Permalink
Browse files

Merge pull request #1463 from hone/1440_hide_creds

Fixes #1440. Hides basic auth credentials for custom sources
  • Loading branch information...
2 parents 82d4e19 + c6da2c3 commit 95bb14483cf8af857dc901c22db48cd3057d243e Andre Arko committed Oct 1, 2011
View
@@ -84,7 +84,7 @@ def fetch_remote_specs(gem_names, full_dependency_list = [], last_spec_list = []
query_list = gem_names - full_dependency_list
# only display the message on the first run
if full_dependency_list.empty?
- Bundler.ui.info "Fetching dependency information from the API at #{@remote_uri}", false
+ Bundler.ui.info "Fetching dependency information from the API at #{strip_user_pass_from_uri(@remote_uri)}", false
else
Bundler.ui.info ".", false
end
@@ -176,7 +176,7 @@ def fetch_dependency_remote_specs(gem_names)
# fetch from modern index: specs.4.8.gz
def fetch_all_remote_specs
@has_api = false
- Bundler.ui.info "Fetching source index for #{@remote_uri}"
+ Bundler.ui.info "Fetching source index for #{strip_user_pass_from_uri(@remote_uri)}"
Bundler.ui.debug "Fetching modern index"
Gem.sources = ["#{@remote_uri}"]
spec_list = Hash.new { |h,k| h[k] = [] }
@@ -187,13 +187,21 @@ def fetch_all_remote_specs
begin
Gem::SpecFetcher.new.list(false, true).each {|k, v| spec_list[k] += v }
rescue Gem::RemoteFetcher::FetchError
- Bundler.ui.warn "Could not fetch prerelease specs from #{@remote_uri}"
+ Bundler.ui.warn "Could not fetch prerelease specs from #{strip_user_pass_from_uri(@remote_uri)}"
end
rescue Gem::RemoteFetcher::FetchError
- raise Bundler::HTTPError, "Could not reach #{@remote_uri}"
+ raise Bundler::HTTPError, "Could not reach #{strip_user_pass_from_uri(@remote_uri)}"
end
return spec_list
end
+
+ def strip_user_pass_from_uri(uri)
+ uri_dup = uri.dup
+ uri_dup.user = "****" if uri_dup.user
+ uri_dup.password = "****" if uri_dup.password
+
+ uri_dup
+ end
end
end
@@ -53,21 +53,6 @@
should_be_installed "rack 1.0.0"
end
- it "passes basic authentication details" do
- uri = URI.parse(source_uri)
- uri.user = "hello"
- uri.password = "there"
-
- gemfile <<-G
- source "#{uri}"
- gem "rack"
- G
-
- bundle :install, :artifice => "endpoint_basic_authentication"
- out.should include("Fetching dependency information from the API at #{uri}")
- should_be_installed "rack 1.0.0"
- end
-
it "handles git dependencies that are in rubygems" do
build_git "foo" do |s|
s.executables = "foobar"
@@ -303,4 +288,48 @@
vendored_gems("bin/rackup").should exist
end
+
+ context "when using basic authentication" do
+ let(:user) { "user" }
+ let(:password) { "pass" }
+ let(:basic_auth_source_uri) do
+ uri = URI.parse(source_uri)
+ uri.user = user
+ uri.password = password
+
+ uri
+ end
+
+ it "passes basic authentication details and strips out creds" do
+ gemfile <<-G
+ source "#{basic_auth_source_uri}"
+ gem "rack"
+ G
+
+ bundle :install, :artifice => "endpoint_basic_authentication"
+ out.should_not include("#{user}:#{password}")
+ should_be_installed "rack 1.0.0"
+ end
+
+ it "strips http basic authentication creds for modern index" do
+ gemfile <<-G
+ source "#{basic_auth_source_uri}"
+ gem "rack"
+ G
+
+ bundle :install, :artifice => "endopint_marshal_fail_basic_authentication"
+ out.should_not include("#{user}:#{password}")
+ should_be_installed "rack 1.0.0"
+ end
+
+ it "strips http basic auth creds when it can't reach the server" do
+ gemfile <<-G
+ source "#{basic_auth_source_uri}"
+ gem "rack"
+ G
+
+ bundle :install, :artifice => "endpoint_500"
+ out.should_not include("#{user}:#{password}")
+ end
+ end
end
@@ -0,0 +1,13 @@
+require File.expand_path("../endpoint_marshal_fail", __FILE__)
+
+Artifice.deactivate
+
+class EndpointMarshalFailBasicAuthentication < EndpointMarshalFail
+ before do
+ unless env["HTTP_AUTHORIZATION"]
+ halt 401, "Authentication info not supplied"
+ end
+ end
+end
+
+Artifice.activate_with(EndpointMarshalFailBasicAuthentication)
@@ -0,0 +1,37 @@
+require File.expand_path("../../path.rb", __FILE__)
+include Spec::Path
+
+$LOAD_PATH.unshift "#{Dir[base_system_gems.join("gems/artifice*/lib")].first}"
+$LOAD_PATH.unshift "#{Dir[base_system_gems.join("gems/rack-*/lib")].first}"
+$LOAD_PATH.unshift "#{Dir[base_system_gems.join("gems/rack-*/lib")].last}"
+$LOAD_PATH.unshift "#{Dir[base_system_gems.join("gems/tilt*/lib")].first}"
+$LOAD_PATH.unshift "#{Dir[base_system_gems.join("gems/sinatra*/lib")].first}"
+
+require 'artifice'
+require 'sinatra/base'
+
+Artifice.deactivate
+
+class Endpoint500 < Sinatra::Base
+ get "/quick/Marshal.4.8/:id" do
+ halt 500
+ end
+
+ get "/fetch/actual/gem/:id" do
+ halt 500
+ end
+
+ get "/gems/:id" do
+ halt 500
+ end
+
+ get "/api/v1/dependencies" do
+ halt 500
+ end
+
+ get "/specs.4.8.gz" do
+ halt 500
+ end
+end
+
+Artifice.activate_with(Endpoint500)

1 comment on commit 95bb144

Owner

indirect commented on 95bb144 Oct 1, 2011

Seems like merging this was a bad plan? The build is broken, unable to require "rack/test" :(

Please sign in to comment.