feat: add protocol::Context::redacted() as convenient way to not leak secrets.

Byron · Byron · commit f0cacb0e80c8 · 2025-05-08T07:36:55.000+02:00
diff --git a/gix-credentials/src/protocol/context/mod.rs b/gix-credentials/src/protocol/context/mod.rs
@@ -14,6 +14,23 @@ mod access {
     use crate::protocol::Context;
 
     impl Context {
+        /// Replace existing secrets with the word `<redacted>`.
+        pub fn redacted(mut self) -> Self {
+            let Context {
+                protocol: _,
+                host: _,
+                path: _,
+                username: _,
+                password,
+                url: _,
+                quit: _,
+            } = &mut self;
+            if let Some(pw) = password {
+                *pw = "<redacted>".into();
+            }
+            self
+        }
+
         /// Convert all relevant fields into a URL for consumption.
         pub fn to_url(&self) -> Option<BString> {
             use bstr::{ByteSlice, ByteVec};
diff --git a/gix-credentials/src/protocol/mod.rs b/gix-credentials/src/protocol/mod.rs
@@ -59,14 +59,10 @@ pub struct Context {
 /// Convert the outcome of a helper invocation to a helper result, assuring that the identity is complete in the process.
 #[allow(clippy::result_large_err)]
 pub fn helper_outcome_to_result(outcome: Option<helper::Outcome>, action: helper::Action) -> Result {
-    fn redact(mut ctx: Context) -> Context {
-        if let Some(pw) = ctx.password.as_mut() {
-            *pw = "<redacted>".into();
-        }
-        ctx
-    }
     match (action, outcome) {
-        (helper::Action::Get(ctx), None) => Err(Error::IdentityMissing { context: redact(ctx) }),
+        (helper::Action::Get(ctx), None) => Err(Error::IdentityMissing {
+            context: ctx.redacted(),
+        }),
         (helper::Action::Get(ctx), Some(mut outcome)) => match outcome.consume_identity() {
             Some(identity) => Ok(Some(Outcome {
                 identity,
@@ -75,7 +71,9 @@ pub fn helper_outcome_to_result(outcome: Option<helper::Outcome>, action: helper
             None => Err(if outcome.quit {
                 Error::Quit
             } else {
-                Error::IdentityMissing { context: redact(ctx) }
+                Error::IdentityMissing {
+                    context: ctx.redacted(),
+                }
             }),
         },
         (helper::Action::Store(_) | helper::Action::Erase(_), _ignore) => Ok(None),
