diff options
| author | Andre Arko <andre@arko.net> | 2015-05-05 13:47:57 -0700 |
|---|---|---|
| committer | Samuel Giddins <segiddins@segiddins.me> | 2016-07-05 15:11:19 -0300 |
| commit | 1257acfe01c6f963d47d6552cbf4dbfc295550cc (patch) | |
| tree | a376f3a8054dcf410134eb82f40e39e6d9fd54e9 | |
| parent | 214875311d30217d6512a3013726b92ba8826599 (diff) | |
| download | bundler-1257acfe01c6f963d47d6552cbf4dbfc295550cc.tar.gz | |
add config git.allow_insecure and tests for #3453
| -rw-r--r-- | lib/bundler/source_list.rb | 18 | ||||
| -rw-r--r-- | spec/bundler/source_list_spec.rb | 26 |
2 files changed, 38 insertions, 6 deletions
diff --git a/lib/bundler/source_list.rb b/lib/bundler/source_list.rb index cc67a72194..37ce5f3a79 100644 --- a/lib/bundler/source_list.rb +++ b/lib/bundler/source_list.rb @@ -22,11 +22,8 @@ module Bundler end def add_git_source(options = {}) - source = add_source_to_list Source::Git.new(options), git_sources - if source.uri =~ /^git:/ - Bundler.ui.warn "The git source `#{source.uri}` uses the `git` protocol, " \ - "please consider changing it to `https`, which is more secure." - end + source = add_source_to_list(Source::Git.new(options), git_sources) + warn_on_git_protocol(source) source end @@ -114,5 +111,16 @@ module Bundler def combine_rubygems_sources Source::Rubygems.new("remotes" => rubygems_remotes) end + + def warn_on_git_protocol(source) + return if Bundler.settings["git.allow_insecure"] + + if source.uri =~ /^git\:/ + Bundler.ui.warn "The git source `#{source.uri}` uses the `git` protocol, " \ + "which transmits data without encryption. Disable this warning with " \ + "`bundle config git.allow_insecure true`, or switch to the `https` " \ + "protocol to keep your data secure." + end + end end end diff --git a/spec/bundler/source_list_spec.rb b/spec/bundler/source_list_spec.rb index 56f17f9af9..3657ac0927 100644 --- a/spec/bundler/source_list_spec.rb +++ b/spec/bundler/source_list_spec.rb @@ -3,7 +3,7 @@ require "spec_helper" describe Bundler::SourceList do before do - allow(Bundler).to receive(:root) { Pathname.new "/" } + allow(Bundler).to receive(:root) { Pathname.new "./tmp/bundled_app" } stub_const "ASourcePlugin", Class.new(Bundler::Plugin::API) ASourcePlugin.source "new_source" @@ -56,16 +56,40 @@ describe Bundler::SourceList do end it "passes the provided options to the new source" do + @new_source = source_list.add_git_source("uri" => "git://host/path.git") expect(@new_source.options).to eq("uri" => "git://host/path.git") end it "adds the source to the beginning of git_sources" do + @new_source = source_list.add_git_source("uri" => "git://host/path.git") expect(source_list.git_sources.first).to equal(@new_source) end it "removes existing duplicates" do + @duplicate = source_list.add_git_source("uri" => "git://host/path.git") + @new_source = source_list.add_git_source("uri" => "git://host/path.git") expect(source_list.git_sources).not_to include equal(@duplicate) end + + context "with the git: protocol" do + let(:msg) do + "The git source `git://existing-git.org/path.git` " \ + "uses the `git` protocol, which transmits data without encryption. " \ + "Disable this warning with `bundle config git.allow_insecure true`, " \ + "or switch to the `https` protocol to keep your data secure." + end + + it "warns about git protocols" do + expect(Bundler.ui).to receive(:warn).with(msg) + source_list.add_git_source("uri" => "git://existing-git.org/path.git") + end + + it "ignores git protocols on request" do + Bundler.settings["git.allow_insecure"] = true + expect(Bundler.ui).to_not receive(:warn).with(msg) + source_list.add_git_source("uri" => "git://existing-git.org/path.git") + end + end end describe "#add_rubygems_source" do |