Do not display passwords with pull/push/incoming/outgoing
Passwords specified in the repository URL are now displayed as '***'
when accessing the remote repository.
--- a/mercurial/commands.py Fri Nov 09 20:21:35 2007 -0200
+++ b/mercurial/commands.py Mon Nov 05 20:29:32 2007 +0100
@@ -1652,7 +1652,7 @@
cmdutil.setremoteconfig(ui, opts)
other = hg.repository(ui, source)
- ui.status(_('comparing with %s\n') % source)
+ ui.status(_('comparing with %s\n') % util.hidepassword(source))
if revs:
revs = [other.lookup(rev) for rev in revs]
incoming = repo.findincoming(other, heads=revs, force=opts["force"])
@@ -1962,7 +1962,7 @@
revs = [repo.lookup(rev) for rev in revs]
other = hg.repository(ui, dest)
- ui.status(_('comparing with %s\n') % dest)
+ ui.status(_('comparing with %s\n') % util.hidepassword(dest))
o = repo.findoutgoing(other, force=opts['force'])
if not o:
ui.status(_("no changes found\n"))
@@ -2095,7 +2095,7 @@
cmdutil.setremoteconfig(ui, opts)
other = hg.repository(ui, source)
- ui.status(_('pulling from %s\n') % (source))
+ ui.status(_('pulling from %s\n') % util.hidepassword(source))
if revs:
try:
revs = [other.lookup(rev) for rev in revs]
@@ -2142,7 +2142,7 @@
cmdutil.setremoteconfig(ui, opts)
other = hg.repository(ui, dest)
- ui.status('pushing to %s\n' % (dest))
+ ui.status('pushing to %s\n' % util.hidepassword(dest))
if revs:
revs = [repo.lookup(rev) for rev in revs]
r = repo.push(other, opts['force'], revs=revs)
--- a/mercurial/util.py Fri Nov 09 20:21:35 2007 -0200
+++ b/mercurial/util.py Mon Nov 05 20:29:32 2007 +0100
@@ -15,6 +15,7 @@
from i18n import _
import cStringIO, errno, getpass, popen2, re, shutil, sys, tempfile, strutil
import os, stat, threading, time, calendar, ConfigParser, locale, glob, osutil
+import re, urlparse
try:
set = set
@@ -1698,3 +1699,33 @@
def uirepr(s):
# Avoid double backslash in Windows path repr()
return repr(s).replace('\\\\', '\\')
+
+def hidepassword(url):
+ '''replaces the password in the url string by three asterisks (***)
+
+ >>> hidepassword('http://www.example.com/some/path#fragment')
+ 'http://www.example.com/some/path#fragment'
+ >>> hidepassword('http://me@www.example.com/some/path#fragment')
+ 'http://me@www.example.com/some/path#fragment'
+ >>> hidepassword('http://me:simplepw@www.example.com/path#frag')
+ 'http://me:***@www.example.com/path#frag'
+ >>> hidepassword('http://me:complex:pw@www.example.com/path#frag')
+ 'http://me:***@www.example.com/path#frag'
+ >>> hidepassword('/path/to/repo')
+ '/path/to/repo'
+ >>> hidepassword('relative/path/to/repo')
+ 'relative/path/to/repo'
+ >>> hidepassword('c:\\\\path\\\\to\\\\repo')
+ 'c:\\\\path\\\\to\\\\repo'
+ >>> hidepassword('c:/path/to/repo')
+ 'c:/path/to/repo'
+ >>> hidepassword('bundle://path/to/bundle')
+ 'bundle://path/to/bundle'
+ '''
+ url_parts = list(urlparse.urlparse(url))
+ host_with_pw_pattern = re.compile('^([^:]*):([^@]*)@(.*)$')
+ if host_with_pw_pattern.match(url_parts[1]):
+ url_parts[1] = re.sub(host_with_pw_pattern, r'\1:***@\3',
+ url_parts[1])
+ return urlparse.urlunparse(url_parts)
+
--- a/tests/test-doctest.py Fri Nov 09 20:21:35 2007 -0200
+++ b/tests/test-doctest.py Mon Nov 05 20:29:32 2007 +0100
@@ -7,3 +7,6 @@
import mercurial.httprepo
doctest.testmod(mercurial.httprepo)
+
+import mercurial.util
+doctest.testmod(mercurial.util)