Password value is computed for Uri class

Author: nyamsprod

CHANGELOG.md

@@ -11,6 +11,7 @@ All Notable changes to `League\Uri` will be documented in this file
 ### Fixed
 
 - Null byte handling see [GH-20366](https://github.com/php/php-src/pull/20489)
+- Align password component handling for the Uri class with `Uri\Rfc3986\Uri` implementation [GH-20545](https://github.com/php/php-src/issues/20545)
 
 ### Deprecated
 

Polyfill/UriTest.php

@@ -296,8 +296,8 @@ public function it_can_update_the_user_info_component(): void
 
         self::assertSame('apple', $uriWithUser->getUserInfo());
         self::assertSame('apple', $uriWithUser->getUsername());
-        self::assertNull($uriWithUser->getPassword());
-        self::assertNull($uriWithUser->getRawPassword());
+        self::assertSame('', $uriWithUser->getPassword());
+        self::assertSame('', $uriWithUser->getRawPassword());
 
         $uriWithUserAndPassword = $uriWithUser->withUserInfo('banana:cream');
         self::assertSame('banana:cream', $uriWithUserAndPassword->getUserInfo());
@@ -554,9 +554,63 @@ public function it_does_not_guarantee_roundtripping_on_modification_part_3(): vo
 
     public function test_it_fails_using_exception_with_null_bytes(): void
     {
-        $uri = new Uri("https://example.com");
+        $uri = new Uri('https://example.com');
 
         $this->expectException(InvalidUriException::class);
         $uri->resolve("/f\0o");
     }
+
+    public function test_userinfo_password_is_always_set_when_userinfo_is_set(): void
+    {
+        $uri = new Uri('http://example.com#foobar');
+        $uri1 = $uri->withUserInfo('appple');
+        $uri2 = $uri1->withUserInfo(null);
+
+        self::assertNull($uri->getPassword());
+        self::assertSame('', $uri1->getPassword());
+        self::assertNull($uri2->getPassword());
+    }
+
+    #[DataProvider('providesUriWithUserInfoAndPassword')]
+    public function test_uri_is_not_affected_by_password_value(
+        string $input,
+        ?string $password,
+        ?string $username
+    ): void {
+        $uri = new Uri($input);
+
+        self::assertSame($password, $uri->getPassword());
+        self::assertSame($password, $uri->__debugInfo()['password']);
+        self::assertSame($username, $uri->getUsername());
+        self::assertSame($username, $uri->__debugInfo()['username']);
+        self::assertSame($input, $uri->toRawString());
+        self::assertSame($input, $uri->toString());
+    }
+
+    public static function providesUriWithUserInfoAndPassword(): iterable
+    {
+        yield 'userinfo is missing' => [
+            'input' => 'http://example.com#foobar',
+            'password' => null,
+            'username' => null,
+        ];
+
+        yield 'userinfo password is missing' => [
+            'input' => 'http://[email protected]#foobar',
+            'password' => '',
+            'username' => 'user',
+        ];
+
+        yield 'userinfo user is missing' => [
+            'input' => 'http://:[email protected]#foobar',
+            'password' => 'password',
+            'username' => '',
+        ];
+
+        yield 'userinfo all components are presents' => [
+            'input' => 'http://user:[email protected]#foobar',
+            'password' => 'password',
+            'username' => 'user',
+        ];
+    }
 }

Polyfill/UrlTest.php

@@ -369,60 +369,60 @@ public function test_it_will_return_the_host_correct_format(): void
 
     public function test_it_can_handle_null_bytes_in_fragment(): void
     {
-        $url1 = new Url("https://example.com");
+        $url1 = new Url('https://example.com');
         $url2 = $url1->withFragment("frag\0ment");
 
-        self::assertSame("frag%00ment", $url2->getFragment());
-        self::assertSame("https://example.com/#frag%00ment", $url2->toAsciiString());
+        self::assertSame('frag%00ment', $url2->getFragment());
+        self::assertSame('https://example.com/#frag%00ment', $url2->toAsciiString());
     }
 
     public function test_it_can_handle_null_bytes_in_query(): void
     {
-        $url1 = new Url("https://example.com");
+        $url1 = new Url('https://example.com');
         $url2 = $url1->withQuery("f\0o=bar&baz=q\0x");
 
-        self::assertSame("f%00o=bar&baz=q%00x", $url2->getQuery());
-        self::assertSame("https://example.com/?f%00o=bar&baz=q%00x", $url2->toAsciiString());
+        self::assertSame('f%00o=bar&baz=q%00x', $url2->getQuery());
+        self::assertSame('https://example.com/?f%00o=bar&baz=q%00x', $url2->toAsciiString());
     }
 
     public function test_it_can_handle_null_bytes_in_path(): void
     {
-        $url1 = new Url("https://example.com");
+        $url1 = new Url('https://example.com');
         $url2 = $url1->withPath("/p\0th\0");
 
