Add support for reading credentials from .netrc files (#925)

Author: frerich

lib/hex/application.ex

@@ -74,6 +74,7 @@ defmodule Hex.Application do
   if Mix.env() == :test do
     defp children do
       [
+        worker(Hex.Netrc.Cache),
         worker(Hex.State),
         worker(Hex.Server),
         worker(Hex.Parallel, [:hex_fetcher])
@@ -82,6 +83,7 @@ defmodule Hex.Application do
   else
     defp children do
       [
+        worker(Hex.Netrc.Cache),
         worker(Hex.State),
         worker(Hex.Server),
         worker(Hex.Parallel, [:hex_fetcher]),

lib/hex/http.ex

@@ -6,7 +6,10 @@ defmodule Hex.HTTP do
   @request_retries 2
 
   def request(method, url, headers, body, opts \\ []) do
-    headers = build_headers(headers)
+    headers =
+      headers
+      |> build_headers()
+      |> add_basic_auth_via_netrc(url)
 
     timeout =
       opts[:timeout] ||
@@ -295,4 +298,19 @@ defmodule Hex.HTTP do
     |> skip_ws()
     |> skip_trail_ws("", "")
   end
+
+  defp add_basic_auth_via_netrc(%{'authorization' => _} = headers, _url), do: headers
+
+  defp add_basic_auth_via_netrc(%{} = headers, url) do
+    url = URI.parse(url)
+
+    case Hex.Netrc.lookup(url.host) do
+      {:ok, %{username: username, password: password}} ->
+        base64 = :base64.encode_to_string("#{username}:#{password}")
+        Map.put(headers, 'authorization', 'Basic #{base64}')
+
+      _ ->
+        headers
+    end
+  end
 end

lib/hex/netrc.ex

@@ -0,0 +1,16 @@
+defmodule Hex.Netrc do
+  @moduledoc false
+
+  alias Hex.Netrc.Cache
+  alias Hex.Netrc.Parser
+
+  def lookup(host, path \\ Parser.netrc_path()) when is_binary(host) and is_binary(path) do
+    case Cache.fetch(path) do
+      {:ok, %{} = machines} ->
+        {:ok, Map.get(machines, host)}
+
+      other ->
+        other
+    end
+  end
+end

lib/hex/netrc/cache.ex

@@ -0,0 +1,31 @@
+defmodule Hex.Netrc.Cache do
+  @moduledoc false
+
+  alias Hex.Netrc.Parser
+
+  @agent_name __MODULE__
+
+  def start_link(_arg) do
+    Agent.start_link(fn -> %{} end, name: @agent_name)
+  end
+
+  def child_spec(arg) do
+    %{
+      id: __MODULE__,
+      start: {__MODULE__, :start_link, [arg]}
+    }
+  end
+
+  def fetch(path \\ Parser.netrc_path()) when is_binary(path) do
+    Agent.get_and_update(@agent_name, fn cache ->
+      case Map.fetch(cache, path) do
+        {:ok, cached_parse_result} ->
+          {cached_parse_result, cache}
+
+        :error ->
+          parse_result = Parser.parse(path)
+          {parse_result, Map.put(cache, path, parse_result)}
+      end
+    end)
+  end
+end

lib/hex/netrc/parser.ex

@@ -0,0 +1,60 @@
+defmodule Hex.Netrc.Parser do
+  @moduledoc false
+
+  def parse(path \\ netrc_path()) when is_binary(path) do
+    case File.read(path) do
+      {:ok, contents} ->
+        parse_contents(contents)
+
+      error ->
+        error
+    end
+  end
+
+  defp parse_contents(contents) when is_binary(contents) do
+    parse_result =
+      contents
+      |> Hex.Stdlib.string_trim()
+      |> String.split("\n", trim: true)
+      |> Enum.map(&String.split/1)
+      |> Enum.reduce({%{}, nil}, &parse_line/2)
+
+    case parse_result do
+      {machines, %{username: _, password: _} = current} ->
+        {host, machine} = Map.pop(current, :host)
+        {:ok, Map.put(machines, host, machine)}
+
+      _ ->
+        {:error, :parse}
+    end
+  end
+
+  defp parse_line(_, :parse_error), do: :parse_error
+
+  defp parse_line(["machine", host], {machines, nil}) do
+    {machines, %{host: host}}
+  end
+
+  defp parse_line(["machine", next_host], {machines, %{username: _, password: _} = current}) do
+    {host, machine} = Map.pop(current, :host)
+    {Map.put(machines, host, machine), %{host: next_host}}
+  end
+
+  defp parse_line(["login", username], {machines, %{} = current}) do
+    {machines, Map.put(current, :username, username)}
+  end
+
+  defp parse_line(["password", password], {machines, %{} = current}) do
+    {machines, Map.put(current, :password, password)}
+  end
+
+  defp parse_line(_line, _parse_state), do: :parse_error
+
+  def netrc_path() do
+    System.get_env("NETRC") || default_path()
+  end
+
+  defp default_path() do
+    Path.join(System.user_home!(), ".netrc")
+  end
+end

test/hex/http_test.exs

@@ -8,9 +8,12 @@ defmodule Hex.HTTPTest do
       Enum.map([:proxy, :https_proxy], fn opt ->
         :httpc.set_options([{opt, {{'localhost', 80}, ['localhost']}}], :hex)
       end)
+
+      System.delete_env("NETRC")
     end)
 
