Skip to content

Commit 79b0216

Browse files
kylematsudakylematsuda
committed
add Secret<T> in private fn signatures in ops::registry and util::auth
1 parent b0bf846 commit 79b0216

File tree

2 files changed

+33
-26
lines changed

2 files changed

+33
-26
lines changed

src/cargo/ops/registry.rs

Lines changed: 7 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -174,7 +174,7 @@ pub fn publish(ws: &Workspace<'_>, opts: &PublishOpts<'_>) -> CargoResult<()> {
174174

175175
let (mut registry, reg_ids) = registry(
176176
opts.config,
177-
opts.token.as_deref(),
177+
opts.token.as_deref().map(Secret::from),
178178
opts.index.as_deref(),
179179
publish_registry.as_deref(),
180180
true,
@@ -512,7 +512,7 @@ fn wait_for_publish(
512512
/// * `token_required`: If `true`, the token will be set.
513513
fn registry(
514514
config: &Config,
515-
token_from_cmdline: Option<&str>,
515+
token_from_cmdline: Option<Secret<&str>>,
516516
index: Option<&str>,
517517
registry: Option<&str>,
518518
force_update: bool,
@@ -795,7 +795,8 @@ pub fn registry_login(
795795
let source_ids = get_source_id(config, None, reg)?;
796796
let reg_cfg = auth::registry_credential_config(config, &source_ids.original)?;
797797

798-
let login_url = match registry(config, token, None, reg, false, None) {
798+
let token = token.map(Secret::from);
799+
let login_url = match registry(config, token.clone(), None, reg, false, None) {
799800
Ok((registry, _)) => Some(format!("{}/me", registry.host())),
800801
Err(e) if e.is::<AuthorizationError>() => e
801802
.downcast::<AuthorizationError>()
@@ -866,7 +867,7 @@ pub fn registry_login(
866867
));
867868
} else {
868869
new_token = RegistryCredentialConfig::Token(match token {
869-
Some(token) => Secret::from(token.to_string()),
870+
Some(token) => token.owned(),
870871
None => {
871872
if let Some(login_url) = login_url {
872873
drop_println!(
@@ -960,7 +961,7 @@ pub fn modify_owners(config: &Config, opts: &OwnersOptions) -> CargoResult<()> {
960961

961962
let (mut registry, _) = registry(
962963
config,
963-
opts.token.as_deref(),
964+
opts.token.as_deref().map(Secret::from),
964965
opts.index.as_deref(),
965966
opts.registry.as_deref(),
966967
true,
@@ -1051,7 +1052,7 @@ pub fn yank(
10511052

10521053
let (mut registry, _) = registry(
10531054
config,
1054-
token.as_deref(),
1055+
token.as_deref().map(Secret::from),
10551056
index.as_deref(),
10561057
reg.as_deref(),
10571058
true,

src/cargo/util/auth.rs

Lines changed: 26 additions & 20 deletions
Original file line numberDiff line numberDiff line change
@@ -377,14 +377,14 @@ my-registry = {{ index = "{}" }}
377377
}
378378

379379
// Store a token in the cache for future calls.
380-
pub fn cache_token(config: &Config, sid: &SourceId, token: &str) {
380+
pub fn cache_token(config: &Config, sid: &SourceId, token: Secret<&str>) {
381381
let url = sid.canonical_url();
382382
config.credential_cache().insert(
383383
url.clone(),
384384
CredentialCacheValue {
385385
from_commandline: true,
386386
independent_of_endpoint: true,
387-
token_value: Secret::from(token.to_string()),
387+
token_value: token.owned(),
388388
},
389389
);
390390
}
@@ -399,7 +399,7 @@ pub fn auth_token(
399399
mutation: Option<Mutation<'_>>,
400400
) -> CargoResult<String> {
401401
match auth_token_optional(config, sid, mutation.as_ref())? {
402-
Some(token) => Ok(token),
402+
Some(token) => Ok(token.expose()),
403403
None => Err(AuthorizationError {
404404
sid: sid.clone(),
405405
login_url: login_url.cloned(),
@@ -414,7 +414,7 @@ fn auth_token_optional(
414414
config: &Config,
415415
sid: &SourceId,
416416
mutation: Option<&'_ Mutation<'_>>,
417-
) -> CargoResult<Option<String>> {
417+
) -> CargoResult<Option<Secret<String>>> {
418418
let mut cache = config.credential_cache();
419419
let url = sid.canonical_url();
420420

@@ -425,17 +425,19 @@ fn auth_token_optional(
425425
|| cache_token_value.independent_of_endpoint
426426
|| mutation.is_none()
427427
{
428-
return Ok(Some(cache_token_value.token_value.clone().expose()));
428+
return Ok(Some(cache_token_value.token_value.clone()));
429429
}
430430
}
431431

432432
let credential = registry_credential_config(config, sid)?;
433433
let (independent_of_endpoint, token) = match credential {
434434
RegistryCredentialConfig::None => return Ok(None),
435-
RegistryCredentialConfig::Token(config_token) => (true, config_token.expose()),
435+
RegistryCredentialConfig::Token(config_token) => (true, config_token),
436436
RegistryCredentialConfig::Process(process) => {
437437
// todo: PASETO with process
438-
run_command(config, &process, sid, Action::Get)?.unwrap()
438+
let (independent_of_endpoint, token) =
439+
run_command(config, &process, sid, Action::Get)?.unwrap();
440+
(independent_of_endpoint, Secret::from(token))
439441
}
440442
RegistryCredentialConfig::AsymmetricKey((secret_key, secret_key_subject)) => {
441443
let secret: Secret<AsymmetricSecretKey<pasetors::version3::V3>> =
@@ -496,18 +498,22 @@ fn auth_token_optional(
496498

497499
(
498500
false,
499-
pasetors::version3::PublicToken::sign(
500-
&secret.expose(),
501-
serde_json::to_string(&message)
502-
.expect("cannot serialize")
503-
.as_bytes(),
504-
Some(
505-
serde_json::to_string(&footer)
506-
.expect("cannot serialize")
507-
.as_bytes(),
508-
),
509-
None,
510-
)?,
501+
secret
502+
.map(|secret| {
503+
pasetors::version3::PublicToken::sign(
504+
&secret,
505+
serde_json::to_string(&message)
506+
.expect("cannot serialize")
507+
.as_bytes(),
508+
Some(
509+
serde_json::to_string(&footer)
510+
.expect("cannot serialize")
511+
.as_bytes(),
512+
),
513+
None,
514+
)
515+
})
516+
.transpose()?,
511517
)
512518
}
513519
};
@@ -518,7 +524,7 @@ fn auth_token_optional(
518524
CredentialCacheValue {
519525
from_commandline: false,
520526
independent_of_endpoint,
521-
token_value: Secret::from(token.to_string()),
527+
token_value: token.clone(),
522528
},
523529
);
524530
}

0 commit comments

Comments
 (0)