fix(credential): trim newlines in tokens from stdin #13770
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
rustbot
added
A-interacts-with-crates.io
|
I know this is unlikely but is there any case where newlines could be significant to these tokens? |
The token is directly sent as the If you try to use it, you get: |
epage
reviewed
Apr 17, 2024
| @@ -113,6 +113,7 @@ fn empty_login_token() { | |||
| .with_stderr( | |||
| "\ | |||
| [UPDATING] crates.io index | |||
| please paste the token found on [..] below | |||
There was a problem hiding this comment.
How is this test passing today?
There was a problem hiding this comment.
In the read_token function, if a token is provided by stdin or by the command line, then no prompt is made.
The change causes login_options.token to be None, instead of a Some("\n"), so Cargo now prints the "please paste" message in this case.
cargo/credential/cargo-credential/src/lib.rs
Lines 281 to 290 in 852a316
There was a problem hiding this comment.
Could you move that change into the commit that caused it so that each commit passes tests?
There was a problem hiding this comment.
Fixed. I should have amended that instead of adding a commit.
arlosi
force-pushed
the
cred-trim-newlines
branch
from
118e45e
to
6207f93
Compare
|
@bors r+ |
bors
added
S-waiting-on-bors
|
☀️ Test successful - checks-actions |
This was referenced Apr 19, 2024
bors
added a commit
to rust-lang-ci/rust
that referenced
this pull request
Apr 19, 2024
Update cargo 8 commits in 6f06fe908a5ee0f415c187f868ea627e82efe07d..80d5b607dde6ef97dfff4e23923822c01d2bb036 2024-04-16 18:47:44 +0000 to 2024-04-19 18:39:22 +0000 - fix 13773 - 'cargo build' fails when list_files() with gix is triggered (rust-lang/cargo#13777) - fix(toml): Don't crash on parse errors that point to multi-byte character (rust-lang/cargo#13780) - fix(toml)!: Disallow source-less dependencies (rust-lang/cargo#13775) - fix(msrv): Put MSRV-aware resolver behind a config (rust-lang/cargo#13769) - fix(msrv): Error, rather than panic, on rust-version 'x' (rust-lang/cargo#13771) - fix(credential): trim newlines in tokens from stdin (rust-lang/cargo#13770) - test(msrv): Re-organize MSRV tests (rust-lang/cargo#13767) - feat(install): Including Locking message (rust-lang/cargo#13764) r? ghost
bors
added a commit
to rust-lang-ci/rust
that referenced
this pull request
Apr 19, 2024
Update cargo 8 commits in 6f06fe908a5ee0f415c187f868ea627e82efe07d..80d5b607dde6ef97dfff4e23923822c01d2bb036 2024-04-16 18:47:44 +0000 to 2024-04-19 18:39:22 +0000 - fix 13773 - 'cargo build' fails when list_files() with gix is triggered (rust-lang/cargo#13777) - fix(toml): Don't crash on parse errors that point to multi-byte character (rust-lang/cargo#13780) - fix(toml)!: Disallow source-less dependencies (rust-lang/cargo#13775) - fix(msrv): Put MSRV-aware resolver behind a config (rust-lang/cargo#13769) - fix(msrv): Error, rather than panic, on rust-version 'x' (rust-lang/cargo#13771) - fix(credential): trim newlines in tokens from stdin (rust-lang/cargo#13770) - test(msrv): Re-organize MSRV tests (rust-lang/cargo#13767) - feat(install): Including Locking message (rust-lang/cargo#13764) r? ghost
bors
added a commit
to rust-lang-ci/rust
that referenced
this pull request
Apr 20, 2024
Update cargo 8 commits in 6f06fe908a5ee0f415c187f868ea627e82efe07d..80d5b607dde6ef97dfff4e23923822c01d2bb036 2024-04-16 18:47:44 +0000 to 2024-04-19 18:39:22 +0000 - fix 13773 - 'cargo build' fails when list_files() with gix is triggered (rust-lang/cargo#13777) - fix(toml): Don't crash on parse errors that point to multi-byte character (rust-lang/cargo#13780) - fix(toml)!: Disallow source-less dependencies (rust-lang/cargo#13775) - fix(msrv): Put MSRV-aware resolver behind a config (rust-lang/cargo#13769) - fix(msrv): Error, rather than panic, on rust-version 'x' (rust-lang/cargo#13771) - fix(credential): trim newlines in tokens from stdin (rust-lang/cargo#13770) - test(msrv): Re-organize MSRV tests (rust-lang/cargo#13767) - feat(install): Including Locking message (rust-lang/cargo#13764) r? ghost
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
What does this PR try to resolve?
cargo loginwhen using a credential provider other thancargo:tokendoes not automatically trim whitespace from tokens.This can lead to extra whitespace being included in the pasted token value (usually a trailing newline) that makes the token invalid.
How should we test and review this PR?
First commit adds a test showing the problematic behavior. Second commit fixes it.