Enable showing username for login authentication and oauth scheme for

oauth authentication for git sources
author: James Wen <jrw2175@columbia.edu> 2016-04-04 13:13:48 -0400
committer: James Wen <jrw2175@columbia.edu> 2016-04-04 18:42:31 -0400
commit: 7173d3ea6862685f381732c52f46eb3b90576be2 (patch)
tree: d987e7ff99872c579ffa8634ca937be622c2d098
parent: 29f48c3d47ed51d1c5de955eb7b7ae773a18abbb (diff)
download: bundler-7173d3ea6862685f381732c52f46eb3b90576be2.tar.gz
3 files changed, 48 insertions, 32 deletions
diff --git a/lib/bundler/uri_credentials_filter.rb b/lib/bundler/uri_credentials_filter.rb
index b1c4d289f4..37e0c19455 100644
--- a/lib/bundler/uri_credentials_filter.rb
+++ b/lib/bundler/uri_credentials_filter.rb
@@ -7,7 +7,15 @@ module Bundler
       return uri_to_anonymize if uri_to_anonymize.nil?
       uri = uri_to_anonymize.dup
       uri = URI(uri.to_s) unless uri.is_a?(URI)
-      uri.user = uri.password = nil if uri.userinfo
+      if uri.userinfo
+        # oauth authentication
+        if uri.password == "x-oauth-basic" || uri.password == "x"
+          # URI as string does not display with password if no user is set
+          oauth_designation = uri.password
+          uri.user = oauth_designation
+        end
+        uri.password = nil
+      end
       uri
     rescue URI::InvalidURIError # uri is not canonical uri scheme
       uri
diff --git a/spec/bundler/uri_credentials_filter_spec.rb b/spec/bundler/uri_credentials_filter_spec.rb
index 3b542fb655..f883a848a8 100644
--- a/spec/bundler/uri_credentials_filter_spec.rb
+++ b/spec/bundler/uri_credentials_filter_spec.rb
@@ -5,49 +5,58 @@ describe Bundler::URICredentialsFilter do
   subject { described_class }
 
   describe "#anonymized_uri" do
-    context "uri is a uri object" do
-      let(:uri) { URI("https://#{credentials}github.com/company/private-repo") }
+    shared_examples_for "sensitive credentials in uri are filtered out" do
+      context "authentication using oauth credentials" do
+        context "specified via 'x-oauth-basic'" do
+          let(:credentials) { "oauth_token:x-oauth-basic@" }
+
+          it "returns the uri without the oauth token" do
+            expect(subject.anonymized_uri(uri)).to eq(URI("https://x-oauth-basic@github.com/company/private-repo"))
+          end
+        end
+
+        context "specified via 'x'" do
+          let(:credentials) { "oauth_token:x@" }
 
-      context "that contains credentials" do
-        let(:credentials) { "oauth_token:x-oauth-basic@" }
+          it "returns the uri without the oauth token" do
+            expect(subject.anonymized_uri(uri)).to eq(URI("https://x@github.com/company/private-repo"))
+          end
+        end
+      end
 
-        it "returns the uri without the credentials" do
-          expect(subject.anonymized_uri(uri)).to eq(URI("https://github.com/company/private-repo"))
+      context "authentication using login credentials" do
+        let(:credentials) { "username1:hunter3@" }
+
+        it "returns the uri without the password" do
+          expect(subject.anonymized_uri(uri)).to eq(URI("https://username1@github.com/company/private-repo"))
         end
       end
 
-      context "that does not contains credentials" do
+      context "authentication without credentials" do
         let(:credentials) { "" }
 
         it "returns the same uri" do
-          # https://github.com/company/private-repo is not a valid URI in ruby 1.8.7
+          # URI does not consider https://github.com/company/private-repo a
+          # valid URI in ruby 1.8.7 due to the https
           if RUBY_VERSION > "1.8.7"
             expect(subject.anonymized_uri(uri)).to eq(URI(uri))
           else
-            expect(subject.anonymized_uri(uri)).to eq(uri)
+            expect(subject.anonymized_uri(uri).to_s).to eq(uri.to_s)
           end
         end
       end
     end
 
