From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <e@80x24.org>
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on dcvr.yhbt.net
X-Spam-Level: 
X-Spam-ASN:  
X-Spam-Status: No, score=-4.0 required=3.0 tests=ALL_TRUSTED,BAYES_00
	shortcircuit=no autolearn=ham autolearn_force=no version=3.4.2
Received: from localhost (dcvr.yhbt.net [127.0.0.1])
	by dcvr.yhbt.net (Postfix) with ESMTP id D84931F8C6
	for <meta@public-inbox.org>; Mon,  6 Sep 2021 07:11:53 +0000 (UTC)
From: Eric Wong <e@80x24.org>
To: meta@public-inbox.org
Subject: [PATCH] net_reader: don't approve/reject credentials w/o "fill"
Date: Mon,  6 Sep 2021 07:11:53 +0000
Message-Id: <20210906071153.11534-1-e@80x24.org>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
List-Id: <meta.public-inbox.org>

Credentials sourced via ~/.netrc should not be written to
git-credential.
---
 lib/PublicInbox/GitCredential.pm |  1 +
 lib/PublicInbox/NetReader.pm     | 12 ++++++------
 2 files changed, 7 insertions(+), 6 deletions(-)

diff --git a/lib/PublicInbox/GitCredential.pm b/lib/PublicInbox/GitCredential.pm
index b29780d6..c83fed43 100644
--- a/lib/PublicInbox/GitCredential.pm
+++ b/lib/PublicInbox/GitCredential.pm
@@ -56,6 +56,7 @@ sub fill {
 		$self->{$1} = $2;
 	}
 	close $out_r or die "git credential fill failed: \$!=$! \$?=$?\n";
+	$self->{filled} = 1;
 }
 
 1;
diff --git a/lib/PublicInbox/NetReader.pm b/lib/PublicInbox/NetReader.pm
index c050c60f..08166415 100644
--- a/lib/PublicInbox/NetReader.pm
+++ b/lib/PublicInbox/NetReader.pm
@@ -96,8 +96,8 @@ sub mic_for ($$$$) { # mic = Mail::IMAPClient
 		$cred = undef;
 	}
 	if ($cred) {
-		$cred->check_netrc unless defined $cred->{password};
-		$cred->fill($lei); # may prompt user here
+		my $p = $cred->{password} // $cred->check_netrc;
+		$cred->fill($lei) unless defined($p); # may prompt user here
 		$mic->User($mic_arg->{User} = $cred->{username});
 		$mic->Password($mic_arg->{Password} = $cred->{password});
 	} else { # AUTH=ANONYMOUS
@@ -121,7 +121,7 @@ sub mic_for ($$$$) { # mic = Mail::IMAPClient
 		}
 		$mic = undef;
 	}
-	$cred->run($mic ? 'approve' : 'reject') if $cred;
+	$cred->run($mic ? 'approve' : 'reject') if $cred && $cred->{filled};
 	if ($err) {
 		$lei ? $lei->fail($err) : warn($err);
 	}
@@ -191,7 +191,7 @@ sub nn_for ($$$$) { # nn = Net::NNTP
 		}, 'PublicInbox::GitCredential';
 		($u, $p) = split(/:/, $ui, 2);
 		($cred->{username}, $cred->{password}) = ($u, $p);
-		$cred->check_netrc unless defined $p;
+		$p //= $cred->check_netrc;
 	}
 	my $common = $nn_args->{$sec} // {};
 	my $nn_arg = {
@@ -204,7 +204,7 @@ sub nn_for ($$$$) { # nn = Net::NNTP
 	%$nn_arg = (%$nn_arg, %$sa) if $sa;
 	my $nn = nn_new($nn_arg, $nntp_opt, $uri);
 	if ($cred) {
-		$cred->fill($lei); # may prompt user here
+		$cred->fill($lei) unless defined($p); # may prompt user here
 		if ($nn->authinfo($u, $p)) {
 			push @{$nntp_opt->{-postconn}}, [ 'authinfo', $u, $p ];
 		} else {
@@ -231,7 +231,7 @@ W: see https://rt.cpan.org/Ticket/Display.html?id=129967 for updates
 	}
 
 	$self->{nn_arg}->{$sec} = $nn_arg;
-	$cred->run($nn ? 'approve' : 'reject') if $cred;
+	$cred->run($nn ? 'approve' : 'reject') if $cred && $cred->{filled};
 	$nn;
 }