Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

#1440. hide basic auth creds from custom sources

  • Loading branch information...
commit 7cc469915ff09e765e29c635b38b985d6e31f6ae 1 parent 82d4e19
@hone authored
View
16 lib/bundler/fetcher.rb
@@ -84,7 +84,7 @@ def fetch_remote_specs(gem_names, full_dependency_list = [], last_spec_list = []
query_list = gem_names - full_dependency_list
# only display the message on the first run
if full_dependency_list.empty?
- Bundler.ui.info "Fetching dependency information from the API at #{@remote_uri}", false
+ Bundler.ui.info "Fetching dependency information from the API at #{strip_user_pass_from_uri(@remote_uri)}", false
else
Bundler.ui.info ".", false
end
@@ -176,7 +176,7 @@ def fetch_dependency_remote_specs(gem_names)
# fetch from modern index: specs.4.8.gz
def fetch_all_remote_specs
@has_api = false
- Bundler.ui.info "Fetching source index for #{@remote_uri}"
+ Bundler.ui.info "Fetching source index for #{strip_user_pass_from_uri(@remote_uri)}"
Bundler.ui.debug "Fetching modern index"
Gem.sources = ["#{@remote_uri}"]
spec_list = Hash.new { |h,k| h[k] = [] }
@@ -187,13 +187,21 @@ def fetch_all_remote_specs
begin
Gem::SpecFetcher.new.list(false, true).each {|k, v| spec_list[k] += v }
rescue Gem::RemoteFetcher::FetchError
- Bundler.ui.warn "Could not fetch prerelease specs from #{@remote_uri}"
+ Bundler.ui.warn "Could not fetch prerelease specs from #{strip_user_pass_from_uri(@remote_uri)}"
end
rescue Gem::RemoteFetcher::FetchError
- raise Bundler::HTTPError, "Could not reach #{@remote_uri}"
+ raise Bundler::HTTPError, "Could not reach #{strip_user_pass_from_uri(@remote_uri)}"
end
return spec_list
end
+
+ def strip_user_pass_from_uri(uri)
+ uri_dup = uri.dup
+ uri_dup.user = "****" if uri_dup.user
+ uri_dup.password = "****" if uri_dup.password
+
+ uri_dup
+ end
end
end
View
51 spec/install/gems/dependency_api_spec.rb
@@ -53,21 +53,6 @@
should_be_installed "rack 1.0.0"
end
- it "passes basic authentication details" do
- uri = URI.parse(source_uri)
- uri.user = "hello"
- uri.password = "there"
-
- gemfile <<-G
- source "#{uri}"
- gem "rack"
- G
-
- bundle :install, :artifice => "endpoint_basic_authentication"
- out.should include("Fetching dependency information from the API at #{uri}")
- should_be_installed "rack 1.0.0"
- end
-
it "handles git dependencies that are in rubygems" do
build_git "foo" do |s|
s.executables = "foobar"
@@ -303,4 +288,40 @@
vendored_gems("bin/rackup").should exist
end
+
+ it "passes basic authentication details and strips out creds" do
+ uri = URI.parse(source_uri)
+ uri.user = "hello"
+ uri.password = "there"
+
+ gemfile <<-G
+ source "#{uri}"
+ gem "rack"
+ G
+
+ bundle :install, :artifice => "endpoint_basic_authentication"
+ out.should_not include("hello:there")
+ should_be_installed "rack 1.0.0"
+ end
+
+ it "strips http basic authentication creds for modern index" do
+ gemfile <<-G
+ source "http://user:pass@localgameserver.test"
+ gem "rack"
+ G
+
+ bundle :install, :artifice => "endopint_marshal_fail_basic_authentication"
+ out.should_not include("user:pass")
+ should_be_installed "rack 1.0.0"
+ end
+
+ it "strips http basic auth creds when it can't reach the server" do
+ gemfile <<-G
+ source "http://user:pass@foo.com"
+ gem "rack"
+ G
+
+ bundle :install, :artifice => "endpoint_500"
+ out.should_not include("user:pass")
+ end
end
View
13 spec/support/artifice/endopint_marshal_fail_basic_authentication.rb
@@ -0,0 +1,13 @@
+require File.expand_path("../endpoint_marshal_fail", __FILE__)
+
+Artifice.deactivate
+
+class EndpointMarshalFailBasicAuthentication < EndpointMarshalFail
+ before do
+ unless env["HTTP_AUTHORIZATION"]
+ halt 401, "Authentication info not supplied"
+ end
+ end
+end
+
+Artifice.activate_with(EndpointMarshalFailBasicAuthentication)
View
37 spec/support/artifice/endpoint_500.rb
@@ -0,0 +1,37 @@
+require File.expand_path("../../path.rb", __FILE__)
+include Spec::Path
+
+$LOAD_PATH.unshift "#{Dir[base_system_gems.join("gems/artifice*/lib")].first}"
+$LOAD_PATH.unshift "#{Dir[base_system_gems.join("gems/rack-*/lib")].first}"
+$LOAD_PATH.unshift "#{Dir[base_system_gems.join("gems/rack-*/lib")].last}"
+$LOAD_PATH.unshift "#{Dir[base_system_gems.join("gems/tilt*/lib")].first}"
+$LOAD_PATH.unshift "#{Dir[base_system_gems.join("gems/sinatra*/lib")].first}"
+
+require 'artifice'
+require 'sinatra/base'
+
+Artifice.deactivate
+
+class Endpoint500 < Sinatra::Base
+ get "/quick/Marshal.4.8/:id" do
+ halt 500
+ end
+
+ get "/fetch/actual/gem/:id" do
+ halt 500
+ end
+
+ get "/gems/:id" do
+ halt 500
+ end
+
+ get "/api/v1/dependencies" do
+ halt 500
+ end
+
+ get "/specs.4.8.gz" do
+ halt 500
+ end
+end
+
+Artifice.activate_with(Endpoint500)
Please sign in to comment.
Something went wrong with that request. Please try again.