Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP

Loading…

Fixes #1440. Hides basic auth credentials for custom sources #1463

Merged
merged 2 commits into from

2 participants

@hone
Owner

No description provided.

@indirect indirect merged commit 95bb144 into from
@indirect
Owner

looks good, thanks :)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
This page is out of date. Refresh to see the latest.
View
16 lib/bundler/fetcher.rb
@@ -84,7 +84,7 @@ def fetch_remote_specs(gem_names, full_dependency_list = [], last_spec_list = []
query_list = gem_names - full_dependency_list
# only display the message on the first run
if full_dependency_list.empty?
- Bundler.ui.info "Fetching dependency information from the API at #{@remote_uri}", false
+ Bundler.ui.info "Fetching dependency information from the API at #{strip_user_pass_from_uri(@remote_uri)}", false
else
Bundler.ui.info ".", false
end
@@ -176,7 +176,7 @@ def fetch_dependency_remote_specs(gem_names)
# fetch from modern index: specs.4.8.gz
def fetch_all_remote_specs
@has_api = false
- Bundler.ui.info "Fetching source index for #{@remote_uri}"
+ Bundler.ui.info "Fetching source index for #{strip_user_pass_from_uri(@remote_uri)}"
Bundler.ui.debug "Fetching modern index"
Gem.sources = ["#{@remote_uri}"]
spec_list = Hash.new { |h,k| h[k] = [] }
@@ -187,13 +187,21 @@ def fetch_all_remote_specs
begin
Gem::SpecFetcher.new.list(false, true).each {|k, v| spec_list[k] += v }
rescue Gem::RemoteFetcher::FetchError
- Bundler.ui.warn "Could not fetch prerelease specs from #{@remote_uri}"
+ Bundler.ui.warn "Could not fetch prerelease specs from #{strip_user_pass_from_uri(@remote_uri)}"
end
rescue Gem::RemoteFetcher::FetchError
- raise Bundler::HTTPError, "Could not reach #{@remote_uri}"
+ raise Bundler::HTTPError, "Could not reach #{strip_user_pass_from_uri(@remote_uri)}"
end
return spec_list
end
+
+ def strip_user_pass_from_uri(uri)
+ uri_dup = uri.dup
+ uri_dup.user = "****" if uri_dup.user
+ uri_dup.password = "****" if uri_dup.password
+
+ uri_dup
+ end
end
end
View
59 spec/install/gems/dependency_api_spec.rb
@@ -53,21 +53,6 @@
should_be_installed "rack 1.0.0"
end
- it "passes basic authentication details" do
- uri = URI.parse(source_uri)
- uri.user = "hello"
- uri.password = "there"
-
- gemfile <<-G
- source "#{uri}"
- gem "rack"
- G
-
- bundle :install, :artifice => "endpoint_basic_authentication"
- out.should include("Fetching dependency information from the API at #{uri}")
- should_be_installed "rack 1.0.0"
- end
-
it "handles git dependencies that are in rubygems" do
build_git "foo" do |s|
s.executables = "foobar"
@@ -303,4 +288,48 @@
vendored_gems("bin/rackup").should exist
end
+
+ context "when using basic authentication" do
+ let(:user) { "user" }
+ let(:password) { "pass" }
+ let(:basic_auth_source_uri) do
+ uri = URI.parse(source_uri)
+ uri.user = user
+ uri.password = password
+
+ uri
+ end
+
+ it "passes basic authentication details and strips out creds" do
+ gemfile <<-G
+ source "#{basic_auth_source_uri}"
+ gem "rack"
+ G
+
+ bundle :install, :artifice => "endpoint_basic_authentication"
+ out.should_not include("#{user}:#{password}")
+ should_be_installed "rack 1.0.0"
+ end
+
+ it "strips http basic authentication creds for modern index" do
+ gemfile <<-G
+ source "#{basic_auth_source_uri}"
+ gem "rack"
+ G
+
+ bundle :install, :artifice => "endopint_marshal_fail_basic_authentication"
+ out.should_not include("#{user}:#{password}")
+ should_be_installed "rack 1.0.0"
+ end
+
+ it "strips http basic auth creds when it can't reach the server" do
+ gemfile <<-G
+ source "#{basic_auth_source_uri}"
+ gem "rack"
+ G
+
+ bundle :install, :artifice => "endpoint_500"
+ out.should_not include("#{user}:#{password}")
+ end
+ end
end
View
13 spec/support/artifice/endopint_marshal_fail_basic_authentication.rb
@@ -0,0 +1,13 @@
+require File.expand_path("../endpoint_marshal_fail", __FILE__)
+
+Artifice.deactivate
+
+class EndpointMarshalFailBasicAuthentication < EndpointMarshalFail
+ before do
+ unless env["HTTP_AUTHORIZATION"]
+ halt 401, "Authentication info not supplied"
+ end
+ end
+end
+
+Artifice.activate_with(EndpointMarshalFailBasicAuthentication)
View
37 spec/support/artifice/endpoint_500.rb
@@ -0,0 +1,37 @@
+require File.expand_path("../../path.rb", __FILE__)
+include Spec::Path
+
+$LOAD_PATH.unshift "#{Dir[base_system_gems.join("gems/artifice*/lib")].first}"
+$LOAD_PATH.unshift "#{Dir[base_system_gems.join("gems/rack-*/lib")].first}"
+$LOAD_PATH.unshift "#{Dir[base_system_gems.join("gems/rack-*/lib")].last}"
+$LOAD_PATH.unshift "#{Dir[base_system_gems.join("gems/tilt*/lib")].first}"
+$LOAD_PATH.unshift "#{Dir[base_system_gems.join("gems/sinatra*/lib")].first}"
+
+require 'artifice'
+require 'sinatra/base'
+
+Artifice.deactivate
+
+class Endpoint500 < Sinatra::Base
+ get "/quick/Marshal.4.8/:id" do
+ halt 500
+ end
+
+ get "/fetch/actual/gem/:id" do
+ halt 500
+ end
+
+ get "/gems/:id" do
+ halt 500
+ end
+
+ get "/api/v1/dependencies" do
+ halt 500
+ end
+
+ get "/specs.4.8.gz" do
+ halt 500
+ end
+end
+
+Artifice.activate_with(Endpoint500)
Something went wrong with that request. Please try again.