Python
/
uv
mirror of https://github.com/astral-sh/uv
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Ban empty usernames and passwords in `uv auth` (#15743) 

Otherwise, you can get yourself in a weird state?
This commit is contained in:
Zanie Blue 2025-09-09 06:23:33 -05:00 committed by GitHub
parent 484004871c
commit 9d3a3843c3
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
4 changed files with 73 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
crates/uv/src/commands/auth/login.rs
View File

@ -108,6 +108,9 @@ pub(crate) async fn login(
bail!("No username provided; did you mean to provide `--username` or `--token`?"); bail!("No username provided; did you mean to provide `--username` or `--token`?");
} }
}; };
if username.is_empty() {
bail!("Username cannot be empty");
}
let password = match (password, url_password, token) { let password = match (password, url_password, token) {
(Some(_), Some(_), _) => { (Some(_), Some(_), _) => {
@ -138,6 +141,10 @@ pub(crate) async fn login(
} }
}; };
if password.is_empty() {
bail!("Password cannot be empty");
}
let display_url = if username == "__token__" { let display_url = if username == "__token__" {
url.without_credentials().to_string() url.without_credentials().to_string()
} else { } else {

3
crates/uv/src/commands/auth/logout.rs
View File

@ -50,6 +50,9 @@ pub(crate) async fn logout(
(None, Some(url)) => url.to_string(), (None, Some(url)) => url.to_string(),
(None, None) => "__token__".to_string(), (None, None) => "__token__".to_string(),
}; };
if username.is_empty() {
bail!("Username cannot be empty");
}
let display_url = if username == "__token__" { let display_url = if username == "__token__" {
url.without_credentials().to_string() url.without_credentials().to_string()

3
crates/uv/src/commands/auth/token.rs
View File

@ -56,6 +56,9 @@ pub(crate) async fn token(
(None, Some(url)) => url.to_string(), (None, Some(url)) => url.to_string(),
(None, None) => "__token__".to_string(), (None, None) => "__token__".to_string(),
}; };
if username.is_empty() {
bail!("Username cannot be empty");
}
let display_url = if username == "__token__" { let display_url = if username == "__token__" {
url.without_credentials().to_string() url.without_credentials().to_string()

60
crates/uv/tests/it/auth.rs
View File

@ -774,6 +774,38 @@ fn login_text_store() {
Stored credentials for https://example.com/ Stored credentials for https://example.com/
" "
); );
// Empty username should fail
uv_snapshot!(context.auth_login()
.arg("https://example.com/simple")
.arg("--username")
.arg("")
.arg("--password")
.arg("testpass"), @r"
success: false
exit_code: 2
----- stdout -----
----- stderr -----
error: Username cannot be empty
"
);
// Empty password should fail
uv_snapshot!(context.auth_login()
.arg("https://example.com/simple")
.arg("--username")
.arg("testuser")
.arg("--password")
.arg(""), @r"
success: false
exit_code: 2
----- stdout -----
----- stderr -----
error: Password cannot be empty
"
);
} }
#[test] #[test]
@ -907,6 +939,20 @@ fn token_text_store() {
----- stderr ----- ----- stderr -----
" "
); );
// Empty username should fail
uv_snapshot!(context.auth_token()
.arg("https://example.com/simple")
.arg("--username")
.arg(""), @r"
success: false
exit_code: 2
----- stdout -----
----- stderr -----
error: Username cannot be empty
"
);
} }
#[test] #[test]
@ -957,6 +1003,20 @@ fn logout_text_store() {
Removed credentials for https://example.com/ Removed credentials for https://example.com/
" "
); );
// Empty username should fail
uv_snapshot!(context.auth_logout()
.arg("https://example.com/simple")
.arg("--username")
.arg(""), @r"
success: false
exit_code: 2
----- stdout -----
----- stderr -----
error: Username cannot be empty
"
);
} }
#[test] #[test]