From 00ded54adde070723c665a1c5a589c3ee080b001 Mon Sep 17 00:00:00 2001
From: Robin Jarry <robin@jarry.cc>
Date: Wed, 11 Oct 2023 15:52:29 +0200
Subject: carddav-query: interpret percent escapes in source url

The username and password must be percent encoded if they are set in
carddav-source. Python's parser does not automatically unquote the
different URL elements.

Some carddav servers do not care about this but some do and report
authentication failures when the username is percent encoded.

Make sure to unquote the username and password after reading them from
carddav-source.

Reported-by: Callum Andrew <contact@candrew.net>
Signed-off-by: Robin Jarry <robin@jarry.cc>
Tested-by: Callum Andrew <contact@candrew.net>
---
 contrib/carddav-query | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

(limited to 'contrib')

diff --git a/contrib/carddav-query b/contrib/carddav-query
index f7eaa793..58c5c9c6 100755
--- a/contrib/carddav-query
+++ b/contrib/carddav-query
@@ -243,10 +243,10 @@ def parse_args():
     if source is not None:
         try:
             u = parse.urlparse(source)
-            if args.username is None:
-                args.username = u.username
-            if args.password is None:
-                args.password = u.password
+            if args.username is None and u.username is not None:
+                args.username = parse.unquote(u.username)
+            if args.password is None and u.password is not None:
+                args.password = parse.unquote(u.password)
             if not args.password and cred_cmd is not None:
                 args.password = subprocess.check_output(
                     cred_cmd, shell=True, text=True, encoding="utf-8"
-- 
cgit