[PATCH STABLE] clone: don't save user's password in .hg/hgrc (Issue3122)

Augie Fackler durin42 at gmail.com
Tue Nov 22 12:28:34 CST 2011 

Breaks one test. Will resend.

On Tue, Nov 22, 2011 at 12:07 PM, Augie Fackler <durin42 at gmail.com> wrote:
> # HG changeset patch
> # User Augie Fackler <durin42 at gmail.com>
> # Date 1321985202 21600
> # Branch stable
> # Node ID 77b078d5b3081c148949799d4ee21376206a1723
> # Parent  f76584098c88fadcb74a8aa5c9c7efb2fb25b682
> clone: don't save user's password in .hg/hgrc (Issue3122)
>
> diff --git a/mercurial/hg.py b/mercurial/hg.py
> --- a/mercurial/hg.py
> +++ b/mercurial/hg.py
> @@ -356,10 +356,13 @@
>         if destrepo.local():
>             fp = destrepo.opener("hgrc", "w", text=True)
>             fp.write("[paths]\n")
> -            fp.write("default = %s\n" % abspath)
> +            u = util.url(abspath)
> +            u.passwd = None
> +            defaulturl = str(u)
> +            fp.write("default = %s\n" % defaulturl)
>             fp.close()
>
> -            destrepo.ui.setconfig('paths', 'default', abspath)
> +            destrepo.ui.setconfig('paths', 'default', defaulturl)
>
>             if update:
>                 if update is not True:
> diff --git a/tests/test-pull-http.t b/tests/test-pull-http.t
> --- a/tests/test-pull-http.t
> +++ b/tests/test-pull-http.t
> @@ -12,13 +12,30 @@
>   $ echo a >> a
>   $ hg ci -mb
>
> +Cloning with a password in the URL should not save the password in .hg/hgrc:
> +
> +  $ hg serve -p $HGPORT -d --pid-file=hg.pid -E errors.log
> +  $ cat hg.pid >> $DAEMON_PIDS
> +  $ hg clone http://foo:xyzzy@localhost:$HGPORT/ test3
> +  requesting all changes
> +  adding changesets
> +  adding manifests
> +  adding file changes
> +  added 2 changesets with 2 changes to 1 files
> +  updating to branch default
> +  1 files updated, 0 files merged, 0 files removed, 0 files unresolved
> +  $ cat test3/.hg/hgrc
> +  [paths]
> +  default = http://foo@localhost:$HGPORT/
> +  $ "$TESTDIR/killdaemons.py"
> +
>  expect error, cloning not allowed
>
>   $ echo '[web]' > .hg/hgrc
>   $ echo 'allowpull = false' >> .hg/hgrc
>   $ hg serve -p $HGPORT -d --pid-file=hg.pid -E errors.log
>   $ cat hg.pid >> $DAEMON_PIDS
> -  $ hg clone http://localhost:$HGPORT/ test3
> +  $ hg clone http://localhost:$HGPORT/ test4
>   requesting all changes
>   abort: authorization failed
>   [255]
> _______________________________________________
> Mercurial-devel mailing list
> Mercurial-devel at selenic.com
> http://selenic.com/mailman/listinfo/mercurial-devel
>

More information about the Mercurial-devel mailing list