codecov[bot]
commented
6 years ago Codecov Report
Merging #590 into master will not change coverage. The diff coverage is
0%.
@@ Coverage Diff @@
## master #590 +/- ##
=======================================
Coverage 80.99% 80.99%
=======================================
Files 45 45
Lines 2920 2920
Branches 177 177
=======================================
Hits 2365 2365
Misses 497 497
Partials 58 58| Impacted Files | Coverage Δ | |
|---|---|---|
| cabot/cabotapp/models/base.py | 79.52% <0%> (ø) |
:arrow_up: |
Continue to review full report at Codecov.
Legend - Click here to learn more
Δ = absolute <relative> (impact),ø = not affected,? = missing dataPowered by Codecov. Last update 9ba585d...bca6ee1. Read the comment docs.
hartwork
davidjb
dbuxton
Due to non-obvious behaviour in
requests(https://github.com/requests/requests/issues/4465), the way in which Cabot currently constructs its auth for HTTP status checks results in the string ofNonebeing sent as part of Authorization header.In short, because the Python object
Nonegets passed into the auth tuple in https://github.com/arachnys/cabot/blob/master/cabot/cabotapp/models/base.py#L760, requests takes this and converts it to a string, resulting in an Authorization header that decodes tomy_api_key_orusername:None, which then breaks authentication for URLs/APIs (like GitHub) that only require a username.In this case, the solution is to ensure
requests.getis passed an a empty string for the password if one isn't specified. To get to this point, I can see two options: either this PR, which is a basic check for the object ofNone, or otherwise modify the Django models & database to use an empty string (ala https://docs.djangoproject.com/en/2.0/ref/models/fields/#null).The former is simplest as it doesn't change the data model and/or require migration; but the latter is probably the cleaner of the two options.