changeset 15552:62c9183a0bbb stable

clone: don't save user's password in .hg/hgrc (Issue3122)
author Augie Fackler <durin42@gmail.com>
date Tue, 22 Nov 2011 12:06:42 -0600
parents 1fa41d1f1351
children e89385e4ef8d
files mercurial/hg.py tests/test-pull-http.t tests/test-pull.t
diffstat 3 files changed, 24 insertions(+), 4 deletions(-) [+]
line wrap: on
line diff
--- a/mercurial/hg.py	Tue Nov 22 17:26:32 2011 -0600
+++ b/mercurial/hg.py	Tue Nov 22 12:06:42 2011 -0600
@@ -356,10 +356,13 @@
         if destrepo.local():
             fp = destrepo.opener("hgrc", "w", text=True)
             fp.write("[paths]\n")
-            fp.write("default = %s\n" % abspath)
+            u = util.url(abspath)
+            u.passwd = None
+            defaulturl = str(u)
+            fp.write("default = %s\n" % defaulturl)
             fp.close()
 
-            destrepo.ui.setconfig('paths', 'default', abspath)
+            destrepo.ui.setconfig('paths', 'default', defaulturl)
 
             if update:
                 if update is not True:
--- a/tests/test-pull-http.t	Tue Nov 22 17:26:32 2011 -0600
+++ b/tests/test-pull-http.t	Tue Nov 22 12:06:42 2011 -0600
@@ -12,13 +12,30 @@
   $ echo a >> a
   $ hg ci -mb
 
+Cloning with a password in the URL should not save the password in .hg/hgrc:
+
+  $ hg serve -p $HGPORT -d --pid-file=hg.pid -E errors.log
+  $ cat hg.pid >> $DAEMON_PIDS
+  $ hg clone http://foo:xyzzy@localhost:$HGPORT/ test3
+  requesting all changes
+  adding changesets
+  adding manifests
+  adding file changes
+  added 2 changesets with 2 changes to 1 files
+  updating to branch default
+  1 files updated, 0 files merged, 0 files removed, 0 files unresolved
+  $ cat test3/.hg/hgrc
+  [paths]
+  default = http://foo@localhost:$HGPORT/
+  $ "$TESTDIR/killdaemons.py"
+
 expect error, cloning not allowed
 
   $ echo '[web]' > .hg/hgrc
   $ echo 'allowpull = false' >> .hg/hgrc
   $ hg serve -p $HGPORT -d --pid-file=hg.pid -E errors.log
   $ cat hg.pid >> $DAEMON_PIDS
-  $ hg clone http://localhost:$HGPORT/ test3
+  $ hg clone http://localhost:$HGPORT/ test4
   requesting all changes
   abort: authorization failed
   [255]
--- a/tests/test-pull.t	Tue Nov 22 17:26:32 2011 -0600
+++ b/tests/test-pull.t	Tue Nov 22 12:06:42 2011 -0600
@@ -43,7 +43,7 @@
   2ed2a3912a0b24502043eae84ee4b279c18b90dd 644   foo
 
   $ hg pull
-  pulling from http://foo:***@localhost:$HGPORT/
+  pulling from http://foo@localhost:$HGPORT/
   searching for changes
   no changes found