raise BadAuthenticationError when userinfo is found in 401 responses

author: Jonathan <jonacom@lissismore.com> 2019-01-23 15:28:56 -0500
committer: Jonathan <jonacom@lissismore.com> 2019-01-23 15:28:56 -0500
commit: 1930f20690d8a2d34fbd255794d329e08c1335ef (patch)
tree: ebefa0c795a04670cb5744058af3bd6c5931c888
parent: e66e6f2fb7d595151bd77a342a07c9cd15e3cac0 (diff)
download: bundler-1930f20690d8a2d34fbd255794d329e08c1335ef.tar.gz
4 files changed, 32 insertions, 3 deletions
diff --git a/lib/bundler/fetcher/downloader.rb b/lib/bundler/fetcher/downloader.rb
index 87ad4140fd..e0c5d13e50 100644
--- a/lib/bundler/fetcher/downloader.rb
+++ b/lib/bundler/fetcher/downloader.rb
@@ -35,6 +35,7 @@ module Bundler
         when Net::HTTPRequestEntityTooLarge
           raise FallbackError, response.body
         when Net::HTTPUnauthorized
+          raise BadAuthenticationError, uri.host if uri.userinfo
           raise AuthenticationRequiredError, uri.host
         when Net::HTTPNotFound
           raise FallbackError, "Net::HTTPNotFound: #{URICredentialsFilter.credential_filtered_uri(uri)}"
diff --git a/lib/bundler/fetcher/index.rb b/lib/bundler/fetcher/index.rb
index 1a8064624d..eb32186eea 100644
--- a/lib/bundler/fetcher/index.rb
+++ b/lib/bundler/fetcher/index.rb
@@ -13,6 +13,7 @@ module Bundler
         when /certificate verify failed/
           raise CertificateFailureError.new(display_uri)
         when /401/
+          raise BadAuthenticationError, remote_uri if remote_uri.userinfo
           raise AuthenticationRequiredError, remote_uri
         when /403/
           raise BadAuthenticationError, remote_uri if remote_uri.userinfo
diff --git a/spec/bundler/fetcher/downloader_spec.rb b/spec/bundler/fetcher/downloader_spec.rb
index 07b507266b..b4b6dc4f03 100644
--- a/spec/bundler/fetcher/downloader_spec.rb
+++ b/spec/bundler/fetcher/downloader_spec.rb
@@ -4,6 +4,7 @@ RSpec.describe Bundler::Fetcher::Downloader do
   let(:connection)     { double(:connection) }
   let(:redirect_limit) { 5 }
   let(:uri)            { URI("http://www.uri-to-fetch.com/api/v2/endpoint") }
+  let(:uri_with_creds) { URI("http://user:password@uri-to-fetch.com/api/v2/endpoint")}
   let(:options)        { double(:options) }
 
   subject { described_class.new(connection, redirect_limit) }
@@ -82,6 +83,15 @@ RSpec.describe Bundler::Fetcher::Downloader do
         expect { subject.fetch(uri, options, counter) }.to raise_error(Bundler::Fetcher::AuthenticationRequiredError,
           /Authentication is required for www.uri-to-fetch.com/)
       end
+
+      context "when the there are credentials provided in the request" do
+        let(:uri) { URI("http://user:password@www.uri-to-fetch.com") }
+
+        it "should raise a Bundler::Fetcher::BadAuthenticationError that doesn't contain the password" do
+          expect { subject.fetch(uri, options, counter) }.
+            to raise_error(Bundler::Fetcher::BadAuthenticationError, %r{Bad username or password for www.uri-to-fetch.com})
+        end
+      end
     end
 
     context "when the request response is a Net::HTTPNotFound" do
diff --git a/spec/bundler/fetcher/index_spec.rb b/spec/bundler/fetcher/index_spec.rb
index 0cf0ae764e..d5ededae3e 100644
--- a/spec/bundler/fetcher/index_spec.rb
+++ b/spec/bundler/fetcher/index_spec.rb
@@ -35,9 +35,26 @@ RSpec.describe Bundler::Fetcher::Index do
       context "when a 401 response occurs" do
         let(:error_message) { "401" }
 
-        it "should raise a Bundler::Fetcher::AuthenticationRequiredError" do
-          expect { subject.specs(gem_names) }.to raise_error(Bundler::Fetcher::AuthenticationRequiredError,
-            %r{Authentication is required for http://remote-uri.org})
+        before do
+          allow(remote_uri).to receive(:userinfo).and_return(userinfo)
+        end
+
+        context "and there was userinfo" do
+          let(:userinfo) { double(:userinfo) }
+
+          it "should raise a Bundler::Fetcher::BadAuthenticationError" do
+            expect { subject.specs(gem_names) }.to raise_error(Bundler::Fetcher::BadAuthenticationError,
+              %r{Bad username or password for http://remote-uri.org})
+          end
+        end
+
+        context "and there was no userinfo" do
+          let(:userinfo) { nil }
+
+          it "should raise a Bundler::Fetcher::AuthenticationRequiredError" do
+            expect { subject.specs(gem_names) }.to raise_error(Bundler::Fetcher::AuthenticationRequiredError,
+              %r{Authentication is required for http://remote-uri.org})
+          end
         end
       end
author	Jonathan <jonacom@lissismore.com>	2019-01-23 15:28:56 -0500
committer	Jonathan <jonacom@lissismore.com>	2019-01-23 15:28:56 -0500
commit	1930f20690d8a2d34fbd255794d329e08c1335ef (patch)
tree	ebefa0c795a04670cb5744058af3bd6c5931c888
parent	e66e6f2fb7d595151bd77a342a07c9cd15e3cac0 (diff)
download	bundler-1930f20690d8a2d34fbd255794d329e08c1335ef.tar.gz