Vendor net-http and net-protocol in RubyGems

Author: deivid-rodriguez

.codespellrc

@@ -2,4 +2,4 @@
 check-filenames=
 check-hidden=
 ignore-words=.codespellignore
-skip=*.pem,.git,man,vcr_cassettes,vendor
+skip=*.pem,.git,man,vcr_cassettes,vendor,net-http

.rubocop.yml

@@ -10,6 +10,8 @@ AllCops:
     - lib/rubygems/resolver/molinillo/**/*
     - lib/rubygems/tsort/**/*
     - lib/rubygems/optparse/**/*
+    - lib/rubygems/net-protocol/**/*
+    - lib/rubygems/net-http/**/*
     - bundler/lib/bundler/vendor/**/*
   CacheRootDirectory: tmp/rubocop
   MaxFilesInCache: 5000

Manifest.txt

@@ -423,6 +423,21 @@ lib/rubygems/installer.rb
 lib/rubygems/installer_uninstaller_utils.rb
 lib/rubygems/local_remote_options.rb
 lib/rubygems/name_tuple.rb
+lib/rubygems/net-http/LICENSE.txt
+lib/rubygems/net-http/lib/net/http.rb
+lib/rubygems/net-http/lib/net/http/backward.rb
+lib/rubygems/net-http/lib/net/http/exceptions.rb
+lib/rubygems/net-http/lib/net/http/generic_request.rb
+lib/rubygems/net-http/lib/net/http/header.rb
+lib/rubygems/net-http/lib/net/http/proxy_delta.rb
+lib/rubygems/net-http/lib/net/http/request.rb
+lib/rubygems/net-http/lib/net/http/requests.rb
+lib/rubygems/net-http/lib/net/http/response.rb
+lib/rubygems/net-http/lib/net/http/responses.rb
+lib/rubygems/net-http/lib/net/http/status.rb
+lib/rubygems/net-http/lib/net/https.rb
+lib/rubygems/net-protocol/lib/net/protocol.rb
+lib/rubygems/net/http.rb
 lib/rubygems/openssl.rb
 lib/rubygems/optparse.rb
 lib/rubygems/optparse/.document

Rakefile

@@ -147,6 +147,25 @@ if File.exist?("tool/automatiek.rake")
     lib.license_path = "COPYING"
   end
 
+  desc "Vendor a specific version of net-http"
+  Automatiek::RakeTask.new("net-http") do |lib|
+    lib.version = "v0.4.0"
+    lib.download = { github: "https://github.com/ruby/net-http" }
+    lib.namespace = "Net"
+    lib.prefix = "Gem"
+    lib.vendor_lib = "lib/rubygems/net-http"
+    lib.license_path = "LICENSE.txt"
+
+    lib.dependency("net-protocol") do |sublib|
+      sublib.version = "v0.2.2"
+      sublib.download = { github: "https://github.com/ruby/net-protocol" }
+      sublib.namespace = "Net"
+      sublib.prefix = "Gem"
+      sublib.vendor_lib = "lib/rubygems/net-protocol"
+      sublib.license_path = "License.txt"
+    end
+  end
+
   desc "Vendor a specific version of pub_grub to bundler"
   Automatiek::RakeTask.new("pub_grub") do |lib|
     lib.version = "main"

lib/rubygems/gemcutter_utilities.rb

@@ -84,7 +84,7 @@ def host
   # If +allowed_push_host+ metadata is present, then it will only allow that host.
 
