add Secret<T> to CredentialCacheValue

kylematsuda · kylematsuda · commit b0bf846ec933 · 2023-01-09T17:08:30.000-07:00
diff --git a/src/cargo/util/auth.rs b/src/cargo/util/auth.rs
@@ -384,7 +384,7 @@ pub fn cache_token(config: &Config, sid: &SourceId, token: &str) {
         CredentialCacheValue {
             from_commandline: true,
             independent_of_endpoint: true,
-            token_value: token.to_string(),
+            token_value: Secret::from(token.to_string()),
         },
     );
 }
@@ -425,7 +425,7 @@ fn auth_token_optional(
             || cache_token_value.independent_of_endpoint
             || mutation.is_none()
         {
-            return Ok(Some(cache_token_value.token_value.clone()));
+            return Ok(Some(cache_token_value.token_value.clone().expose()));
         }
     }
 
@@ -518,7 +518,7 @@ fn auth_token_optional(
             CredentialCacheValue {
                 from_commandline: false,
                 independent_of_endpoint,
-                token_value: token.to_string(),
+                token_value: Secret::from(token.to_string()),
             },
         );
     }
diff --git a/src/cargo/util/config/mod.rs b/src/cargo/util/config/mod.rs
@@ -70,6 +70,7 @@ use crate::core::compiler::rustdoc::RustdocExternMap;
 use crate::core::shell::Verbosity;
 use crate::core::{features, CliUnstable, Shell, SourceId, Workspace, WorkspaceRootConfig};
 use crate::ops::{self, RegistryCredentialConfig};
+use crate::util::auth::Secret;
 use crate::util::errors::CargoResult;
 use crate::util::validate_package_name;
 use crate::util::CanonicalUrl;
@@ -137,24 +138,15 @@ enum WhyLoad {
 }
 
 /// A previously generated authentication token and the data needed to determine if it can be reused.
+#[derive(Debug)]
 pub struct CredentialCacheValue {
     /// If the command line was used to override the token then it must always be reused,
     /// even if reading the configuration files would lead to a different value.
     pub from_commandline: bool,
     /// If nothing depends on which endpoint is being hit, then we can reuse the token
     /// for any future request even if some of the requests involve mutations.
     pub independent_of_endpoint: bool,
-    pub token_value: String,
-}
-
-impl fmt::Debug for CredentialCacheValue {
-    /// This manual implementation helps ensure that the token value is redacted from all logs.
-    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
-        f.debug_struct("CredentialCacheValue")
-            .field("from_commandline", &self.from_commandline)
-            .field("token_value", &"REDACTED")
-            .finish()
-    }
+    pub token_value: Secret<String>,
 }
 
 /// Configuration information for cargo. This is not specific to a build, it is information

Original file line number	Diff line number	Diff line change
`@@ -384,7 +384,7 @@ pub fn cache_token(config: &Config, sid: &SourceId, token: &str) {`
`384`	`384`	`CredentialCacheValue {`
`385`	`385`	`from_commandline: true,`
`386`	`386`	`independent_of_endpoint: true,`
`387`		`- token_value: token.to_string(),`
	`387`	`+ token_value: Secret::from(token.to_string()),`
`388`	`388`	`},`
`389`	`389`	`);`
`390`	`390`	`}`
`@@ -425,7 +425,7 @@ fn auth_token_optional(`
`425`	`425`	`\|\| cache_token_value.independent_of_endpoint`
`426`	`426`	`\|\| mutation.is_none()`
`427`	`427`	`{`
`428`		`- return Ok(Some(cache_token_value.token_value.clone()));`
	`428`	`+ return Ok(Some(cache_token_value.token_value.clone().expose()));`
`429`	`429`	`}`
`430`	`430`	`}`
`431`	`431`
`@@ -518,7 +518,7 @@ fn auth_token_optional(`
`518`	`518`	`CredentialCacheValue {`
`519`	`519`	`from_commandline: false,`
`520`	`520`	`independent_of_endpoint,`
`521`		`- token_value: token.to_string(),`
	`521`	`+ token_value: Secret::from(token.to_string()),`
`522`	`522`	`},`
`523`	`523`	`);`
`524`	`524`	`}`