From ab8d39ee3122229862e99dd186f4fd017d0e101e Mon Sep 17 00:00:00 2001
From: Henry Adi Sumarto <14799603+henryas@users.noreply.github.com>
Date: Tue, 20 Apr 2021 17:49:51 +0700
Subject: [PATCH 1/6] fix #910

---
 src/nimblepkg/publish.nim | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/src/nimblepkg/publish.nim b/src/nimblepkg/publish.nim
index e76d0274..c88ae9a7 100644
--- a/src/nimblepkg/publish.nim
+++ b/src/nimblepkg/publish.nim
@@ -155,6 +155,14 @@ proc editJson(p: PackageInfo; url, tags, downloadMethod: string) =
   })
   writeFile("packages.json", contents.pretty.cleanupWhitespace)
 
+proc containSensitiveInformation(url: string): bool =
+  ## URL may contain username and password. This proc attempts to detect it.
+  # look for any '@' character in the url
+  for character in url:
+    if character == '@':
+      return true
+  return false
+
 proc publish*(p: PackageInfo, o: Options) =
   ## Publishes the package p.
   let auth = getGithubAuth(o)
@@ -212,7 +220,7 @@ proc publish*(p: PackageInfo, o: Options) =
     raise newException(NimbleError,
          "No .git nor .hg directory found. Stopping.")
 
-  if url.len == 0:
+  if url.len == 0 or url.containSensitiveInformation:
     url = promptCustom("Github URL of " & p.name & "?", "")
     if url.len == 0: userAborted()
 

From 8fa2baa82544f637755f7ace20108e1def1e8421 Mon Sep 17 00:00:00 2001
From: Henry <14799603+henryas@users.noreply.github.com>
Date: Wed, 21 Apr 2021 06:26:23 +0700
Subject: [PATCH 2/6] Update src/nimblepkg/publish.nim

Co-authored-by: Andreas Rumpf <rumpf_a@web.de>
---
 src/nimblepkg/publish.nim | 5 +----
 1 file changed, 1 insertion(+), 4 deletions(-)

diff --git a/src/nimblepkg/publish.nim b/src/nimblepkg/publish.nim
index c88ae9a7..e8ca7b88 100644
--- a/src/nimblepkg/publish.nim
+++ b/src/nimblepkg/publish.nim
@@ -158,10 +158,7 @@ proc editJson(p: PackageInfo; url, tags, downloadMethod: string) =
 proc containSensitiveInformation(url: string): bool =
   ## URL may contain username and password. This proc attempts to detect it.
   # look for any '@' character in the url
-  for character in url:
-    if character == '@':
-      return true
-  return false
+  '@' in url
 
 proc publish*(p: PackageInfo, o: Options) =
   ## Publishes the package p.

From 42ec3c12b68e28bf9f480e91d2e2f675c2b37570 Mon Sep 17 00:00:00 2001
From: Henry Adi Sumarto <14799603+henryas@users.noreply.github.com>
Date: Wed, 21 Apr 2021 13:42:01 +0700
Subject: [PATCH 3/6] update detection algorithm

---
 src/nimblepkg/publish.nim | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/src/nimblepkg/publish.nim b/src/nimblepkg/publish.nim
index e8ca7b88..c8f779ae 100644
--- a/src/nimblepkg/publish.nim
+++ b/src/nimblepkg/publish.nim
@@ -157,8 +157,10 @@ proc editJson(p: PackageInfo; url, tags, downloadMethod: string) =
 
 proc containSensitiveInformation(url: string): bool =
   ## URL may contain username and password. This proc attempts to detect it.
-  # look for any '@' character in the url
-  '@' in url
+  # look for any '@' or '?' character in the url
+  for character in url:
+    if character == '@' or character == '?': return true
+  return false
 
 proc publish*(p: PackageInfo, o: Options) =
   ## Publishes the package p.

