[PATCH] Hide username and password on console when included in http: URLs
Brad Ediger
brad at bradediger.com
Wed Sep 12 05:23:42 CDT 2007
On Sep 12, 2007, at 5:00 AM, Jonathan S. Shapiro wrote:
> Brad:
>
> Dropping the password may make sense. Dropping the username does not,
> and can have negative impact on (e.g.) logging.
Good call, that had crossed my mind but I forgot about it.
Updated version that drops only the password:
# HG changeset patch
# User Brad Ediger <brad.ediger at madriska.com>
# Date 1189592499 18000
# Node ID 82162ea19cbaf404bc95748de31ddb114fbf246f
# Parent bbdcdc7f170ed71911496f64e52554c030fe8a34
Hide password on console when included in http: URLs
diff -r bbdcdc7f170e -r 82162ea19cba mercurial/bundlerepo.py
--- a/mercurial/bundlerepo.py Mon Aug 20 21:10:45 2007 -0500
+++ b/mercurial/bundlerepo.py Wed Sep 12 05:21:39 2007 -0500
@@ -151,9 +151,10 @@ class bundlefilelog(bundlerevlog, filelo
linkmapper)
class bundlerepository(localrepo.localrepository):
- def __init__(self, ui, path, bundlename):
+ def __init__(self, ui, path, bundlename, origpath=None):
localrepo.localrepository.__init__(self, ui, path)
-
+
+ self.origpath = origpath
self._url = 'bundle:' + bundlename
if path: self._url += '+' + path
@@ -208,6 +209,9 @@ class bundlerepository(localrepo.localre
def url(self):
return self._url
+
+ def printable_path(self):
+ return self.origpath
def dev(self):
return -1
@@ -237,6 +241,7 @@ def instance(ui, path, create):
def instance(ui, path, create):
if create:
raise util.Abort(_('cannot create new bundle repository'))
+ origpath = path
path = util.drop_scheme('file', path)
if path.startswith('bundle:'):
path = util.drop_scheme('bundle', path)
@@ -247,4 +252,4 @@ def instance(ui, path, create):
repopath, bundlename = s
else:
repopath, bundlename = '', path
- return bundlerepository(ui, repopath, bundlename)
+ return bundlerepository(ui, repopath, bundlename, origpath)
diff -r bbdcdc7f170e -r 82162ea19cba mercurial/commands.py
--- a/mercurial/commands.py Mon Aug 20 21:10:45 2007 -0500
+++ b/mercurial/commands.py Wed Sep 12 05:21:39 2007 -0500
@@ -2073,7 +2073,7 @@ def pull(ui, repo, source="default", **o
cmdutil.setremoteconfig(ui, opts)
other = hg.repository(ui, source)
- ui.status(_('pulling from %s\n') % (source))
+ ui.status(_('pulling from %s\n') % (other.printable_path()))
if revs:
if 'lookup' in other.capabilities:
revs = [other.lookup(rev) for rev in revs]
@@ -2119,7 +2119,7 @@ def push(ui, repo, dest=None, **opts):
cmdutil.setremoteconfig(ui, opts)
other = hg.repository(ui, dest)
- ui.status('pushing to %s\n' % (dest))
+ ui.status('pushing to %s\n' % (other.printable_path()))
if revs:
revs = [repo.lookup(rev) for rev in revs]
r = repo.push(other, opts['force'], revs=revs)
diff -r bbdcdc7f170e -r 82162ea19cba mercurial/httprepo.py
--- a/mercurial/httprepo.py Mon Aug 20 21:10:45 2007 -0500
+++ b/mercurial/httprepo.py Wed Sep 12 05:21:39 2007 -0500
@@ -198,6 +198,10 @@ class httprepository(remoterepository):
# urllib cannot handle URLs with embedded user or passwd
self._url = urlparse.urlunsplit((scheme, netlocunsplit
(host, port),
urlpath, '', ''))
+
+ # printable path includes username but not password
+ self._printable_path = urlparse.urlunsplit((scheme,
netlocunsplit(host, port, user),
+ urlpath, '', ''))
self.ui = ui
self.ui.debug(_('using %s\n') % self._url)
@@ -270,6 +274,9 @@ class httprepository(remoterepository):
def url(self):
return self.path
+
+ def printable_path(self):
+ return self._printable_path
