diff options
author | Roman Sandler <rsandler@zendesk.com> | 2016-04-22 10:13:29 +1000 |
---|---|---|
committer | Roman Sandler <rsandler@zendesk.com> | 2016-06-18 18:13:04 +0800 |
commit | 75a556a127eb7a1b81e1fe6f7e8560f976ba311d (patch) | |
tree | 97927e51195499229ce34ac2e6c627be993d82a3 /lib/bundler/fetcher.rb | |
parent | e45c11f34b350ac74d661b03927e8345c2f7da4c (diff) | |
download | bundler-75a556a127eb7a1b81e1fe6f7e8560f976ba311d.tar.gz |
Do not log the credentials used to contact a gem server
Adds a filter_uri method to HTTPError backed by the
URICredentialsFilter to be used when preparing error output.
In the tests, replace a double object with a real URI and
change a test hostname to be valid so that older versions of
Ruby's URI module don't choke on it. It would be cool to somehow
replace this work with the `anonymized_uri` in the
Bundler::Source::Rubygems::Remote class.
Diffstat (limited to 'lib/bundler/fetcher.rb')
-rw-r--r-- | lib/bundler/fetcher.rb | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/lib/bundler/fetcher.rb b/lib/bundler/fetcher.rb index 19611b17..ce9d30c1 100644 --- a/lib/bundler/fetcher.rb +++ b/lib/bundler/fetcher.rb @@ -19,6 +19,7 @@ module Bundler # This is the error raised if OpenSSL fails the cert verification class CertificateFailureError < HTTPError def initialize(remote_uri) + remote_uri = filter_uri(remote_uri) super "Could not verify the SSL certificate for #{remote_uri}.\nThere" \ " is a chance you are experiencing a man-in-the-middle attack, but" \ " most likely your system doesn't have the CA certificates needed" \ @@ -39,6 +40,7 @@ module Bundler # This error is raised if HTTP authentication is required, but not provided. class AuthenticationRequiredError < HTTPError def initialize(remote_uri) + remote_uri = filter_uri(remote_uri) super "Authentication is required for #{remote_uri}.\n" \ "Please supply credentials for this source. You can do this by running:\n" \ " bundle config #{remote_uri} username:password" @@ -47,6 +49,7 @@ module Bundler # This error is raised if HTTP authentication is provided, but incorrect. class BadAuthenticationError < HTTPError def initialize(remote_uri) + remote_uri = filter_uri(remote_uri) super "Bad username or password for #{remote_uri}.\n" \ "Please double-check your credentials and correct them." end |