GitLab integration: escape path

stsewd · stsewd · commit 458ed61adc0f · 2021-10-21T17:14:17.000-05:00
The path/namespace must be url-encoded. https://docs.gitlab.com/ee/api/index.html#namespaced-path-encoding We were assuming that only the `/` needed to be escape, and that the namespace can't have more `/`. But GitLab has subgroups, which is parsed as the username in our code.
diff --git a/readthedocs/oauth/services/gitlab.py b/readthedocs/oauth/services/gitlab.py
@@ -3,7 +3,7 @@
 import json
 import logging
 import re
-from urllib.parse import urlparse
+from urllib.parse import quote_plus, urlparse
 
 from allauth.socialaccount.providers.gitlab.views import GitLabOAuth2Adapter
 from django.conf import settings
@@ -16,13 +16,9 @@
     SELECT_BUILD_STATUS,
 )
 from readthedocs.integrations.models import Integration
-from readthedocs.projects.models import Project
 
 from ..constants import GITLAB
-from ..models import (
-    RemoteOrganization,
-    RemoteRepository,
-)
+from ..models import RemoteOrganization, RemoteRepository
 from .base import Service, SyncServiceError
 
 log = logging.getLogger(__name__)
@@ -52,8 +48,11 @@ class GitLabService(Service):
     vcs_provider_slug = GITLAB
 
     def _get_repo_id(self, project):
-        # The ID or URL-encoded path of the project
-        # https://docs.gitlab.com/ce/api/README.html#namespaced-path-encoding
+        """
+        Get the ID or URL-encoded path of the project.
+
+        See https://docs.gitlab.com/ce/api/README.html#namespaced-path-encoding.
+        """
         if project.remote_repository:
             repo_id = project.remote_repository.remote_id
         else:
@@ -64,10 +63,7 @@ def _get_repo_id(self, project):
             if (username, repo) == (None, None):
                 return None
 
-            repo_id = '{username}%2F{repo}'.format(
-                username=username,
-                repo=repo,
-            )
+            repo_id = quote_plus(f'{username}/{repo}')
         return repo_id
 
     def get_next_url_to_paginate(self, response):
diff --git a/readthedocs/rtd_tests/tests/test_oauth.py b/readthedocs/rtd_tests/tests/test_oauth.py
@@ -10,11 +10,8 @@
 
 from readthedocs.builds.constants import BUILD_STATUS_SUCCESS, EXTERNAL
 from readthedocs.builds.models import Build, Version
-from readthedocs.integrations.models import (
-    GitHubWebhook,
-    GitLabWebhook,
-)
-from readthedocs.oauth.constants import GITHUB, BITBUCKET, GITLAB
+from readthedocs.integrations.models import GitHubWebhook, GitLabWebhook
+from readthedocs.oauth.constants import BITBUCKET, GITHUB, GITLAB
 from readthedocs.oauth.models import RemoteOrganization, RemoteRepository
 from readthedocs.oauth.services import (
     BitbucketService,
@@ -1009,6 +1006,15 @@ def get_private_repo_data(self):
         })
         return data
 
+    def test_project_path_is_escaped(self):
+        repo_id = self.service._get_repo_id(self.project)
+        self.assertEqual(repo_id, 'testorga%2Ftestrepo')
+
+        self.project.repo = 'https://gitlab.com/testorga/subgroup/testrepo.git'
+        self.project.save()
+        repo_id = self.service._get_repo_id(self.project)
+        self.assertEqual(repo_id, 'testorga%2Fsubgroup%2Ftestrepo')
+
     def test_make_project_pass(self):
         repo = self.service.create_repository(
             self.repo_response_data, organization=self.org,