# look up capabilities only when needed
diff -r bbdcdc7f170e -r 82162ea19cba mercurial/localrepo.py
--- a/mercurial/localrepo.py Mon Aug 20 21:10:45 2007 -0500
+++ b/mercurial/localrepo.py Wed Sep 12 05:21:39 2007 -0500
@@ -102,6 +102,9 @@ class localrepository(repo.repository):
def url(self):
return 'file:' + self.root
+
+ def printable_path(self):
+ return self.origroot
def hook(self, name, throw=False, **args):
return hook.hook(self.ui, self, name, throw, **args)
diff -r bbdcdc7f170e -r 82162ea19cba mercurial/repo.py
--- a/mercurial/repo.py Mon Aug 20 21:10:45 2007 -0500
+++ b/mercurial/repo.py Wed Sep 12 05:21:39 2007 -0500
@@ -22,3 +22,6 @@ class repository(object):
if cap.startswith(name_eq):
return cap[len(name_eq):]
return False
+
+ def printable_path(self):
+ return self.path
\ No newline at end of file
diff -r bbdcdc7f170e -r 82162ea19cba mercurial/sshrepo.py
--- a/mercurial/sshrepo.py Mon Aug 20 21:10:45 2007 -0500
+++ b/mercurial/sshrepo.py Wed Sep 12 05:21:39 2007 -0500
@@ -42,6 +42,9 @@ class sshrepository(remoterepository):
self.validate_repo(ui, sshcmd, args, remotecmd)
def url(self):
+ return self._url
+
+ def printable_path(self):
return self._url
def validate_repo(self, ui, sshcmd, args, remotecmd):
diff -r bbdcdc7f170e -r 82162ea19cba mercurial/statichttprepo.py
--- a/mercurial/statichttprepo.py Mon Aug 20 21:10:45 2007 -0500
+++ b/mercurial/statichttprepo.py Wed Sep 12 05:21:39 2007 -0500
@@ -32,6 +32,7 @@ class statichttprepository(localrepo.loc
def __init__(self, ui, path):
self._url = path
self.ui = ui
+ self.origroot = 'static-' + path
self.path = (path + "/.hg")
self.opener = opener(self.path)
diff -r bbdcdc7f170e -r 82162ea19cba tests/test-http-hide-password
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/test-http-hide-password Wed Sep 12 05:21:39 2007 -0500
@@ -0,0 +1,30 @@
+#!/bin/sh
+
+hg init test
+hg clone test test2
+
+cd test
+echo '[web]'>>.hg/hgrc
+echo 'allow_push = *'>>.hg/hgrc
+echo 'push_ssl = False'>>.hg/hgrc
+echo foo>foo
+hg add foo
+hg ci -m "added foo"
+hg serve -p 20059 -d --pid-file=../hg.pid
+cd ..
+cat hg.pid >> $DAEMON_PIDS
+
+echo % pull with password
+cd test2
+hg pull -u http://user:pass@localhost:20059/
+cd ..
+hg verify -R test2
+
+echo % push with password
+cd test2
+echo foo>foo2
+hg add foo2
+hg ci -m "added foo2"
+hg push http://user:pass@localhost:20059/
+cd ..
+hg verify -R test
\ No newline at end of file
diff -r bbdcdc7f170e -r 82162ea19cba tests/test-http-hide-password.out
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/test-http-hide-password.out Wed Sep 12 05:21:39 2007 -0500
@@ -0,0 +1,26 @@
+0 files updated, 0 files merged, 0 files removed, 0 files unresolved
+% pull with password
+pulling from http://user@localhost:20059/
+requesting all changes
+adding changesets
+adding manifests
+adding file changes
+added 1 changesets with 1 changes to 1 files
+1 files updated, 0 files merged, 0 files removed, 0 files unresolved
+checking changesets
+checking manifests
+crosschecking files in changesets and manifests
+checking files
+1 files, 1 changesets, 1 total revisions
+% push with password
+pushing to http://user@localhost:20059/
+searching for changes
+adding changesets
+adding manifests
+adding file changes
+added 1 changesets with 1 changes to 1 files
+checking changesets
+checking manifests
+crosschecking files in changesets and manifests
+checking files
+2 files, 2 changesets, 2 total revisions
More information about the Mercurial-devel
mailing list