   def rubygems_api_request(method, path, host = nil, allowed_push_host = nil, scope: nil, credentials: {}, &block)
-    require "net/http"
+    require_relative "net/http"
 
     self.host = host if host
     unless self.host
@@ -119,7 +119,7 @@ def rubygems_api_request(method, path, host = nil, allowed_push_host = nil, scop
   end
 
   def mfa_unauthorized?(response)
-    response.is_a?(Net::HTTPUnauthorized) && response.body.start_with?("You have enabled multifactor authentication")
+    response.is_a?(Gem::Net::HTTPUnauthorized) && response.body.start_with?("You have enabled multifactor authentication")
   end
 
   def update_scope(scope)
@@ -208,13 +208,13 @@ def verify_api_key(key)
 
   def with_response(response, error_prefix = nil)
     case response
-    when Net::HTTPSuccess then
+    when Gem::Net::HTTPSuccess then
       if block_given?
         yield response
       else
         say clean_text(response.body)
       end
-    when Net::HTTPPermanentRedirect, Net::HTTPRedirection then
+    when Gem::Net::HTTPPermanentRedirect, Gem::Net::HTTPRedirection then
       message = "The request has redirected permanently to #{response["location"]}. Please check your defined push host URL."
       message = "#{error_prefix}: #{message}" if error_prefix
 
@@ -244,7 +244,7 @@ def set_api_key(host, key)
   private
 
   def request_with_otp(method, uri, &block)
-    request_method = Net::HTTP.const_get method.to_s.capitalize
+    request_method = Gem::Net::HTTP.const_get method.to_s.capitalize
 
     Gem::RemoteFetcher.fetcher.request(uri, request_method) do |req|
       req["OTP"] = otp if otp
@@ -297,7 +297,7 @@ def webauthn_verification_url(credentials)
         request.basic_auth credentials[:email], credentials[:password]
       end
     end
-    response.is_a?(Net::HTTPSuccess) ? response.body : nil
+    response.is_a?(Gem::Net::HTTPSuccess) ? response.body : nil
   end
 
   def pretty_host(host)
@@ -366,6 +366,6 @@ def get_key_name(scope)
   end
 
   def api_key_forbidden?(response)
-    response.is_a?(Net::HTTPForbidden) && response.body.start_with?("The API key doesn't have access")
+    response.is_a?(Gem::Net::HTTPForbidden) && response.body.start_with?("The API key doesn't have access")
   end
 end

lib/rubygems/gemcutter_utilities/webauthn_listener/response.rb

@@ -2,9 +2,9 @@
 
 ##
 # The WebauthnListener Response class is used by the WebauthnListener to create
-# responses to be sent to the Gem host. It creates a Net::HTTPResponse instance
+# responses to be sent to the Gem host. It creates a Gem::Net::HTTPResponse instance
 # when initialized and can be converted to the appropriate format to be sent by a socket using `to_s`.
-# Net::HTTPResponse instances cannot be directly sent over a socket.
+# Gem::Net::HTTPResponse instances cannot be directly sent over a socket.
 #
 # Types of response classes:
 #   - OkResponse
@@ -60,7 +60,7 @@ def reason_phrase
       def body; end
 
       def build_http_response
-        response_class = Net::HTTPResponse::CODE_TO_OBJ[code.to_s]
+        response_class = Gem::Net::HTTPResponse::CODE_TO_OBJ[code.to_s]
         @http_response = response_class.new("1.1", code, reason_phrase)
         @http_response.instance_variable_set(:@read, true)
 

lib/rubygems/gemcutter_utilities/webauthn_poller.rb

@@ -46,7 +46,7 @@ def poll_for_otp(webauthn_url, credentials)
       Timeout.timeout(TIMEOUT_IN_SECONDS) do
         loop do
           response = webauthn_verification_poll_response(webauthn_url, credentials)
-          raise Gem::WebauthnVerificationError, response.message unless response.is_a?(Net::HTTPSuccess)
+          raise Gem::WebauthnVerificationError, response.message unless response.is_a?(Gem::Net::HTTPSuccess)
 
           require "json"
           parsed_response = JSON.parse(response.body)

lib/rubygems/net-http/LICENSE.txt

@@ -0,0 +1,22 @@
+Copyright (C) 1993-2013 Yukihiro Matsumoto. All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions
+are met:
+1. Redistributions of source code must retain the above copyright
+notice, this list of conditions and the following disclaimer.
+2. Redistributions in binary form must reproduce the above copyright
+notice, this list of conditions and the following disclaimer in the
+documentation and/or other materials provided with the distribution.
+
+THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+SUCH DAMAGE.