From 8f18f2bdc809f5a3bbdcb29069708f45f17775be Mon Sep 17 00:00:00 2001 From: Arlo Siemsen Date: Thu, 14 Sep 2023 14:33:51 -0500 Subject: [PATCH] fix: emit a warning when a credential provider alias shadows a built-in provider --- src/cargo/util/auth/mod.rs | 27 +++++++++++++++++++++--- tests/testsuite/credential_process.rs | 30 +++++++++++++++++++++++++++ 2 files changed, 54 insertions(+), 3 deletions(-) diff --git a/src/cargo/util/auth/mod.rs b/src/cargo/util/auth/mod.rs index 0d522d58686..9f4a3422f95 100644 --- a/src/cargo/util/auth/mod.rs +++ b/src/cargo/util/auth/mod.rs @@ -335,10 +335,19 @@ fn registry_credential_config_raw_uncached( /// Use the `[credential-alias]` table to see if the provider name has been aliased. fn resolve_credential_alias(config: &Config, mut provider: PathAndArgs) -> Vec { if provider.args.is_empty() { - let key = format!("credential-alias.{}", provider.path.raw_value()); - if let Ok(alias) = config.get::(&key) { + let name = provider.path.raw_value(); + let key = format!("credential-alias.{name}"); + if let Ok(alias) = config.get::>(&key) { tracing::debug!("resolving credential alias '{key}' -> '{alias:?}'"); - provider = alias; + if BUILT_IN_PROVIDERS.contains(&name) { + let _ = config.shell().warn(format!( + "credential-alias `{name}` (defined in `{}`) will be \ + ignored because it would shadow a built-in credential-provider", + alias.definition + )); + } else { + provider = alias.val; + } } } provider.args.insert( @@ -470,6 +479,17 @@ pub fn cache_token_from_commandline(config: &Config, sid: &SourceId, token: Secr ); } +/// List of credential providers built-in to Cargo. +/// Keep in sync with the `match` in `credential_action`. +static BUILT_IN_PROVIDERS: &[&'static str] = &[ + "cargo:token", + "cargo:paseto", + "cargo:token-from-stdout", + "cargo:wincred", + "cargo:macos-keychain", + "cargo:libsecret", +]; + fn credential_action( config: &Config, sid: &SourceId, @@ -497,6 +517,7 @@ fn credential_action( .collect(); let process = args[0]; tracing::debug!("attempting credential provider: {args:?}"); + // If the available built-in providers are changed, update the `BUILT_IN_PROVIDERS` list. let provider: Box = match process { "cargo:token" => Box::new(TokenCredential::new(config)), "cargo:paseto" if config.cli_unstable().asymmetric_token => { diff --git a/tests/testsuite/credential_process.rs b/tests/testsuite/credential_process.rs index 55a568dff18..7c86943ff05 100644 --- a/tests/testsuite/credential_process.rs +++ b/tests/testsuite/credential_process.rs @@ -745,3 +745,33 @@ Caused by: ) .run(); } + +#[cargo_test] +fn alias_builtin_warning() { + let registry = registry::RegistryBuilder::new() + .credential_provider(&[&"cargo:token"]) + .build(); + + cargo_util::paths::append( + &paths::home().join(".cargo/config"), + format!( + r#" + [credential-alias] + "cargo:token" = ["ignored"] + "#, + ) + .as_bytes(), + ) + .unwrap(); + + cargo_process("login -Z credential-process abcdefg") + .masquerade_as_nightly_cargo(&["credential-process"]) + .replace_crates_io(registry.index_url()) + .with_stderr( + r#"[UPDATING] [..] +[WARNING] credential-alias `cargo:token` (defined in `[..]`) will be ignored because it would shadow a built-in credential-provider +[LOGIN] token for `crates-io` saved +"#, + ) + .run(); +}