-    :ok
+    bypass = Bypass.open()
+    {:ok, bypass: bypass}
   end
 
   test "proxy_config returns no credentials when no proxy supplied" do
@@ -51,4 +54,65 @@ defmodule Hex.HTTPTest do
     Hex.HTTP.handle_hex_message('"oops, you done goofed";level=fatal  ')
     assert_received {:mix_shell, :error, ["API error: oops, you done goofed"]}
   end
+
+  test "request adds no authorization header if none is given and no netrc is found", %{
+    bypass: bypass
+  } do
+    in_tmp(fn ->
+      Bypass.expect(bypass, fn conn ->
+        assert Plug.Conn.get_req_header(conn, "authorization") == []
+        Plug.Conn.resp(conn, 200, "")
+      end)
+
+      Hex.HTTP.request(:get, "http://localhost:#{bypass.port}", [], nil)
+    end)
+  end
+
+  test "request adds authorization header based on netrc if none is given", %{bypass: bypass} do
+    in_tmp(fn ->
+      File.write!(".netrc", """
+      machine localhost
+        login john
+        password doe
+      """)
+
+      System.put_env("NETRC", Path.join(File.cwd!(), ".netrc"))
+
+      Bypass.expect(bypass, fn conn ->
+        assert Plug.Conn.get_req_header(conn, "authorization") == [
+                 "Basic #{:base64.encode("john:doe")}"
+               ]
+
+        Plug.Conn.resp(conn, 200, "")
+      end)
+
+      Hex.HTTP.request(:get, "http://localhost:#{bypass.port}", [], nil)
+    end)
+  end
+
+  test "request adds no authorization header based on netrc if authorization is given", %{
+    bypass: bypass
+  } do
+    in_tmp(fn ->
+      File.write!(".netrc", """
+      machine localhost
+        login john
+        password doe
+      """)
+
+      System.put_env("NETRC", Path.join(File.cwd!(), ".netrc"))
+
+      Bypass.expect(bypass, fn conn ->
+        assert Plug.Conn.get_req_header(conn, "authorization") == ["myAuthHeader"]
+        Plug.Conn.resp(conn, 200, "")
+      end)
+
+      Hex.HTTP.request(
+        :get,
+        "http://localhost:#{bypass.port}",
+        [{'authorization', 'myAuthHeader'}],
+        nil
+      )
+    end)
+  end
 end

test/hex/netrc/cache_test.exs

@@ -0,0 +1,68 @@
+defmodule Hex.Netrc.CacheTest do
+  use HexTest.Case, async: false
+
+  alias Hex.Netrc.Cache
+
+  setup do
+    # Restart Hex between tests to get a fresh cache.
+    Application.stop(:hex)
+    :ok = Application.start(:hex)
+  end
+
+  test "fetch/1 fails on non-existent file" do
+    in_tmp(fn ->
+      assert {:error, :enoent} = Cache.fetch(".netrc")
+    end)
+  end
+
+  test "fetch/1 remembers parse errors" do
+    in_tmp(fn ->
+      File.write!(".netrc", "")
+      assert {:error, :parse} = Cache.fetch(".netrc")
+      File.rm!(".netrc")
+      assert {:error, :parse} = Cache.fetch(".netrc")
+    end)
+  end
+
+  test "fetch/1 succeeds on simple file" do
+    in_tmp(fn ->
+      data = """
+      machine foo.example.com
+        login john
+        password bar
+      """
+
+      parsed = %{
+        "foo.example.com" => %{
+          username: "john",
+          password: "bar"
+        }
+      }
+
+      File.write!(".netrc", data)
+      assert {:ok, ^parsed} = Cache.fetch(".netrc")
+    end)
+  end
+
+  test "fetch/1 remembers successful parses" do
+    in_tmp(fn ->
+      data = """
+      machine foo.example.com
+        login john
+        password bar
+      """
+
+      parsed = %{
+        "foo.example.com" => %{
+          username: "john",
+          password: "bar"
+        }
+      }
+
+      File.write!(".netrc", data)
+      assert {:ok, ^parsed} = Cache.fetch(".netrc")
+      File.rm!(".netrc")
+      assert {:ok, ^parsed} = Cache.fetch(".netrc")
+    end)
+  end
+end