Skip to content
This repository has been archived by the owner on Apr 14, 2021. It is now read-only.

Commit

Permalink
Allow Basic Auth by a username with no password
Browse files Browse the repository at this point in the history
  • Loading branch information
@rykov
rykov committed Aug 19, 2013
1 parent b9cf4a7 commit b4b5149
Show file tree
Hide file tree
Showing 2 changed files with 15 additions and 1 deletion.
2 changes: 1 addition & 1 deletion lib/bundler/fetcher.rb
View file
Expand Up @@ -217,7 +217,7 @@ def fetch(uri, counter = 0)
begin
Bundler.ui.debug "Fetching from: #{uri}"
req = Net::HTTP::Get.new uri.request_uri
req.basic_auth(uri.user, uri.password) if uri.user && uri.password
req.basic_auth(uri.user, uri.password) if uri.user
if defined?(Net::HTTP::Persistent)
response = @connection.request(uri, req)
else
Expand Down
14 changes: 14 additions & 0 deletions spec/install/gems/dependency_api_spec.rb
View file
Expand Up @@ -419,6 +419,20 @@
bundle :install, :artifice => "endpoint_creds_diff_host"
should_be_installed "rack 1.0.0"
end

describe "with no password" do
let(:password) { nil }

it "passes basic authentication details" do
gemfile <<-G
source "#{basic_auth_source_uri}"
gem "rack"
G

bundle :install, :artifice => "endpoint_basic_authentication"
should_be_installed "rack 1.0.0"
end
end
end

context "when ruby is compiled without openssl" do
Expand Down

5 comments on commit b4b5149

@hone
Copy link
Contributor

@hone hone commented on b4b5149 Aug 27, 2013

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

can't we have the reverse case here as well? only password, no login.

@rykov
Copy link
Contributor Author

@rykov rykov commented on b4b5149 Aug 27, 2013

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't think it's possible to specify that via the Basic Auth mechanism. If the authentication information has no colon like https://username@..., then the password is set to nil. However, if you try to enter just the password with https://:password@..., just having the leading colon makes the username be blank, not nil. I think the same applies when the credentials are encoded in the Authorization header. Is there a particular user-case you're thinking of or am I mistaking on this?

@hone
Copy link
Contributor

@hone hone commented on b4b5149 Aug 27, 2013

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

at work we often do the latter, but wasn't sure if that set uri.user to nil or "". I just wanted to make sure that case worked here.

@rykov
Copy link
Contributor Author

@rykov rykov commented on b4b5149 Aug 27, 2013

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I just checked and Ruby doesn't allow you to build a URI with a nil username

irb(main):006:0> u = URI.parse('http://www.gemfury.com')
irb(main):008:0> u.user = nil
irb(main):009:0> u.password = '123'
URI::InvalidURIError: password component depends user component

@hone
Copy link
Contributor

@hone hone commented on b4b5149 Aug 27, 2013

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

thanks for looking into this! ❤️ ❤️

Please sign in to comment.