diff options
author | Lars Haugseth <git@larshaugseth.com> | 2014-05-28 13:06:18 +0200 |
---|---|---|
committer | Andre Arko <andre@arko.net> | 2014-07-17 22:32:00 -0700 |
commit | 579d78d3e953a49e3bbfd12c8ead6809508b4a42 (patch) | |
tree | 0af8ef99c98e2a9965fedb2b7509f31023b6fe98 | |
parent | 173f996b0e92cf6eecb5974160a00d063f2fde7f (diff) | |
download | bundler-579d78d3e953a49e3bbfd12c8ead6809508b4a42.tar.gz |
Don't include configured source credentials in lockfile.
Conflicts:
CHANGELOG.md
-rw-r--r-- | CHANGELOG.md | 1 | ||||
-rw-r--r-- | lib/bundler/source/rubygems.rb | 13 | ||||
-rw-r--r-- | spec/lock/lockfile_spec.rb | 25 |
3 files changed, 38 insertions, 1 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md index fc4376eec2..89f32c86e9 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -3,6 +3,7 @@ Bugfixes: - fix undefined constant error when can't find gem during binstubs (#3095, @jetaggart) + - don't store configured source credentials in Gemfile.lock (#3045, @lhz) ## 1.6.3 (2014-06-16) diff --git a/lib/bundler/source/rubygems.rb b/lib/bundler/source/rubygems.rb index 5ca35c837e..238804be31 100644 --- a/lib/bundler/source/rubygems.rb +++ b/lib/bundler/source/rubygems.rb @@ -50,7 +50,9 @@ module Bundler def to_lock out = "GEM\n" - out << remotes.map {|r| " remote: #{r}\n" }.join + out << remotes.map { |remote| + " remote: #{suppress_configured_credentials remote}\n" + }.join out << " specs:\n" end @@ -183,6 +185,15 @@ module Bundler uri end + def suppress_configured_credentials(remote) + remote_nouser = remote.tap { |uri| uri.user = uri.password = nil }.to_s + if remote.userinfo && remote.userinfo == Bundler.settings[remote_nouser] + remote_nouser + else + remote + end + end + def fetch_specs # remote_specs usually generates a way larger Index than the other # sources, and large_idx.use small_idx is way faster than diff --git a/spec/lock/lockfile_spec.rb b/spec/lock/lockfile_spec.rb index 779fd1c613..ef016c2cb6 100644 --- a/spec/lock/lockfile_spec.rb +++ b/spec/lock/lockfile_spec.rb @@ -70,6 +70,31 @@ describe "the lockfile format" do G end + it "generates a lockfile wihout credentials for a configured source" do + bundle "config http://localgemserver.test/ user:pass" + + install_gemfile(<<-G, :artifice => "endpoint_strict_basic_authentication", :quiet => true) + source "http://localgemserver.test/" + + gem "rack-obama", ">= 1.0" + G + + lockfile_should_be <<-G + GEM + remote: http://localgemserver.test/ + specs: + rack (1.0.0) + rack-obama (1.0) + rack + + PLATFORMS + #{generic(Gem::Platform.local)} + + DEPENDENCIES + rack-obama (>= 1.0) + G + end + it "generates lockfiles with multiple requirements" do install_gemfile <<-G source "file://#{gem_repo1}" |