[MERGE][bug #203186] Ignore passwords for ssh in authentication.conf and warn user

John Arbash Meinel john at arbash-meinel.com
Fri May 16 17:07:35 BST 2008 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Vincent Ladeuil wrote:
|>>>>> "john" == John Arbash Meinel <john at arbash-meinel.com> writes:
|
|     john> Vincent Ladeuil wrote:
|     john> ~         if credentials is not None:
|     john> ~             password = credentials['password']
|     john> +            if scheme is 'ssh':
|     john> +                trace.warning('password ignored in section [%s],'
|     john> +                              ' use an ssh agent instead'
|     john> +                              % credentials['name'])
|     john> +                password = None
|     john> ~         else:
|     john> ~             password = None
|     john> ~         # Prompt user only if we could't find a password
|     john> ~         if password is None:
|     john> ~             if prompt is None:
|     john> -                # Create a default prompt suitable for most of the
cases
|     john> +                # Create a default prompt suitable for most cases
|     john> ~                 prompt = '%s' % scheme.upper() + '
%(user)s@%(host)s password'
|     john> ~             # Special handling for optional fields in the prompt
|     john> ~             if port is not None:
|
|     john> ^- Doesn't that 'if' check need to be:
|
|     john> if password is not None and scheme is 'ssh':
|
| Doh. I shouldn't code while sleeping.
|
| Are you ok with the message or do you have a better proposal ?
|
|     john> You should add a test that we *don't* issue a warning
|     john> if there is a user but no password.
|
| Done.
|
|     john> We also could use symbol_versioning.warn() which
|     john> already has some code to trap it rather than trying to
|     john> use the TestUIFactory.
|
| Using symbol_versioning looks so strange in that context, nothing
| is related to symbol versioning here, I don't think I get your
| point.
|
|     john> TestUI is ok, though.
|
| What is TestUI ? At first I thought it was some class I didn't
| know about, but grepping the sources hits only TestUIFactory >-/
|
| Anyway, the attached patch addresses the points I understood :)
|
|       Vincent
|
|
|

+        # Not warning shoud be emitted since there is no password, we just
+        # provide the user.

^- # No warning should be emitted since there is no password.
~   # We are only providing "user".

BB:approve

John
=:->
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (Cygwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkgtsUcACgkQJdeBCYSNAAO8mwCeJxpobRxwjW1N05HBsk2TUVWW
v6sAn1ck0TLPueUBcJ46tvuBjpo38PDA
=2lDE
-----END PGP SIGNATURE-----

More information about the bazaar mailing list