add username and password to URL.toString()

[Gagege]

I'm trying to set dubRegistry and use a Basic HTTP Auth (ie. https://username:[email protected]) URL. I ran into an issue because URL.toString doesn't output username@password. So here is my solution. Open to feedback, of course. Thanks!

[WebFreak001]

At least in dub registry the equivalent class had them omitted by design, where it rather added a constant ***@*** string if credentials are present, to not expose it in error messages.

However in dub (running on the users PC with the users settings) I think it's not harmful to include credentials in any case. I think from the start it would maybe have been better to have an explicit build method that includes all the data, but I think adding it now would be unnecessary.

It's worthy thinking of the security considerations of this in any case - if any malicious party for example can look over the output of the users run (log of a CI run with secret dub registry credentials) and the connection fails and causes the credentials to be printed - could this be considered a security risk?

You mixed tabs and spaces btw.

[Gagege]

I see what you're saying @WebFreak001. What if I concatenated the username and password where it's needed in the download function instead? I'll update my PR anyway.

[Gagege]

Made an update. This should be safer, and backward compatible.

[Gagege]

@WebFreak001 @s-ludwig Do either of you know what happened with that failed build, DAutoTest? I can't find the actual error in it.