-        self::assertSame("/p%00th%00", $url2->getPath());
-        self::assertSame("https://example.com/p%00th%00", $url2->toAsciiString());
+        self::assertSame('/p%00th%00', $url2->getPath());
+        self::assertSame('https://example.com/p%00th%00', $url2->toAsciiString());
     }
 
     public function test_it_can_handle_null_bytes_in_password(): void
     {
-        $url1 = new Url("https://example.com");
+        $url1 = new Url('https://example.com');
         $url2 = $url1->withPassword("pass\0word");
 
-        self::assertSame("pass%00word", $url2->getPassword());
-        self::assertSame("https://:pass%[email protected]/", $url2->toAsciiString());
+        self::assertSame('pass%00word', $url2->getPassword());
+        self::assertSame('https://:pass%[email protected]/', $url2->toAsciiString());
     }
 
     public function test_it_can_handle_null_bytes_in_username(): void
     {
-        $url1 = new Url("https://example.com");
+        $url1 = new Url('https://example.com');
         $url2 = $url1->withUsername("usern\0me");
 
-        self::assertSame("usern%00me", $url2->getUsername());
-        self::assertSame("https://usern%[email protected]/", $url2->toAsciiString());
+        self::assertSame('usern%00me', $url2->getUsername());
+        self::assertSame('https://usern%[email protected]/', $url2->toAsciiString());
     }
 
     public function test_it_cannot_handle_null_bytes_in_host(): void
     {
-        $url1 = new Url("https://example.com");
+        $url1 = new Url('https://example.com');
         $this->expectException(InvalidUrlException::class);
 
         $url1->withHost("usern\0me");
     }
 
     public function test_it_cannot_handle_null_bytes_in_scheme(): void
     {
-        $url1 = new Url("https://example.com");
+        $url1 = new Url('https://example.com');
         $this->expectException(InvalidUrlException::class);
 
         $url1->withScheme("usern\0me");

README.md

@@ -2,7 +2,7 @@
 
 
 [![Software License](https://img.shields.io/badge/license-MIT-brightgreen.svg?style=flat-square)](LICENSE)
-[![Latest Version](https://img.shields.io/github/release/thephpleague/uri-pollyfill.svg?style=flat-square)](https://github.com/thephpleague/uri-interfaces/releases)
+[![Latest Version](https://img.shields.io/github/release/thephpleague/uri-polyfill.svg?style=flat-square)](https://github.com/thephpleague/uri-interfaces/releases)
 [![Total Downloads](https://img.shields.io/packagist/dt/league/uri-polyfill.svg?style=flat-square)](https://packagist.org/packages/league/uri-interfaces)
 
 ````php

lib/Rfc3986/Uri.php

@@ -71,7 +71,7 @@ public static function parse(string $uri, ?self $baseUri = null): ?Uri
         public function __construct(string $uri, ?self $baseUri = null)
         {
             if (!UriString::containsRfc3986Chars($uri)) {
-                $formatter = fn (string $input): ?string => preg_replace_callback('/[\x00-\x1F\x7F]/', fn (array $m): string => '\\x' . bin2hex($m[0]), $input);
+                $formatter = fn (string $input): ?string => preg_replace_callback('/[\x00-\x1F\x7F]/', fn (array $m): string => '\\x'.bin2hex($m[0]), $input);
 
                 throw new InvalidUriException('The URI `'.$formatter($uri).'` contains invalid RFC3986 characters.');
             }
@@ -286,12 +286,22 @@ public function getUsername(): ?string
 
         public function getRawPassword(): ?string
         {
-            return $this->getComponent(self::TYPE_RAW, 'pass');
+            $parsedValue = $this->getComponent(self::TYPE_RAW, 'pass');
+            if (null !== $this->getUsername()) {
+                return (string) $parsedValue;
+            }
+
+            return $parsedValue;
         }
 
         public function getPassword(): ?string
         {
-            return $this->getComponent(self::TYPE_NORMALIZED, 'pass');
+            $parsedValue = $this->getComponent(self::TYPE_NORMALIZED, 'pass');
+            if (null !== $this->getUsername()) {
+                return (string) $parsedValue;
+            }
+
+            return $parsedValue;
         }
 
         public function getRawHost(): ?string
@@ -470,7 +480,7 @@ public function __debugInfo(): array
             return [
                 'scheme' => $this->rawComponents['scheme'],
                 'username' => $this->rawComponents['user'],
-                'password' => $this->rawComponents['pass'],
+                'password' => null !== $this->rawComponents['user'] ? ((string) $this->rawComponents['pass']) : $this->rawComponents['pass'],
                 'host' => $this->rawComponents['host'],
                 'port' => $this->rawComponents['port'],
                 'path' => $this->rawComponents['path'],

lib/WhatWg/Url.php

@@ -25,7 +25,6 @@
 use Rowbot\URL\URLRecord;
 use SensitiveParameter;
 use Uri\UriComparisonMode;
-use ValueError;
 
 use function in_array;
 use function preg_match;