diff options
author | Tim Moore <tmoore@incrementalism.net> | 2014-08-15 08:14:14 +1000 |
---|---|---|
committer | Tim Moore <tmoore@incrementalism.net> | 2014-08-15 08:14:14 +1000 |
commit | 3d7386d00bb0d8aecb7342dcb7e5b72a97518299 (patch) | |
tree | 85bb4becf649711d7e94de065b2ffd7bfc44e8dd | |
parent | fa46d0dc6bf164fbcb4392ca90e77f5f8941aa53 (diff) | |
download | bundler-3d7386d00bb0d8aecb7342dcb7e5b72a97518299.tar.gz |
Fix handling for sources with basic auth.
Closes #3132.
-rw-r--r-- | lib/bundler/definition.rb | 15 | ||||
-rw-r--r-- | lib/bundler/source/rubygems.rb | 17 | ||||
-rw-r--r-- | spec/install/deploy_spec.rb | 12 |
3 files changed, 40 insertions, 4 deletions
diff --git a/lib/bundler/definition.rb b/lib/bundler/definition.rb index f03e7e7f..ed522748 100644 --- a/lib/bundler/definition.rb +++ b/lib/bundler/definition.rb @@ -462,8 +462,19 @@ module Bundler def converge_sources changes = false - # Get the Rubygems source from the Gemfile.lock - locked_gem = @locked_sources.select { |s| s.kind_of?(Source::Rubygems) } + # Get the Rubygems sources from the Gemfile.lock + locked_gem_sources = @locked_sources.select { |s| s.kind_of?(Source::Rubygems) } + # Get the Rubygems sources from the Gemfile + actual_gem_sources = @sources.rubygems_sources + + # If there is a Rubygems source in both + unless locked_gem_sources.empty? && actual_gem_sources.empty? + actual_remotes = actual_gem_sources.map(&:remotes).flatten.uniq + locked_gem_sources.each do |locked_gem| + # Merge the remotes from the Gemfile into the Gemfile.lock + changes = changes | locked_gem.replace_remotes(actual_remotes) + end + end # Replace the sources from the Gemfile with the sources from the Gemfile.lock, # if they exist in the Gemfile.lock and are `==`. If you can't find an equivalent diff --git a/lib/bundler/source/rubygems.rb b/lib/bundler/source/rubygems.rb index d31acdb9..f78d9f11 100644 --- a/lib/bundler/source/rubygems.rb +++ b/lib/bundler/source/rubygems.rb @@ -35,7 +35,7 @@ module Bundler end def eql?(o) - o.is_a?(Rubygems) && remotes == o.remotes + o.is_a?(Rubygems) && remotes_equal?(o.remotes) end alias == eql? @@ -163,6 +163,15 @@ module Bundler @remotes.unshift(uri) unless @remotes.include?(uri) end + def replace_remotes(other_remotes) + return false if other_remotes == @remotes + + @remotes = [] + other_remotes.reverse_each do |r| + add_remote r.to_s + end + end + protected def source_uris_for_spec(spec) @@ -193,7 +202,7 @@ module Bundler end def suppress_configured_credentials(remote) - remote_nouser = remote.tap { |uri| uri.user = uri.password = nil }.to_s + remote_nouser = remote.dup.tap { |uri| uri.user = uri.password = nil }.to_s if remote.userinfo && remote.userinfo == Bundler.settings[remote_nouser] remote_nouser else @@ -331,6 +340,10 @@ module Bundler # Ruby 2.0, where gemspecs are stored in specifications/default/ spec.loaded_from && spec.loaded_from.include?("specifications/default/") end + + def remotes_equal?(other_remotes) + remotes.map(&method(:suppress_configured_credentials)) == other_remotes.map(&method(:suppress_configured_credentials)) + end end end end diff --git a/spec/install/deploy_spec.rb b/spec/install/deploy_spec.rb index fdfe64bf..c3ba3215 100644 --- a/spec/install/deploy_spec.rb +++ b/spec/install/deploy_spec.rb @@ -67,6 +67,18 @@ describe "install with --deployment or --frozen" do expect(exitstatus).to eq(0) end + it "works when there are credentials in the source URL" do + install_gemfile(<<-G, :artifice => "endpoint_strict_basic_authentication", :quiet => true) + source "http://user:pass@localgemserver.test/" + + gem "rack-obama", ">= 1.0" + G + + bundle "install --deployment", :exitstatus => true, :artifice => "endpoint_strict_basic_authentication" + + expect(exitstatus).to eq(0) + end + describe "with an existing lockfile" do before do bundle "install" |