From 1930f20690d8a2d34fbd255794d329e08c1335ef Mon Sep 17 00:00:00 2001 From: Jonathan Date: Wed, 23 Jan 2019 15:28:56 -0500 Subject: [PATCH 1/3] raise BadAuthenticationError when userinfo is found in 401 responses --- lib/bundler/fetcher/downloader.rb | 1 + lib/bundler/fetcher/index.rb | 1 + spec/bundler/fetcher/downloader_spec.rb | 10 ++++++++++ spec/bundler/fetcher/index_spec.rb | 23 ++++++++++++++++++++--- 4 files changed, 32 insertions(+), 3 deletions(-) diff --git a/lib/bundler/fetcher/downloader.rb b/lib/bundler/fetcher/downloader.rb index 87ad4140fd0..e0c5d13e50c 100644 --- a/lib/bundler/fetcher/downloader.rb +++ b/lib/bundler/fetcher/downloader.rb @@ -35,6 +35,7 @@ def fetch(uri, headers = {}, counter = 0) when Net::HTTPRequestEntityTooLarge raise FallbackError, response.body when Net::HTTPUnauthorized + raise BadAuthenticationError, uri.host if uri.userinfo raise AuthenticationRequiredError, uri.host when Net::HTTPNotFound raise FallbackError, "Net::HTTPNotFound: #{URICredentialsFilter.credential_filtered_uri(uri)}" diff --git a/lib/bundler/fetcher/index.rb b/lib/bundler/fetcher/index.rb index 1a8064624d8..eb32186eeaa 100644 --- a/lib/bundler/fetcher/index.rb +++ b/lib/bundler/fetcher/index.rb @@ -13,6 +13,7 @@ def specs(_gem_names) when /certificate verify failed/ raise CertificateFailureError.new(display_uri) when /401/ + raise BadAuthenticationError, remote_uri if remote_uri.userinfo raise AuthenticationRequiredError, remote_uri when /403/ raise BadAuthenticationError, remote_uri if remote_uri.userinfo diff --git a/spec/bundler/fetcher/downloader_spec.rb b/spec/bundler/fetcher/downloader_spec.rb index 07b507266b3..b4b6dc4f03c 100644 --- a/spec/bundler/fetcher/downloader_spec.rb +++ b/spec/bundler/fetcher/downloader_spec.rb @@ -4,6 +4,7 @@ let(:connection) { double(:connection) } let(:redirect_limit) { 5 } let(:uri) { URI("http://www.uri-to-fetch.com/api/v2/endpoint") } + let(:uri_with_creds) { URI("http://user:password@uri-to-fetch.com/api/v2/endpoint")} let(:options) { double(:options) } subject { described_class.new(connection, redirect_limit) } @@ -82,6 +83,15 @@ expect { subject.fetch(uri, options, counter) }.to raise_error(Bundler::Fetcher::AuthenticationRequiredError, /Authentication is required for www.uri-to-fetch.com/) end + + context "when the there are credentials provided in the request" do + let(:uri) { URI("http://user:password@www.uri-to-fetch.com") } + + it "should raise a Bundler::Fetcher::BadAuthenticationError that doesn't contain the password" do + expect { subject.fetch(uri, options, counter) }. + to raise_error(Bundler::Fetcher::BadAuthenticationError, %r{Bad username or password for www.uri-to-fetch.com}) + end + end end context "when the request response is a Net::HTTPNotFound" do diff --git a/spec/bundler/fetcher/index_spec.rb b/spec/bundler/fetcher/index_spec.rb index 0cf0ae764ec..d5ededae3ea 100644 --- a/spec/bundler/fetcher/index_spec.rb +++ b/spec/bundler/fetcher/index_spec.rb @@ -35,9 +35,26 @@ context "when a 401 response occurs" do let(:error_message) { "401" } - it "should raise a Bundler::Fetcher::AuthenticationRequiredError" do - expect { subject.specs(gem_names) }.to raise_error(Bundler::Fetcher::AuthenticationRequiredError, - %r{Authentication is required for http://remote-uri.org}) + before do + allow(remote_uri).to receive(:userinfo).and_return(userinfo) + end + + context "and there was userinfo" do + let(:userinfo) { double(:userinfo) } + + it "should raise a Bundler::Fetcher::BadAuthenticationError" do + expect { subject.specs(gem_names) }.to raise_error(Bundler::Fetcher::BadAuthenticationError, + %r{Bad username or password for http://remote-uri.org}) + end + end + + context "and there was no userinfo" do + let(:userinfo) { nil } + + it "should raise a Bundler::Fetcher::AuthenticationRequiredError" do + expect { subject.specs(gem_names) }.to raise_error(Bundler::Fetcher::AuthenticationRequiredError, + %r{Authentication is required for http://remote-uri.org}) + end end end From e37d52454f68a2234b89a56c18a5b13a4f6a1ef4 Mon Sep 17 00:00:00 2001 From: Jonathan Date: Wed, 23 Jan 2019 15:49:02 -0500 Subject: [PATCH 2/3] fix rubocop offenses --- spec/bundler/fetcher/downloader_spec.rb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/spec/bundler/fetcher/downloader_spec.rb b/spec/bundler/fetcher/downloader_spec.rb index b4b6dc4f03c..5da99264720 100644 --- a/spec/bundler/fetcher/downloader_spec.rb +++ b/spec/bundler/fetcher/downloader_spec.rb @@ -4,7 +4,7 @@ let(:connection) { double(:connection) } let(:redirect_limit) { 5 } let(:uri) { URI("http://www.uri-to-fetch.com/api/v2/endpoint") } - let(:uri_with_creds) { URI("http://user:password@uri-to-fetch.com/api/v2/endpoint")} + let(:uri_with_creds) { URI("http://user:password@uri-to-fetch.com/api/v2/endpoint") } let(:options) { double(:options) } subject { described_class.new(connection, redirect_limit) } @@ -89,7 +89,7 @@ it "should raise a Bundler::Fetcher::BadAuthenticationError that doesn't contain the password" do expect { subject.fetch(uri, options, counter) }. - to raise_error(Bundler::Fetcher::BadAuthenticationError, %r{Bad username or password for www.uri-to-fetch.com}) + to raise_error(Bundler::Fetcher::BadAuthenticationError, /Bad username or password for www.uri-to-fetch.com/) end end end From 74342c6c9e0cca5101de22a85c9367b5969ec46a Mon Sep 17 00:00:00 2001 From: Jonathan Date: Mon, 28 Jan 2019 10:05:49 -0500 Subject: [PATCH 3/3] remove unneeded variable in spec --- spec/bundler/fetcher/downloader_spec.rb | 1 - 1 file changed, 1 deletion(-) diff --git a/spec/bundler/fetcher/downloader_spec.rb b/spec/bundler/fetcher/downloader_spec.rb index 5da99264720..f985b889820 100644 --- a/spec/bundler/fetcher/downloader_spec.rb +++ b/spec/bundler/fetcher/downloader_spec.rb @@ -4,7 +4,6 @@ let(:connection) { double(:connection) } let(:redirect_limit) { 5 } let(:uri) { URI("http://www.uri-to-fetch.com/api/v2/endpoint") } - let(:uri_with_creds) { URI("http://user:password@uri-to-fetch.com/api/v2/endpoint") } let(:options) { double(:options) } subject { described_class.new(connection, redirect_limit) }