From: Can Sarıgöl <cansarigol@derinbilgi.com.tr>
Date: Tue, 20 Aug 2019 10:48:28 +0000 (+0300)
Subject: fixed __repr__ function of Headers and Url classes (#222)
X-Git-Tag: 0.7.2~23
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=a0aff8d169d32650191bb41da3c90260c3b7fdb8;p=thirdparty%2Fhttpx.git

fixed __repr__ function of Headers and Url classes (#222)
---

diff --git a/httpx/models.py b/httpx/models.py
index e433320e..edb5723f 100644
--- a/httpx/models.py
+++ b/httpx/models.py
@@ -210,6 +210,12 @@ class URL:
     def __repr__(self) -> str:
         class_name = self.__class__.__name__
         url_str = str(self)
+        if self._uri_reference.userinfo:
+            url_str = (
+                rfc3986.urlparse(url_str)
+                .copy_with(userinfo=f"{self.username}:[secure]")
+                .unsplit()
+            )
         return f"{class_name}({url_str!r})"
 
 
@@ -489,10 +495,14 @@ class Headers(typing.MutableMapping[str, str]):
         if self.encoding != "ascii":
             encoding_str = f", encoding={self.encoding!r}"
 
-        as_dict = dict(self.items())
-        if len(as_dict) == len(self):
+        sensitive_headers = {"authorization", "proxy-authorization"}
+        as_list = [
+            (k, "[secure]" if k in sensitive_headers else v) for k, v in self.items()
+        ]
+
+        as_dict = dict(as_list)
+        if len(as_dict) == len(as_list):
             return f"{class_name}({as_dict!r}{encoding_str})"
-        as_list = self.items()
         return f"{class_name}({as_list!r}{encoding_str})"
 
 
diff --git a/tests/client/test_auth.py b/tests/client/test_auth.py
index 6cc64a7e..725ea56c 100644
--- a/tests/client/test_auth.py
+++ b/tests/client/test_auth.py
@@ -2,6 +2,7 @@ import json
 import os
 
 from httpx import (
+    URL,
     AsyncDispatcher,
     AsyncRequest,
     AsyncResponse,
@@ -100,3 +101,20 @@ def test_trust_env_auth():
     assert response.json() == {
         "auth": "Basic ZXhhbXBsZS11c2VybmFtZTpleGFtcGxlLXBhc3N3b3Jk"
     }
+
+
+def test_auth_hidden_url():
+    url = "http://example-username:example-password@example.org/"
+    expected = "URL('http://example-username:[secure]@example.org/')"
+    assert url == URL(url)
+    assert expected == repr(URL(url))
+
+
+def test_auth_hidden_header():
+    url = "https://example.org/"
+    auth = ("example-username", "example-password")
+
+    with Client(dispatch=MockDispatch()) as client:
+        response = client.get(url, auth=auth)
+
+    assert "'authorization': '[secure]'" in str(response.request.headers)