-    context "uri is a uri string" do
-      let(:uri) { "https://#{credentials}github.com/company/private-repo" }
-
-      context "that contains credentials" do
-        let(:credentials) { "oauth_token:x-oauth-basic@" }
+    context "uri is a uri object" do
+      let(:uri) { URI("https://#{credentials}github.com/company/private-repo") }
 
-        it "returns the uri without the credentials" do
-          expect(subject.anonymized_uri(uri)).to eq(URI("https://github.com/company/private-repo"))
-        end
-      end
+      it_behaves_like "sensitive credentials in uri are filtered out"
+    end
 
-      context "that does not contains credentials" do
-        let(:credentials) { "" }
+    context "uri is a uri string" do
+      let(:uri) { "https://#{credentials}github.com/company/private-repo" }
 
-        it "returns the same uri" do
-          expect(subject.anonymized_uri(uri)).to eq(URI(uri))
-        end
-      end
+      it_behaves_like "sensitive credentials in uri are filtered out"
     end
 
     context "uri is a non-uri format string (ex. path)" do
@@ -75,9 +84,9 @@ describe Bundler::URICredentialsFilter do
     context "with a uri that contains credentials" do
       let(:credentials) { "oauth_token:x-oauth-basic@" }
 
-      it "returns the string without the credentials" do
+      it "returns the string without the sensitive credentials" do
         expect(subject.credentials_filtered_string(str_to_filter, uri)).to eq(
-          "This is a git message containing a uri https://github.com/company/private-repo!")
+          "This is a git message containing a uri https://x-oauth-basic@github.com/company/private-repo!")
       end
     end
 
diff --git a/spec/install/gemfile/git_spec.rb b/spec/install/gemfile/git_spec.rb
index 04b3e00893..2cb62b424e 100644
--- a/spec/install/gemfile/git_spec.rb
+++ b/spec/install/gemfile/git_spec.rb
@@ -1107,7 +1107,7 @@ describe "bundle install with git sources" do
     context "that are username and password" do
       let(:credentials) { "user1:password1" }
 
-      it "does not display the username or password" do
+      it "does not display the password" do
         install_gemfile <<-G, :expect_err => true
           git "https://#{credentials}@github.com/company/private-repo" do
             gem "foo"
@@ -1115,16 +1115,15 @@ describe "bundle install with git sources" do
         G
 
         bundle :install, :expect_err => true
-        expect(out).to_not include("user1")
         expect(out).to_not include("password1")
-        expect(out).to include("Fetching https://github.com/company/private-repo")
+        expect(out).to include("Fetching https://user1@github.com/company/private-repo")
       end
     end
 
     context "that is an oauth token" do
       let(:credentials) { "oauth_token" }
 
-      it "does not display the oauth token" do
+      it "displays the oauth scheme but not the oauth token" do
         install_gemfile <<-G, :expect_err => true
           git "https://#{credentials}:x-oauth-basic@github.com/company/private-repo" do
             gem "foo"
@@ -1133,7 +1132,7 @@ describe "bundle install with git sources" do
 
         bundle :install, :expect_err => true
         expect(out).to_not include("oauth_token")
-        expect(out).to include("Fetching https://github.com/company/private-repo")
+        expect(out).to include("Fetching https://x-oauth-basic@github.com/company/private-repo")
       end
     end
   end
author	James Wen <jrw2175@columbia.edu>	2016-04-04 13:13:48 -0400
committer	James Wen <jrw2175@columbia.edu>	2016-04-04 18:42:31 -0400
commit	7173d3ea6862685f381732c52f46eb3b90576be2 (patch)
tree	d987e7ff99872c579ffa8634ca937be622c2d098
parent	29f48c3d47ed51d1c5de955eb7b7ae773a18abbb (diff)
download	bundler-7173d3ea6862685f381732c52f46eb3b90576be2.tar.gz