Add link to show/hide credentials from URL.

app/assets/javascripts/dispatcher.js.coffee

@@ -109,6 +109,7 @@ class Dispatcher
         new GroupsSelect()
       when 'projects:mirrors:show', 'projects:mirrors:update'
         new UsersSelect()
+        new MirrorUrlProtector()
       when 'admin:emails:show'
         new AdminEmailSelect()

app/assets/javascripts/mirror_url_protector.js.coffee

+class @MirrorUrlProtector
+  constructor: ->
+    $('.toggle-remote-credentials').on 'click', (e) =>
+      e.preventDefault()
+
+      anchor = $(e.target)
+      inputUrl = anchor.prev()
+
+      switch anchor.text()
+        when 'Show credentials'
+          anchor.text('Hide credentials')
+          inputUrl.val(inputUrl.data('full-url'))
+        when 'Hide credentials'
+          anchor.text('Show credentials')
+          inputUrl.val(inputUrl.data('safe-url'))

app/models/remote_mirror.rb

@@ -95,16 +95,22 @@ def mark_as_failed(error_message)
   def url=(value)
     mirror_url = Gitlab::ImportUrl.new(value)
-    self.credentials = mirror_url.credentials if mirror_url.credentials.values.any?
+
+    # Update credentials only if passed URL is different than the previous one.
+    self.credentials = mirror_url.credentials if url != value
     super(mirror_url.sanitized_url)
   end
   def full_url
-    mirror_url = Gitlab::ImportUrl.new(super, credentials: credentials)
+    mirror_url = Gitlab::ImportUrl.new(url, credentials: credentials)
     mirror_url.full_url
   end
+  def has_credentials?
+    credentials.values.any?
+  end
+
   private
   def url_availability

app/views/projects/mirrors/show.html.haml

@@ -113,7 +113,9 @@
       = rm_form.label :url, class: 'control-label' do
         %span Git repository URL
       .col-sm-10
-        = rm_form.text_field :url, class: 'form-control', placeholder: 'https://username:password@gitlab.company.com/group/project.git'
+        = rm_form.text_field :url, class: 'form-control', placeholder: 'https://username:password@gitlab.company.com/group/project.git', data: { 'safe-url' => @remote_mirror.url, 'full-url' => @remote_mirror.full_url }
+        - if @remote_mirror.has_credentials?
+          = link_to 'Show credentials', '#', class: 'toggle-remote-credentials'
         .well.prepend-top-20
           The requirements for the URL format are the same mentioned in the <strong>Pull from a remote repository</strong> section.

[Douwe Maan]

I understand what's going on here, but it looks confusing to ignore the set if credentials are empty. What happens if we explicitly want to remove credentials?

[Douwe Maan]

I think this will be confusing, since the user can enter a new URL with or without credentials, and this link will then no longer behave as expected.

[Rubén Dávila]

The link only shows up if the URL contains credentials, I do that check in the previous line: @remote_mirror.has_credentials?