fix(curl-import): preserve colons in basic-auth password

[drooph0904]

Description

Fixes #8205.

When importing a cURL command with -u user:password, Bruno truncated the password at the first colon because setAuth() split on every colon and destructured only the first two parts:

const [username, password] = value.split(':');

curl splits the -u value on the first colon only — the password may itself contain colons (e.g. tokens, base64). This change matches that behavior by finding the first colon and slicing around it:

const separatorIndex = value.indexOf(':');
const username = separatorIndex === -1 ? value : value.slice(0, separatorIndex);
const password = separatorIndex === -1 ? '' : value.slice(separatorIndex + 1);

The separatorIndex === -1 branch preserves existing behavior for -u username with no colon (password becomes '').

Added data-driven regression tests covering an embedded colon, the --user long-form alias, and leading/trailing colons. All parse-curl tests pass (55/55).

Contribution Checklist:

• I've used AI significantly to create this pull request
• The pull request only addresses one issue or adds one feature.
• The pull request does not introduce any breaking changes
• I have added screenshots or gifs to help explain the change if applicable.
• I have read the contribution guidelines.
• Create an issue and link to the pull request.

🤖 Generated with Claude Code

Summary by CodeRabbit

• Bug Fixes

  • Fixed credential parsing in curl commands for basic authentication. Passwords containing colons are now correctly preserved during parsing instead of being incorrectly split on all colon occurrences.

• Tests

  • Added extensive test coverage for curl authentication parsing with edge cases, including passwords with embedded colons, leading/trailing colons, and long-form credential syntax.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 72051c89-be5a-4c80-b73f-4abc53d5b19a

📥 Commits

Reviewing files that changed from the base of the PR and between b9ee1ee and f8b2be3.

📒 Files selected for processing (2)

• packages/bruno-app/src/utils/curl/parse-curl.js
• packages/bruno-app/src/utils/curl/parse-curl.spec.js

---

Walkthrough

The PR fixes cURL import to preserve colons in basic-auth passwords by splitting on only the first colon instead of all colons. setAuth now uses indexOf to locate the delimiter and slices around it. Tests verify colon preservation across multiple credential formats.

Changes

Basic-auth credential parsing

Layer / File(s)	Summary
Colon-aware credential split and test coverage packages/bruno-app/src/utils/curl/parse-curl.js, packages/bruno-app/src/utils/curl/parse-curl.spec.js	setAuth derives username and password by locating the first : via indexOf and slicing, rather than splitting on all colons. Test coverage verifies parsing preserves colons in passwords across embedded-colon, long-form, and edge-case credential formats.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Possibly related PRs

• usebruno/bruno#6292: Refactors auth normalization in the same parse-curl.js codepath; both PRs modify the -u/--user credential parsing logic.

Suggested labels

size/L

Suggested reviewers

• helloanoop
• lohit-bruno
• naman-bruno

Poem

🔐 A colon walks into auth—
"I'm a password!" it cries.
But old code said "nope, just one per line,"
Now: first colon wins, the rest survive. ✨

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately describes the main change: fixing the curl importer to preserve colons in basic-auth passwords, which is the core issue addressed by this PR.
Linked Issues check	✅ Passed	The PR directly addresses issue #8205 by replacing value.split(':') with indexOf-based splitting to preserve colons in passwords, matching curl's first-colon-only delimiter behavior.
Out of Scope Changes check	✅ Passed	All changes are scoped to the curl parser and its tests; no out-of-scope modifications detected.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}