From 610684bb080095dcd8a2ca6cef1ff45787e4bdcf Mon Sep 17 00:00:00 2001
From: =?utf8?q?Gunnlaugur=20=C3=9E=C3=B3r=20Briem?= <gunnlaugur@gmail.com>
Date: Fri, 6 Sep 2013 17:55:19 +0000
Subject: [PATCH] Hide password in URL and Engine __repr__

Fixes #2821
---
 lib/sqlalchemy/engine/base.py    |  2 +-
 lib/sqlalchemy/engine/url.py     | 11 +++++++++--
 test/engine/test_parseconnect.py |  4 ++++
 3 files changed, 14 insertions(+), 3 deletions(-)

diff --git a/lib/sqlalchemy/engine/base.py b/lib/sqlalchemy/engine/base.py
index 9a10e829e2..ca99250ac5 100644
--- a/lib/sqlalchemy/engine/base.py
+++ b/lib/sqlalchemy/engine/base.py
@@ -1428,7 +1428,7 @@ class Engine(Connectable, log.Identified):
     echo = log.echo_property()
 
     def __repr__(self):
-        return 'Engine(%s)' % str(self.url)
+        return 'Engine(%r)' % self.url
 
     def dispose(self):
         """Dispose of the connection pool used by this :class:`.Engine`.
diff --git a/lib/sqlalchemy/engine/url.py b/lib/sqlalchemy/engine/url.py
index 717eb54e16..1f192ae7fe 100644
--- a/lib/sqlalchemy/engine/url.py
+++ b/lib/sqlalchemy/engine/url.py
@@ -62,12 +62,13 @@ class URL(object):
         self.database = database
         self.query = query or {}
 
-    def __str__(self):
+    def __to_string__(self, hide_password=True):
         s = self.drivername + "://"
         if self.username is not None:
             s += self.username
             if self.password is not None:
-                s += ':' + util.quote_plus(self.password)
+                s += ':' + ('***' if hide_password
+                            else util.quote_plus(self.password))
             s += "@"
         if self.host is not None:
             s += self.host
@@ -81,6 +82,12 @@ class URL(object):
             s += '?' + "&".join("%s=%s" % (k, self.query[k]) for k in keys)
         return s
 
+    def __str__(self):
+        return self.__to_string__(hide_password=False)
+
+    def __repr__(self):
+        return self.__to_string__()
+
     def __hash__(self):
         return hash(str(self))
 
diff --git a/test/engine/test_parseconnect.py b/test/engine/test_parseconnect.py
index 106bd07824..f56c844f01 100644
--- a/test/engine/test_parseconnect.py
+++ b/test/engine/test_parseconnect.py
@@ -277,6 +277,10 @@ pool_timeout=10
         assert e.url.drivername == e2.url.drivername == 'mysql'
         assert e.url.username == e2.url.username == 'scott'
         assert e2.url is u
+        assert str(u) == 'mysql://scott:tiger@localhost/test'
+        assert repr(u) == 'mysql://scott:***@localhost/test'
+        assert repr(e) == 'Engine(mysql://scott:***@localhost/test)'
+        assert repr(e2) == 'Engine(mysql://scott:***@localhost/test)'
 
     def test_poolargs(self):
         """test that connection pool args make it thru"""
-- 
2.47.3