From f523774aefb609c6b6d3b4bff659f1def0fa3552 Mon Sep 17 00:00:00 2001
From: Henry Adi Sumarto <14799603+henryas@users.noreply.github.com>
Date: Fri, 23 Apr 2021 11:30:39 +0700
Subject: [PATCH 4/6] quit if url is insecure

---
 src/nimblepkg/publish.nim | 15 +++++++--------
 1 file changed, 7 insertions(+), 8 deletions(-)

diff --git a/src/nimblepkg/publish.nim b/src/nimblepkg/publish.nim
index c8f779ae..06ab32e1 100644
--- a/src/nimblepkg/publish.nim
+++ b/src/nimblepkg/publish.nim
@@ -155,13 +155,6 @@ proc editJson(p: PackageInfo; url, tags, downloadMethod: string) =
   })
   writeFile("packages.json", contents.pretty.cleanupWhitespace)
 
-proc containSensitiveInformation(url: string): bool =
-  ## URL may contain username and password. This proc attempts to detect it.
-  # look for any '@' or '?' character in the url
-  for character in url:
-    if character == '@' or character == '?': return true
-  return false
-
 proc publish*(p: PackageInfo, o: Options) =
   ## Publishes the package p.
   let auth = getGithubAuth(o)
@@ -208,6 +201,12 @@ proc publish*(p: PackageInfo, o: Options) =
       if url.endsWith(".git"): url.setLen(url.len - 4)
       downloadMethod = "git"
     let parsed = parseUri(url)
+
+    # check for any username or password in the URL
+    if parsed.username != "" or parsed.password != "":
+      display("Error: ", "cannot publish the repository URL because it contains username and/or password. Fix the remote URL (Hint: \"git remote -v\").", Error, HighPriority)
+      quit(1)
+
     if parsed.scheme == "":
       # Assuming that we got an ssh write/read URL.
       let sshUrl = parseUri("ssh://" & url)
@@ -219,7 +218,7 @@ proc publish*(p: PackageInfo, o: Options) =
     raise newException(NimbleError,
          "No .git nor .hg directory found. Stopping.")
 
-  if url.len == 0 or url.containSensitiveInformation:
+  if url.len == 0:
     url = promptCustom("Github URL of " & p.name & "?", "")
     if url.len == 0: userAborted()
 

From 7929f8c98714b36d5d4480cca41210936c3420c9 Mon Sep 17 00:00:00 2001
From: Henry Adi Sumarto <14799603+henryas@users.noreply.github.com>
Date: Fri, 23 Apr 2021 11:47:20 +0700
Subject: [PATCH 5/6] raise exception instead of quit

---
 src/nimblepkg/publish.nim | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/src/nimblepkg/publish.nim b/src/nimblepkg/publish.nim
index 06ab32e1..477ba416 100644
--- a/src/nimblepkg/publish.nim
+++ b/src/nimblepkg/publish.nim
@@ -202,15 +202,15 @@ proc publish*(p: PackageInfo, o: Options) =
       downloadMethod = "git"
     let parsed = parseUri(url)
 
-    # check for any username or password in the URL
-    if parsed.username != "" or parsed.password != "":
-      display("Error: ", "cannot publish the repository URL because it contains username and/or password. Fix the remote URL (Hint: \"git remote -v\").", Error, HighPriority)
-      quit(1)
-
     if parsed.scheme == "":
       # Assuming that we got an ssh write/read URL.
       let sshUrl = parseUri("ssh://" & url)
       url = "https://" & sshUrl.hostname & "/" & sshUrl.port & sshUrl.path
+    elif parsed.username != "" or parsed.password != "":
+      # check for any confidential information
+      raise newException(NimbleError,
+        "Cannot publish the repository URL because it contains username and/or password. Fix the remote URL. Hint: \"git remote -v\"")
+
   elif dirExists(os.getCurrentDir() / ".hg"):
     downloadMethod = "hg"
     # TODO: Retrieve URL from hg.

From 596588c718400dacb2e740ba1dfec3a3156ec9fd Mon Sep 17 00:00:00 2001
From: Dominik Picheta <dominikpicheta@googlemail.com>
Date: Sun, 4 Jul 2021 16:18:31 +0100
Subject: [PATCH 6/6] Update src/nimblepkg/publish.nim

---
 src/nimblepkg/publish.nim | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/nimblepkg/publish.nim b/src/nimblepkg/publish.nim
index 477ba416..e732ebf4 100644
--- a/src/nimblepkg/publish.nim
+++ b/src/nimblepkg/publish.nim
@@ -208,6 +208,7 @@ proc publish*(p: PackageInfo, o: Options) =
       url = "https://" & sshUrl.hostname & "/" & sshUrl.port & sshUrl.path
     elif parsed.username != "" or parsed.password != "":
       # check for any confidential information
+      # TODO: Use raiseNimbleError(msg, hintMsg) here
       raise newException(NimbleError,
         "Cannot publish the repository URL because it contains username and/or password. Fix the remote URL. Hint: \"git remote -v\"")