[PATCH STABLE] clone: don't save user's password in .hg/hgrc (Issue3122)
Augie Fackler
durin42 at gmail.com
Tue Nov 22 12:28:34 CST 2011
Breaks one test. Will resend.
On Tue, Nov 22, 2011 at 12:07 PM, Augie Fackler <durin42 at gmail.com> wrote:
> # HG changeset patch
> # User Augie Fackler <durin42 at gmail.com>
> # Date 1321985202 21600
> # Branch stable
> # Node ID 77b078d5b3081c148949799d4ee21376206a1723
> # Parent f76584098c88fadcb74a8aa5c9c7efb2fb25b682
> clone: don't save user's password in .hg/hgrc (Issue3122)
>
> diff --git a/mercurial/hg.py b/mercurial/hg.py
> --- a/mercurial/hg.py
> +++ b/mercurial/hg.py
> @@ -356,10 +356,13 @@
> if destrepo.local():
> fp = destrepo.opener("hgrc", "w", text=True)
> fp.write("[paths]\n")
> - fp.write("default = %s\n" % abspath)
> + u = util.url(abspath)
> + u.passwd = None
> + defaulturl = str(u)
> + fp.write("default = %s\n" % defaulturl)
> fp.close()
>
> - destrepo.ui.setconfig('paths', 'default', abspath)
> + destrepo.ui.setconfig('paths', 'default', defaulturl)
>
> if update:
> if update is not True:
> diff --git a/tests/test-pull-http.t b/tests/test-pull-http.t
> --- a/tests/test-pull-http.t
> +++ b/tests/test-pull-http.t
> @@ -12,13 +12,30 @@
> $ echo a >> a
> $ hg ci -mb
>
> +Cloning with a password in the URL should not save the password in .hg/hgrc:
> +
> + $ hg serve -p $HGPORT -d --pid-file=hg.pid -E errors.log
> + $ cat hg.pid >> $DAEMON_PIDS
> + $ hg clone http://foo:xyzzy@localhost:$HGPORT/ test3
> + requesting all changes
> + adding changesets
> + adding manifests
> + adding file changes
> + added 2 changesets with 2 changes to 1 files
> + updating to branch default
> + 1 files updated, 0 files merged, 0 files removed, 0 files unresolved
> + $ cat test3/.hg/hgrc
> + [paths]
> + default = http://foo@localhost:$HGPORT/
> + $ "$TESTDIR/killdaemons.py"
> +
> expect error, cloning not allowed
>
> $ echo '[web]' > .hg/hgrc
> $ echo 'allowpull = false' >> .hg/hgrc
> $ hg serve -p $HGPORT -d --pid-file=hg.pid -E errors.log
> $ cat hg.pid >> $DAEMON_PIDS
> - $ hg clone http://localhost:$HGPORT/ test3
> + $ hg clone http://localhost:$HGPORT/ test4
> requesting all changes
> abort: authorization failed
> [255]
> _______________________________________________
> Mercurial-devel mailing list
> Mercurial-devel at selenic.com
> http://selenic.com/mailman/listinfo/mercurial-devel
>
More information about the Mercurial-devel
mailing list