[issue10361] Fix issue 9995 - distutils forces developers to store password in cleartext (issue2874041)

anatoly techtonik report at bugs.python.org
Mon Nov 8 19:30:08 CET 2010 

anatoly techtonik <techtonik at gmail.com> added the comment:

Reviewers: merwok,

Message:
I don't know when where will be time to redo the patch, but it would be
nice to get some answers in meanwhile.

http://codereview.appspot.com/2874041/diff/2001/cmd.py
File cmd.py (right):

http://codereview.appspot.com/2874041/diff/2001/cmd.py#newcode55
cmd.py:55: :param distutils.dist.Distribution dist: distribution to work
with
On 2010/11/08 17:17:11, merwok wrote:
> Please don’t include unrelated changes in your patch.

> Also, Python does not use :param: in docstrings.

Including this in another patch is too much work to ever happen. What
Python uses?

http://codereview.appspot.com/2874041/diff/2001/command/upload.py
File command/upload.py (right):

http://codereview.appspot.com/2874041/diff/2001/command/upload.py#newcode53
command/upload.py:53: if not self.username and
self.distribution.username:
On 2010/11/08 17:17:11, merwok wrote:
> I’d prefer a clearer comparison, please use “is [not] None” and
parens.
Are you sure you want an empty username in config file to override name
set from 'register' command?

Please review this at http://codereview.appspot.com/2874041/

Affected files:
   M     cmd.py
   M     command/register.py
   M command/upload.py
   M     dist.py
   M     tests/test_register.py

Index: tests/test_register.py
===================================================================
--- tests/test_register.py	(revision 86138)
+++ tests/test_register.py	(working copy)
@@ -152,6 +152,26 @@
          # therefore used afterwards by other commands
          self.assertEquals(cmd.distribution.password, 'password')

+    def test_password_set_with_no_config(self):
+        # check credentials are saved in dist if user chooses not to save  
them
+        # in config file. they are used afterwards by other commands
+        cmd = self._get_cmd()
+
+        # patching raw_input and getpass.getpass. We are faking:
+        # use your existing login (choice 1.)
+        # Username : 'tarek'
+        # Password : 'password'
+        # Save your login (y/N)? : 'y'
+        inputs = RawInputs('1', 'tarek', 'n')
+        register_module.raw_input = inputs.__call__
+        try:
+            cmd.run()
+        finally:
+            del register_module.raw_input
+
+        self.assertEquals(cmd.distribution.username, 'tarek')
+        self.assertEquals(cmd.distribution.password, 'password')
+
      def test_registering(self):
          # this test runs choice 2
          cmd = self._get_cmd()
Index: command/register.py
===================================================================
--- command/register.py	(revision 86138)
+++ command/register.py	(working copy)
@@ -172,11 +172,11 @@

              # possibly save the login
              if code == 200:
-                if self.has_config:
-                    # sharing the password in the distribution instance
-                    # so the upload command can reuse it
-                    self.distribution.password = password
-                else:
+                # sharing credentials in the distribution instance
+                # so the upload command can reuse it
+                self.distribution.username = username
+                self.distribution.password = password
+                if not self.has_config:
                      self.announce(('I can store your PyPI login so future '
                                     'submissions will be faster.'),  
log.INFO)
                      self.announce('(the login will be stored in %s)' % \
Index: command/upload.py
===================================================================
--- command/upload.py	(revision 86138)
+++ command/upload.py	(working copy)
@@ -48,8 +48,10 @@
              self.repository = config['repository']
              self.realm = config['realm']

-        # getting the password from the distribution
+        # getting credentials from the distribution
          # if previously set by the register command
+        if not self.username and self.distribution.username:
+            self.username = self.distribution.username
          if not self.password and self.distribution.password:
              self.password = self.distribution.password

Index: dist.py
===================================================================
--- dist.py	(revision 86138)
+++ dist.py	(working copy)
@@ -206,6 +206,7 @@
          self.extra_path = None
          self.scripts = None
          self.data_files = None
+        self.username = ''
          self.password = ''

          # And now initialize bookkeeping stuff that can't be supplied by
Index: cmd.py
===================================================================
--- cmd.py	(revision 86138)
+++ cmd.py	(working copy)
@@ -51,6 +51,8 @@
          invokes the 'initialize_options()' method, which is the real
          initializer and depends on the actual command being
          instantiated.
+
+        :param distutils.dist.Distribution dist: distribution to work with
          """
          # late import because of mutual dependence between these classes
          from distutils.dist import Distribution

----------

_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue10361>
_______________________________________

More information about the Python-bugs-list mailing list