From 1b50b80e06db48ad51f7038dc0faedea94d96054 Mon Sep 17 00:00:00 2001
From: Alex Kocharin <alex@kocharin.ru>
Date: Tue, 21 Apr 2015 00:11:47 +0300
Subject: [PATCH] url: drop auth in `url.resolve()` if host changes

Fixes: https://github.com/nodejs/node/issues/1435
PR-URL: https://github.com/nodejs/node/pull/1480
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Brian White <mscdex@mscdex.net>
---
 lib/url.js                | 13 +++++++++----
 test/parallel/test-url.js | 16 +++++++++++++++-
 2 files changed, 24 insertions(+), 5 deletions(-)

diff --git a/lib/url.js b/lib/url.js
index 8b9f92856d41b2..c4d6ed2e33a5f5 100644
--- a/lib/url.js
+++ b/lib/url.js
@@ -754,6 +754,7 @@ Url.prototype.resolveObject = function(relative) {
     if (relative.protocol) {
       relative.hostname = null;
       relative.port = null;
+      result.auth = null;
       if (relative.host) {
         if (relPath[0] === '') relPath[0] = relative.host;
         else relPath.unshift(relative.host);
@@ -765,10 +766,14 @@ Url.prototype.resolveObject = function(relative) {
 
   if (isRelAbs) {
     // it's absolute.
-    result.host = (relative.host || relative.host === '') ?
-                  relative.host : result.host;
-    result.hostname = (relative.hostname || relative.hostname === '') ?
-                      relative.hostname : result.hostname;
+    if (relative.host || relative.host === '') {
+      result.host = relative.host;
+      result.auth = null;
+    }
+    if (relative.hostname || relative.hostname === '') {
+      result.hostname = relative.hostname;
+      result.auth = null;
+    }
     result.search = relative.search;
     result.query = relative.query;
     srcPath = relPath;
diff --git a/test/parallel/test-url.js b/test/parallel/test-url.js
index 3ec312f80a33c7..40e281038c7ad0 100644
--- a/test/parallel/test-url.js
+++ b/test/parallel/test-url.js
@@ -1538,7 +1538,21 @@ var relativeTests2 = [
   //changeing auth
   ['http://diff:auth@www.example.com',
    'http://asdf:qwer@www.example.com',
-   'http://diff:auth@www.example.com/']
+   'http://diff:auth@www.example.com/'],
+
+  // https://github.com/nodejs/node/issues/1435
+  ['https://another.host.com/',
+   'https://user:password@example.org/',
+   'https://another.host.com/'],
+  ['//another.host.com/',
+   'https://user:password@example.org/',
+   'https://another.host.com/'],
+  ['http://another.host.com/',
+   'https://user:password@example.org/',
+   'http://another.host.com/'],
+  ['mailto:another.host.com',
+   'mailto:user@example.org',
+   'mailto:another.host.com'],
 ];
 relativeTests2.forEach(function(relativeTest) {
   const a = url.resolve(relativeTest[1], relativeTest[0]);