Set cache permissions to 0600

Fixes #365
r-lib · May 24, 2016 · 635172f · 635172f
1 parent 2731721
commit 635172f
Show file tree

Hide file tree

Showing 2 changed files with 26 additions and 9 deletions.
diff --git a/NEWS.md b/NEWS.md
@@ -1,5 +1,8 @@
 # httr 1.1.0.9000
 
+* The cross-session OAuth cache is now created with permission 0600, and should
+  give a better error if it can't be created (#365).
+
 * The default user agent string is now computed once and cached. This 
   is a small performance improvement, but important for local connections
   (#322, @richfitz).

diff --git a/R/oauth-cache.R b/R/oauth-cache.R
@@ -9,32 +9,46 @@ use_cache <- function(cache = getOption("httr_oauth_cache")) {
   # If it's a character, then it's a file path, so use it
   if (is.character(cache)) return(cache)
 
+  # If missing, see if it's ok to use one, and cache the results of
+  # that check in a global option.
   if (is.na(cache)) {
-    cache <- guess_cache()
-    if (cache) protect_cache()
+    cache <- can_use_cache()
     options("httr_oauth_cache" = cache)
   }
 
   if (cache) ".httr-oauth" else NULL
 }
 
-guess_cache <- function() {
-  if (file.exists(".httr-oauth")) return(TRUE)
+can_use_cache <- function(path = ".httr-oauth") {
+  file.exists(path) || (should_cache(path) && create_cache(path))
+}
+
+should_cache <- function(path = ".httr-oauth") {
   if (!interactive()) return(FALSE)
 
-  cat("Use a local file to cache OAuth access credentials between R sessions?")
+  cat("Use a local file ('", path, "'), to cache OAuth access credentials ",
+    "between R sessions?\n", sep = "")
   utils::menu(c("Yes", "No")) == 1
 }
 
-protect_cache <- function() {
+create_cache <- function(path = ".httr-oauth") {
+  file.create(path, showWarnings = FALSE)
+  if (!file.exists(path)) {
+    stop("Failed to create local cache ('", path, "')", call. = FALSE)
+  }
+
+  # Protect cache as much as possible
+  Sys.chmod(path, "0600")
+
   if (file.exists("DESCRIPTION")) {
-    add_line(".Rbuildignore", "^\\.httr-oauth$")
+    add_line(".Rbuildignore", paste0("^", gsub("\\.", "\\\\.", path), "$"))
   }
+  add_line(".gitignore", path)
 
-  add_line(".gitignore", ".httr-oauth")
-  invisible(TRUE)
+  TRUE
 }
 
+
 add_line <- function(path, line, quiet = FALSE) {
   if (file.exists(path)) {
     lines <- readLines(path, warn = FALSE)