From 814df3de1039caeb2d955bee0c0d8f8c4e159bc8 Mon Sep 17 00:00:00 2001
From: Jacob Shufro <jacob@shuf.ro>
Date: Mon, 4 Dec 2023 20:41:00 -0500
Subject: [PATCH] fix: do not URI-encode Basic Auth header contents

---
 packages/api/src/utils/client/httpClient.ts       |  4 ++--
 .../test/unit/client/httpClientOptions.test.ts    | 15 +++++++++++++++
 2 files changed, 17 insertions(+), 2 deletions(-)

diff --git a/packages/api/src/utils/client/httpClient.ts b/packages/api/src/utils/client/httpClient.ts
index 7c37dc116e54..8f20d3c56f05 100644
--- a/packages/api/src/utils/client/httpClient.ts
+++ b/packages/api/src/utils/client/httpClient.ts
@@ -146,8 +146,8 @@ export class HttpClient implements IHttpClient {
       // Extract the username and password, if any
       if (url.username !== "" || url.password != "") {
         urlOpts.extraHeaders = {
-        // eslint-disable-next-line @typescript-eslint/naming-convention
-          Authorization: `Basic ${toBase64(`${url.username}:${url.password}`)}`,
+          // eslint-disable-next-line @typescript-eslint/naming-convention
+          Authorization: `Basic ${toBase64(decodeURIComponent(`${url.username}:${url.password}`))}`,
           ...urlOpts.extraHeaders,
         };
         url.username = "";
diff --git a/packages/api/test/unit/client/httpClientOptions.test.ts b/packages/api/test/unit/client/httpClientOptions.test.ts
index e75b79677f18..009d722ce968 100644
--- a/packages/api/test/unit/client/httpClientOptions.test.ts
+++ b/packages/api/test/unit/client/httpClientOptions.test.ts
@@ -1,4 +1,5 @@
 import {expect} from "chai";
+import {toBase64} from "@lodestar/utils";
 import {HttpClient} from "../../../src/index.js";
 
 describe("HTTPClient options", () => {
@@ -6,6 +7,7 @@ describe("HTTPClient options", () => {
   const baseUrl2 = "http://url-2/";
   const baseUrl1BasicAuth = "http://username:password@url-1/";
   const baseUrl2BasicAuth = "http://username:password@url-2/";
+  const baseUrl2BasicAuthEncoded = "http://username=:password@url-2/";
   const bearerToken1 = "token-1";
   const bearerToken2 = "token-2";
 
@@ -156,6 +158,19 @@ describe("HTTPClient options", () => {
     ]);
   });
 
+  it("Basic Auth should not be URI-encoded", () => {
+    const httpClient = new HttpClient({
+      urls: [baseUrl2BasicAuthEncoded],
+    });
+    expect(httpClient["urlsOpts"]).deep.equals([
+      {
+        baseUrl: baseUrl2,
+        // eslint-disable-next-line @typescript-eslint/naming-convention
+        extraHeaders: {Authorization: `Basic ${toBase64("username=:password")}`},
+      },
+    ]);
+  });
+
   it("Throw if empty baseUrl", () => {
     expect(() => new HttpClient({baseUrl: ""})).to.throw(Error);
   });