* lib/rubygems/commands/push_command.rb: Fixed credential download for

  `gem push --host`
* lib/rubygems/gemcutter_utilities.rb:  ditto.
* test/rubygems/test_gem_commands_push_command.rb:  Test for the above.
* test/rubygems/test_gem_gemcutter_utilities.rb:  ditto.

* lib/rubygems/config_file.rb:  Abort if the `gem push` credentials
  file has insecure permissions.
* test/rubygems/test_gem_config_file.rb:  Test for the above.

* lib/rubygems/ext/builder.rb:  Do not look for Gemfile, Isolate, etc.
  while building gem extensions.

* lib/rubygems/package.rb:  Unset spec and files list if a gem's
  signatures cannot be verified.
* test/rubygems/test_gem_package.rb:  Test for the above.

* lib/rubygems/specification.rb:  Reduce use of eval.
* lib/rubygems/test_case.rb:  ditto.

* test/rubygems/test_gem_specification.rb:  Test setting
  specification_version for legacy gems.  Dup Gem.ruby before
  untainting in case it's frozen.

* lib/rubygems.rb:  Reduce use of eval.  Only read files when looking
  for Gemfile, Isolate, etc.
* test/rubygems/test_gem.rb:  Test for the above.


git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@39055 b2dd03c8-39d4-4d8f-98ff-823fe69b080e

1 files changed, 96 insertions, 34 deletions

diff --git a/test/rubygems/test_gem_config_file.rb b/test/rubygems/test_gem_config_file.rb
index 0781e16540..89e16d3a34 100644
--- a/test/rubygems/test_gem_config_file.rb
+++ b/test/rubygems/test_gem_config_file.rb
@@ -164,6 +164,36 @@ class TestGemConfigFile < Gem::TestCase
     assert_equal 2048, @cfg.bulk_threshold
   end
 
+  def test_check_credentials_permissions
+    @cfg.rubygems_api_key = 'x'
+
+    File.chmod 0644, @cfg.credentials_path
+
+    use_ui @ui do
+      assert_raises Gem::MockGemUi::TermError do
+        @cfg.load_api_keys
+      end
+    end
+
+    assert_empty @ui.output
+
+    expected = <<-EXPECTED
+ERROR:  Your gem push credentials file located at:
+
+\t#{@cfg.credentials_path}
+
+has file permissions of 0644 but 0600 is required.
+
+You should reset your credentials at:
+
+\thttps://rubygems.org/profile/edit
+
+if you believe they were disclosed to a third party.
+    EXPECTED
+
+    assert_equal expected, @ui.error
+  end
+
   def test_handle_arguments
     args = %w[--backtrace --bunch --of --args here]
 
@@ -215,6 +245,32 @@ class TestGemConfigFile < Gem::TestCase
     assert_equal true, @cfg.backtrace
   end
 
+  def test_load_api_keys
+    temp_cred = File.join Gem.user_home, '.gem', 'credentials'
+    FileUtils.mkdir File.dirname(temp_cred)
+    File.open temp_cred, 'w', 0600 do |fp|
+      fp.puts ":rubygems_api_key: 701229f217cdf23b1344c7b4b54ca97"
+      fp.puts ":other: a5fdbb6ba150cbb83aad2bb2fede64c"
+    end
+
+    util_config_file
+
+    assert_equal({:rubygems => '701229f217cdf23b1344c7b4b54ca97',
+                  :other => 'a5fdbb6ba150cbb83aad2bb2fede64c'}, @cfg.api_keys)
+  end
+
+  def test_load_api_keys_bad_permission
+    skip 'chmod not supported' if win_platform?
+
+    @cfg.rubygems_api_key = 'x'
+
+    File.chmod 0644, @cfg.credentials_path
+
+    assert_raises Gem::MockGemUi::TermError do
+      @cfg.load_api_keys
+    end
+  end
+
   def test_really_verbose
     assert_equal false, @cfg.really_verbose
 
@@ -227,6 +283,46 @@ class TestGemConfigFile < Gem::TestCase
     assert_equal true, @cfg.really_verbose
   end
 
+  def test_rubygems_api_key_equals
+    @cfg.rubygems_api_key = 'x'
+
+    assert_equal 'x', @cfg.rubygems_api_key
+
+    expected = {
+      :rubygems_api_key => 'x',
+    }
+
+    assert_equal expected, YAML.load_file(@cfg.credentials_path)
+
+    unless win_platform? then
+      stat = File.stat @cfg.credentials_path
+
+      assert_equal 0600, stat.mode & 0600
+    end
+  end
+
+  def test_rubygems_api_key_equals_bad_permission
+    skip 'chmod not supported' if win_platform?
+
+    @cfg.rubygems_api_key = 'x'
+
+    File.chmod 0644, @cfg.credentials_path
+
+    assert_raises Gem::MockGemUi::TermError do
+      @cfg.rubygems_api_key = 'y'
+    end
+
+    expected = {
+      :rubygems_api_key => 'x',
+    }
+
+    assert_equal expected, YAML.load_file(@cfg.credentials_path)
+
+    stat = File.stat @cfg.credentials_path
+
+    assert_equal 0644, stat.mode & 0644
+  end
+
   def test_write
     @cfg.backtrace = true
     @cfg.update_sources = false
@@ -287,40 +383,6 @@ class TestGemConfigFile < Gem::TestCase
     assert_equal %w[http://even-more-gems.example.com], Gem.sources
   end
 
-  def test_load_rubygems_api_key_from_credentials
-    temp_cred = File.join Gem.user_home, '.gem', 'credentials'
-    FileUtils.mkdir File.dirname(temp_cred)
-    File.open temp_cred, 'w' do |fp|
-      fp.puts ":rubygems_api_key: 701229f217cdf23b1344c7b4b54ca97"
-    end
-
-    util_config_file
-
-    assert_equal "701229f217cdf23b1344c7b4b54ca97", @cfg.rubygems_api_key
-  end
-
-  def test_load_api_keys_from_config
-    temp_cred = File.join Gem.user_home, '.gem', 'credentials'
-    FileUtils.mkdir File.dirname(temp_cred)
-    File.open temp_cred, 'w' do |fp|
-      fp.puts ":rubygems_api_key: 701229f217cdf23b1344c7b4b54ca97"
-      fp.puts ":other: a5fdbb6ba150cbb83aad2bb2fede64c"
-    end
-
-    util_config_file
-
-    assert_equal({:rubygems => '701229f217cdf23b1344c7b4b54ca97',
-                  :other => 'a5fdbb6ba150cbb83aad2bb2fede64c'}, @cfg.api_keys)
-  end
-
-  def test_save_credentials_file_with_strict_permissions
-    util_config_file
-    FileUtils.mkdir File.dirname(@cfg.credentials_path)
-    @cfg.rubygems_api_key = '701229f217cdf23b1344c7b4b54ca97'
-    mode = 0100600 & (~File.umask)
-    assert_equal mode, File.stat(@cfg.credentials_path).mode unless win_platform?
-  end
-
   def test_ignore_invalid_config_file
     File.open @temp_conf, 'w' do |fp|
       fp.puts "some-non-yaml-hash-string"