archive/ruby
1
0
Fork 0
mirror of https://github.com/ruby/ruby.git synced 2025-08-23 13:04:13 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 4

Merge RubyGems upstream: 56c0bbb69e4506bda7ef7f447dfec5db820df20b

Browse source 
It fixed the multiple vulnerabilities.
  https://blog.rubygems.org/2019/03/05/security-advisories-2019-03.html

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@67168 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
This commit is contained in:
hsbt 2019-03-05 03:32:58 +00:00
parent 593505ac6f
commit 08f8cfe14e
29 changed files with 653 additions and 183 deletions
Download patch file Download diff file Expand all files Collapse all files

13
lib/rubygems/commands/owner_command.rb
View file

@ -2,9 +2,11 @@
require 'rubygems/command'
require 'rubygems/local_remote_options'
require 'rubygems/gemcutter_utilities'
require 'rubygems/text'
class Gem::Commands::OwnerCommand < Gem::Command
include Gem::Text
include Gem::LocalRemoteOptions
include Gem::GemcutterUtilities
@ -68,7 +70,7 @@ permission to.
end
with_response response do |resp|
owners = Gem::SafeYAML.load resp.body
owners = Gem::SafeYAML.load clean_text(resp.body)
say "Owners for gem: #{name}"
owners.each do |owner|
@ -89,11 +91,6 @@ permission to.
owners.each do |owner|
begin
response = send_owner_request(method, name, owner)
if need_otp? response
response = send_owner_request(method, name, owner, true)
end
action = method == :delete ? "Removing" : "Adding"
with_response response, "#{action} #{owner}"
@ -105,11 +102,11 @@ permission to.
private
def send_owner_request(method, name, owner, use_otp = false)
def send_owner_request(method, name, owner)
rubygems_api_request method, "api/v1/gems/#{name}/owners" do |request|
request.set_form_data 'email' => owner
request.add_field "Authorization", api_key
request.add_field "OTP", options[:otp] if use_otp
request.add_field "OTP", options[:otp] if options[:otp]
end
end