[http-client] Decode credentials for Basic Authentication (#5223)

Co-authored-by: draker94 <noreply@github.com>

vividus-http-client/src/main/java/org/vividus/http/client/HttpClient.java

@@ -19,6 +19,7 @@
 import java.io.IOException;
 import java.net.URI;
 import java.net.URISyntaxException;
+import java.net.URLDecoder;
 import java.nio.charset.StandardCharsets;
 import java.util.List;
 import java.util.Optional;
@@ -161,7 +162,8 @@ private static URI getRequestUri(ClassicHttpRequest request) throws IOException
     private static void configureBasicAuth(boolean usePreemptiveBasicAuthIfAvailable, String plainUserInfo,
             HttpHost host, HttpClientContext internalContext)
     {
-        UserInfo userInfo = UriUtils.parseUserInfo(plainUserInfo);
+        String plainUserInfoDecoded = URLDecoder.decode(plainUserInfo, StandardCharsets.UTF_8);
+        UserInfo userInfo = UriUtils.parseUserInfo(plainUserInfoDecoded);
         UsernamePasswordCredentials credentials = new UsernamePasswordCredentials(userInfo.user(),
                 userInfo.password().toCharArray());
         HttpHost normalizedHost = RoutingSupport.normalize(host, DefaultSchemePortResolver.INSTANCE);

vividus-http-client/src/test/java/org/vividus/http/client/HttpClientTests.java

@@ -37,6 +37,7 @@
 import java.io.IOException;
 import java.net.URI;
 import java.net.URISyntaxException;
+import java.net.URLDecoder;
 import java.nio.charset.StandardCharsets;
 import java.time.Duration;
 import java.util.Base64;
@@ -84,8 +85,10 @@ class HttpClientTests
     private static final URI URI_TO_GO = URI.create(VIVIDUS_ORG);
 
     private static final String USER = "user";
-    private static final String PASSWORD = "pass";
+    private static final String PASSWORD = "pass%5E";
+    private static final String PASSWORD_DECODED = URLDecoder.decode(PASSWORD, StandardCharsets.UTF_8);
     private static final String BASIC_AUTH = USER + ":" + PASSWORD;
+    private static final String BASIC_AUTH_DECODED = URLDecoder.decode(BASIC_AUTH, StandardCharsets.UTF_8);
     private static final String SCHEME = "https";
     private static final String HOST = "www.vividus.org";
     private static final HttpHost HTTP_HOST = new HttpHost(SCHEME, HOST, 443);
@@ -164,7 +167,7 @@ void shouldDoHttpGetWithPreemptiveAuthEnabled() throws IOException, Authenticati
         var authScheme = authExchange.getAuthScheme();
         var authResponse = authScheme.generateAuthResponse(null, null, null);
         var expectedAuthResponse = "Basic " + Base64.getEncoder().encodeToString(
-                BASIC_AUTH.getBytes(StandardCharsets.UTF_8));
+                BASIC_AUTH_DECODED.getBytes(StandardCharsets.UTF_8));
         assertEquals(expectedAuthResponse, authResponse);
         assertNull(httpClientContext.getCredentialsProvider());
     }
@@ -202,7 +205,7 @@ void shouldDoHttpHead() throws IOException
         assertInstanceOf(BasicCredentialsProvider.class, credentialsProvider);
         var credentials = credentialsProvider.getCredentials(new AuthScope(HTTP_HOST), null);
         assertEquals(USER, credentials.getUserPrincipal().getName());
-        assertArrayEquals(PASSWORD.toCharArray(), credentials.getPassword());
+        assertArrayEquals(PASSWORD_DECODED.toCharArray(), credentials.getPassword());
     }
 
     @Test

vividus-tests/src/main/resources/story/integration/HTTP.story

@@ -160,3 +160,7 @@ Then JSON element from `${response-as-bytes}` by JSON path `$` is equal to `{
      "Content-Type": [ "application/x-www-form-urlencoded; charset=UTF-8" ]
   }
 }`ignoring extra fields
+
+Scenario: Verify using of encoded unsafe characters in user info for Basic Authentication
+When I execute HTTP GET request for resource with URL `https://username:password%5E@httpbin.org/basic-auth/username/password^`
+Then response code is equal to `200`