diff options
| author | hsbt <hsbt@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2019-03-05 03:32:58 +0000 |
|---|---|---|
| committer | hsbt <hsbt@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2019-03-05 03:32:58 +0000 |
| commit | 08f8cfe14e0f8937e3bcf8a22becdc5ce60b920e () | |
| tree | 30977064b5f93f9ac5b01b2a676f6d6ffdcec652 /lib/rubygems/gemcutter_utilities.rb | |
| parent | 593505ac6f802d2b5bff469425b7c76b65cc9b10 (diff) | |
Merge RubyGems upstream: 56c0bbb69e4506bda7ef7f447dfec5db820df20b
It fixed the multiple vulnerabilities. https://blog.rubygems.org/2019/03/05/security-advisories-2019-03.html git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@67168 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
| -rw-r--r-- | lib/rubygems/gemcutter_utilities.rb | 43 |
1 files changed, 24 insertions, 19 deletions
@@ -1,11 +1,14 @@ # frozen_string_literal: true require 'rubygems/remote_fetcher' ## # Utility methods for using the RubyGems API. module Gem::GemcutterUtilities # TODO: move to Gem::Command OptionParser.accept Symbol do |value| value.to_sym @@ -94,8 +97,22 @@ module Gem::GemcutterUtilities uri = URI.parse "#{self.host}/#{path}" request_method = Net::HTTP.const_get method.to_s.capitalize - Gem::RemoteFetcher.fetcher.request(uri, request_method, &block) end ## @@ -123,13 +140,7 @@ module Gem::GemcutterUtilities response = rubygems_api_request(:get, "api/v1/api_key", sign_in_host) do |request| request.basic_auth email, password - end - - if need_otp? response - response = rubygems_api_request(:get, "api/v1/api_key", sign_in_host) do |request| - request.basic_auth email, password - request.add_field "OTP", options[:otp] - end end with_response response do |resp| @@ -164,30 +175,24 @@ module Gem::GemcutterUtilities if block_given? yield response else - say response.body end else message = response.body message = "#{error_prefix}: #{message}" if error_prefix - say message terminate_interaction 1 # TODO: question this end end ## # Returns true when the user has enabled multifactor authentication from - # +response+ text. - def need_otp?(response) - return unless response.kind_of?(Net::HTTPUnauthorized) && - response.body.start_with?('You have enabled multifactor authentication') - return true if options[:otp] - say 'You have enabled multi-factor authentication. Please enter OTP code.' - options[:otp] = ask 'Code: ' - true - end def set_api_key(host, key) if host == Gem::DEFAULT_HOST |