[issue10361] Fix issue 9995 - distutils forces developers to store password in cleartext (issue2874041)
anatoly techtonik
report at bugs.python.org
Mon Nov 8 19:30:08 CET 2010
anatoly techtonik <techtonik at gmail.com> added the comment:
Reviewers: merwok,
Message:
I don't know when where will be time to redo the patch, but it would be
nice to get some answers in meanwhile.
http://codereview.appspot.com/2874041/diff/2001/cmd.py
File cmd.py (right):
http://codereview.appspot.com/2874041/diff/2001/cmd.py#newcode55
cmd.py:55: :param distutils.dist.Distribution dist: distribution to work
with
On 2010/11/08 17:17:11, merwok wrote:
> Please don’t include unrelated changes in your patch.
> Also, Python does not use :param: in docstrings.
Including this in another patch is too much work to ever happen. What
Python uses?
http://codereview.appspot.com/2874041/diff/2001/command/upload.py
File command/upload.py (right):
http://codereview.appspot.com/2874041/diff/2001/command/upload.py#newcode53
command/upload.py:53: if not self.username and
self.distribution.username:
On 2010/11/08 17:17:11, merwok wrote:
> I’d prefer a clearer comparison, please use “is [not] None” and
parens.
Are you sure you want an empty username in config file to override name
set from 'register' command?
Please review this at http://codereview.appspot.com/2874041/
Affected files:
M cmd.py
M command/register.py
M command/upload.py
M dist.py
M tests/test_register.py
Index: tests/test_register.py
===================================================================
--- tests/test_register.py (revision 86138)
+++ tests/test_register.py (working copy)
@@ -152,6 +152,26 @@
# therefore used afterwards by other commands
self.assertEquals(cmd.distribution.password, 'password')
+ def test_password_set_with_no_config(self):
+ # check credentials are saved in dist if user chooses not to save
them
+ # in config file. they are used afterwards by other commands
+ cmd = self._get_cmd()
+
+ # patching raw_input and getpass.getpass. We are faking:
+ # use your existing login (choice 1.)
+ # Username : 'tarek'
+ # Password : 'password'
+ # Save your login (y/N)? : 'y'
+ inputs = RawInputs('1', 'tarek', 'n')
+ register_module.raw_input = inputs.__call__
+ try:
+ cmd.run()
+ finally:
+ del register_module.raw_input
+
+ self.assertEquals(cmd.distribution.username, 'tarek')
+ self.assertEquals(cmd.distribution.password, 'password')
+
def test_registering(self):
# this test runs choice 2
cmd = self._get_cmd()
Index: command/register.py
===================================================================
--- command/register.py (revision 86138)
+++ command/register.py (working copy)
@@ -172,11 +172,11 @@
# possibly save the login
if code == 200:
- if self.has_config:
- # sharing the password in the distribution instance
- # so the upload command can reuse it
- self.distribution.password = password
- else:
+ # sharing credentials in the distribution instance
+ # so the upload command can reuse it
+ self.distribution.username = username
+ self.distribution.password = password
+ if not self.has_config:
self.announce(('I can store your PyPI login so future '
'submissions will be faster.'),
log.INFO)
self.announce('(the login will be stored in %s)' % \
Index: command/upload.py
===================================================================
--- command/upload.py (revision 86138)
+++ command/upload.py (working copy)
@@ -48,8 +48,10 @@
self.repository = config['repository']
self.realm = config['realm']
- # getting the password from the distribution
+ # getting credentials from the distribution
# if previously set by the register command
+ if not self.username and self.distribution.username:
+ self.username = self.distribution.username
if not self.password and self.distribution.password:
self.password = self.distribution.password
Index: dist.py
===================================================================
--- dist.py (revision 86138)
+++ dist.py (working copy)
@@ -206,6 +206,7 @@
self.extra_path = None
self.scripts = None
self.data_files = None
+ self.username = ''
self.password = ''
# And now initialize bookkeeping stuff that can't be supplied by
Index: cmd.py
===================================================================
--- cmd.py (revision 86138)
+++ cmd.py (working copy)
@@ -51,6 +51,8 @@
invokes the 'initialize_options()' method, which is the real
initializer and depends on the actual command being
instantiated.
+
+ :param distutils.dist.Distribution dist: distribution to work with
"""
# late import because of mutual dependence between these classes
from distutils.dist import Distribution
----------
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue10361>
_______________________________________
More information about the Python-bugs-list
mailing list