Do not log the credentials used to contact a gem server

Adds a filter_uri method to HTTPError backed by the
URICredentialsFilter to be used when preparing error output.
In the tests, replace a double object with a real URI and
change a test hostname to be valid so that older versions of
Ruby's URI module don't choke on it. It would be cool to somehow
replace this work with the `anonymized_uri` in the
Bundler::Source::Rubygems::Remote class.

3 files changed, 10 insertions, 2 deletions

diff --git a/lib/bundler/errors.rb b/lib/bundler/errors.rb
index 69eb57e844..1f0f5f8201 100644
--- a/lib/bundler/errors.rb
+++ b/lib/bundler/errors.rb
@@ -30,7 +30,12 @@ module Bundler
   class GemspecError < BundlerError; status_code(14); end
   class InvalidOption < BundlerError; status_code(15); end
   class ProductionError < BundlerError; status_code(16); end
-  class HTTPError < BundlerError; status_code(17); end
+  class HTTPError < BundlerError
+    status_code(17)
+    def filter_uri(uri)
+      URICredentialsFilter.credential_filtered_uri(uri)
+    end
+  end
   class RubyVersionMismatch < BundlerError; status_code(18); end
   class SecurityError < BundlerError; status_code(19); end
   class LockfileError < BundlerError; status_code(20); end
diff --git a/lib/bundler/fetcher.rb b/lib/bundler/fetcher.rb
index 19611b1725..ce9d30c141 100644
--- a/lib/bundler/fetcher.rb
+++ b/lib/bundler/fetcher.rb
@@ -19,6 +19,7 @@ module Bundler
     # This is the error raised if OpenSSL fails the cert verification
     class CertificateFailureError < HTTPError
       def initialize(remote_uri)
+        remote_uri = filter_uri(remote_uri)
         super "Could not verify the SSL certificate for #{remote_uri}.\nThere" \
           " is a chance you are experiencing a man-in-the-middle attack, but" \
           " most likely your system doesn't have the CA certificates needed" \
@@ -39,6 +40,7 @@ module Bundler
     # This error is raised if HTTP authentication is required, but not provided.
     class AuthenticationRequiredError < HTTPError
       def initialize(remote_uri)
+        remote_uri = filter_uri(remote_uri)
         super "Authentication is required for #{remote_uri}.\n" \
           "Please supply credentials for this source. You can do this by running:\n" \
           " bundle config #{remote_uri} username:password"
@@ -47,6 +49,7 @@ module Bundler
     # This error is raised if HTTP authentication is provided, but incorrect.
     class BadAuthenticationError < HTTPError
       def initialize(remote_uri)
+        remote_uri = filter_uri(remote_uri)
         super "Bad username or password for #{remote_uri}.\n" \
           "Please double-check your credentials and correct them."
       end
diff --git a/lib/bundler/fetcher/downloader.rb b/lib/bundler/fetcher/downloader.rb
index 204e33387e..a4ba4f3af8 100644
--- a/lib/bundler/fetcher/downloader.rb
+++ b/lib/bundler/fetcher/downloader.rb
@@ -58,7 +58,7 @@ module Bundler
           raise NetworkDownError, "Could not reach host #{uri.host}. Check your network " \
           "connection and try again."
         else
-          raise HTTPError, "Network error while fetching #{uri}"
+          raise HTTPError, "Network error while fetching #{URICredentialsFilter.credential_filtered_uri(uri)}"
         end
       end
     end