Merge tag 'v1.7.8'

Version 1.7.8

Conflicts:
	CHANGELOG.md
	lib/bundler/fetcher.rb
	lib/bundler/source/path.rb
	lib/bundler/source/rubygems.rb
	spec/spec_helper.rb

3 files changed, 60 insertions, 1 deletions

diff --git a/spec/bundler/anonymizable_uri_spec.rb b/spec/bundler/anonymizable_uri_spec.rb
new file mode 100644
index 00000000..e5d9faeb
--- /dev/null
+++ b/spec/bundler/anonymizable_uri_spec.rb
@@ -0,0 +1,32 @@
+require 'spec_helper'
+require 'bundler/anonymizable_uri'
+
+describe Bundler::AnonymizableURI do
+  let(:anonymizable_uri) { Bundler::AnonymizableURI.new(original_uri) }
+
+  describe "#without_credentials" do
+    context "when the original URI has no credentials" do
+      let(:original_uri) { URI('https://rubygems.org') }
+
+      it "returns the original URI" do
+        expect(anonymizable_uri.without_credentials).to eq(original_uri)
+      end
+    end
+
+    context "when the original URI has a username and password" do
+      let(:original_uri) { URI("https://username:password@gems.example.com") }
+
+      it "returns the URI without username and password" do
+        expect(anonymizable_uri.without_credentials).to eq(URI("https://gems.example.com"))
+      end
+    end
+
+    context "when the original URI has only a username" do
+      let(:original_uri) { URI("https://SeCrEt-ToKeN@gem.fury.io/me/") }
+
+      it "returns the URI without username and password" do
+        expect(anonymizable_uri.without_credentials).to eq(URI("https://gem.fury.io/me/"))
+      end
+    end
+  end
+end
diff --git a/spec/commands/config_spec.rb b/spec/commands/config_spec.rb
index 964e1d88..208af617 100644
--- a/spec/commands/config_spec.rb
+++ b/spec/commands/config_spec.rb
@@ -194,7 +194,7 @@ E
   end
 
   describe "quoting" do
-    before(:each) { bundle :install }
+    before(:each) { gemfile "# no gems" }
 
     it "saves quotes" do
       bundle "config foo something\\'"
@@ -209,6 +209,20 @@ E
       run "puts Bundler.settings[:foo]"
       expect(out).to eq("1")
     end
+
+    it "doesn't duplicate quotes around values", :if => (RUBY_VERSION >= "2.1") do
+      bundled_app(".bundle").mkpath
+      File.open(bundled_app(".bundle/config"), 'w') do |f|
+        f.write 'BUNDLE_FOO: "$BUILD_DIR"'
+      end
+      expect(bundled_app(".bundle/config").read).to eq('BUNDLE_FOO: "$BUILD_DIR"')
+      bundle :install, :jobs => 4
+      run "puts Bundler.settings.send(:local_config_file).read"
+
+      # Starting in Ruby 2.1, YAML automatically adds double quotes
+      # around some values, including $ and newlines.
+      expect(out).to include('BUNDLE_FOO: "$BUILD_DIR"')
+    end
   end
 
   describe "very long lines" do
diff --git a/spec/install/gems/dependency_api_spec.rb b/spec/install/gems/dependency_api_spec.rb
index dc9e0109..e2c2707f 100644
--- a/spec/install/gems/dependency_api_spec.rb
+++ b/spec/install/gems/dependency_api_spec.rb
@@ -444,6 +444,19 @@ describe "gemcutter's dependency API" do
       expect(out).not_to include("#{user}:#{password}")
     end
 
+    it "strips http basic auth creds when warning about ambiguous sources" do
+      gemfile <<-G
+        source "#{basic_auth_source_uri}"
+        source "file://#{gem_repo1}"
+        gem "rack"
+      G
+
+      bundle :install, :artifice => "endpoint_basic_authentication"
+      expect(out).to include("Warning: the gem 'rack' was found in multiple sources.")
+      expect(out).not_to include("#{user}:#{password}")
+      should_be_installed "rack 1.0.0"
+    end
+
     it "does not pass the user / password to different hosts on redirect" do
       gemfile <<-G
         source "#{basic_auth_source_uri}"