New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Avoid echoing password to terminal #27

Merged
merged 4 commits into from Nov 13, 2017

Conversation

Projects
None yet
3 participants
@paultcochrane
Contributor

paultcochrane commented Oct 20, 2017

I used Module::Release to automate the release of one of my modules and was a bit shocked to find my PAUSE password being echoed to the terminal. Hence, I tested and refactored the get_env_var() method so that when one is asked to set the CPAN_PASS variable, the password isn't echoed to the screen. The code for this I adapted from CPAN::Uploader. If you have any questions or comments, or want to discuss how I've implemented this, please feel free! If you want to have anything changed I can update the PR and resubmit as necessary.

paultcochrane added some commits Oct 20, 2017

Replace plain terminal input with new _slurp() method
This change simply adds infrastructure to allow for the `<>` input to be
more easily overridden in later tests by overriding the new `_slurp`
method.  It seems that one would have to jump through many hoops in
order to make `<>` overridable so that one could test its behaviour and
that of e.g. `get_env_var`, hence introducing a new method seemed the
best option.  The new method is used in `get_env_var` to replace direct
usage of the diamond operator.  This change also adds a simple test of
the new method which checks and documents its behaviour.
Add tests of get_env_var()
These tests document the current behaviour of this method.
Avoid echoing passwords to the terminal
If we want to enter the CPAN_PASS value, we don't want to see it echoed
to the terminal.  The implementation used here is based off that used
for the `cpan-upload` script from `CPAN::Uploader`.  Unfortunately,
testing that the value isn't echoed is very difficult, hence the tests
added here only exercise the code path using the CPAN_PASS variable and
check that the value returned from `get_env_var` is still that that one
would expect.
@coveralls

This comment has been minimized.

Show comment
Hide comment
@coveralls

coveralls Oct 20, 2017

Coverage Status

Coverage increased (+2.4%) to 69.355% when pulling aaf46d0 on paultcochrane:pr/avoid-echoing-password-to-term into 6532dbf on briandfoy:master.

coveralls commented Oct 20, 2017

Coverage Status

Coverage increased (+2.4%) to 69.355% when pulling aaf46d0 on paultcochrane:pr/avoid-echoing-password-to-term into 6532dbf on briandfoy:master.

@briandfoy briandfoy merged commit 1467850 into briandfoy:master Nov 13, 2017

1 check was pending

continuous-integration/travis-ci/pr The Travis CI build is in progress
Details
@briandfoy

This comment has been minimized.

Show comment
Hide comment
@briandfoy

briandfoy Nov 13, 2017

Owner

I merged this but also got rid of the Sub::Override stuff. It's a lightweight dependency but since we are only using it in a small test, typeglobs aren't that much of a problem. I tweaked some other small things but no big whoop.

Owner

briandfoy commented Nov 13, 2017

I merged this but also got rid of the Sub::Override stuff. It's a lightweight dependency but since we are only using it in a small test, typeglobs aren't that much of a problem. I tweaked some other small things but no big whoop.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment