://user:@example.com/~byron/hello".into())?;
+    let expected = url_with_pass(Scheme::Http, "user", "", "example.com", None, b"/~byron/hello");
+    assert_eq!(actual, expected);
+    assert_eq!(
+        actual.to_bstring(),
+        "http://user@example.com/~byron/hello",
+        "an empty password appears like no password to us - fair enough"
+    );
+    Ok(())
+}
+
+#[test]
+fn secure() -> crate::Result {
+    assert_url_roundtrip(
+        "https://github.com/byron/gitoxide",
+        url(Scheme::Https, None, "github.com", None, b"/byron/gitoxide"),
+    )
+}
+
+#[test]
+fn http_missing_path() -> crate::Result {
+    assert_url_roundtrip("http://host.xz/", url(Scheme::Http, None, "host.xz", None, b"/"))?;
+    assert_url("http://host.xz", url(Scheme::Http, None, "host.xz", None, b"/"))?;
+    Ok(())
+}

gix-url/tests/parse/mod.rs

@@ -39,9 +39,31 @@ fn url<'a, 'b>(
     gix_url::Url::from_parts(
         protocol,
         user.into().map(Into::into),
+        None,
         host.into().map(Into::into),
         port.into(),
         path.into(),
+        false,
+    )
+    .unwrap_or_else(|err| panic!("'{}' failed: {err:?}", path.as_bstr()))
+}
+
+fn url_with_pass<'a, 'b>(
+    protocol: Scheme,
+    user: impl Into<Option<&'a str>>,
+    password: impl Into<String>,
+    host: impl Into<Option<&'b str>>,
+    port: impl Into<Option<u16>>,
+    path: &[u8],
+) -> gix_url::Url {
+    gix_url::Url::from_parts(
+        protocol,
+        user.into().map(Into::into),
+        Some(password.into()),
+        host.into().map(Into::into),
+        port.into(),
+        path.into(),
+        false,
     )
     .unwrap_or_else(|err| panic!("'{}' failed: {err:?}", path.as_bstr()))
 }
@@ -53,12 +75,14 @@ fn url_alternate<'a, 'b>(
     port: impl Into<Option<u16>>,
     path: &[u8],
 ) -> gix_url::Url {
-    let url = gix_url::Url::from_parts_as_alternative_form(
+    let url = gix_url::Url::from_parts(
         protocol.clone(),
         user.into().map(Into::into),
+        None,
         host.into().map(Into::into),
         port.into(),
         path.into(),
+        true,
     )
     .expect("valid");
     assert_eq!(url.scheme, protocol);
@@ -89,33 +113,8 @@ mod radicle {
     }
 }
 
-mod http {
-    use gix_url::Scheme;
-
-    use crate::parse::{assert_url, assert_url_roundtrip, url};
+mod http;
 
-    #[test]
-    fn username_expansion_is_unsupported() -> crate::Result {
-        assert_url_roundtrip(
-            "http://example.com/~byron/hello",
-            url(Scheme::Http, None, "example.com", None, b"/~byron/hello"),
-        )
-    }
-    #[test]
-    fn secure() -> crate::Result {
-        assert_url_roundtrip(
-            "https://github.com/byron/gitoxide",
-            url(Scheme::Https, None, "github.com", None, b"/byron/gitoxide"),
-        )
-    }
-
-    #[test]
-    fn http_missing_path() -> crate::Result {
-        assert_url_roundtrip("http://host.xz/", url(Scheme::Http, None, "host.xz", None, b"/"))?;
-        assert_url("http://host.xz", url(Scheme::Http, None, "host.xz", None, b"/"))?;
-        Ok(())
-    }
-}
 mod git {
     use gix_url::Scheme;
 

gix-url/tests/parse/ssh.rs

@@ -66,12 +66,14 @@ fn with_user_and_port_and_absolute_path() -> crate::Result {
 
 #[test]
 fn ssh_alias_needs_username_to_not_be_considered_a_filepath() {
-    let url = gix_url::Url::from_parts_as_alternative_form(
+    let url = gix_url::Url::from_parts(
         Scheme::Ssh,
         None,
+        None,
         "alias".to_string().into(),
         None,
         b"path/to/git".as_bstr().into(),
+        true,
     )
     .expect("valid");
     assert_eq!(