Redact password in Debug prints + some housekeeping

.gitignore

@@ -2,6 +2,8 @@
 #######################
 .vscode/
 /target
+# Not needed in a library.
+Cargo.lock
 
 # Compiled source #
 ###################
@@ -39,4 +41,4 @@ bundle
 .Spotlight-V100
 .Trashes
 ehthumbs.db
-Thumbs.db
+Thumbs.db

CHANGELOG

@@ -4,6 +4,10 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [0.3.6] - 2026-01-05
+### Security
+- Redact password from debug prints
+
 ## [0.3.1] - 2021-08-15
 ### Fixed
 - CI workflows issues due to missing conditional publishing triggerer and out of

CONTRIBUTING.md

@@ -15,7 +15,7 @@ about behavior to being permanently banned from the http-auth-basic repository.
 
 Not all interactions that require remediation are clear violations
 of the Code of Conduct. Project maintainers will take appropriate
-action, when neccessary, to ensure the http-auth-basic community is a space
+action, when necessary, to ensure the http-auth-basic community is a space
 where individuals can comfortably collaborate and bring their
 entire selves. Unfortunately, if bringing your entire self is
 infringing on others from doing the same, you may be asked to leave.

Cargo.toml

@@ -1,11 +1,11 @@
 [package]
 name = "http-auth-basic"
-version = "0.3.5"
+version = "0.3.6"
 authors = ["Esteban Borai <estebanborai@gmail.com>"]
 
-edition = "2021"
+edition = "2024"
 license = "MIT OR Apache-2.0"
-description = "HTTP Basic Authentication Scheme (RFC 7617 and RFC 2617 compilant, base64-encoded credentials) for Rust applications"
+description = "HTTP Basic Authentication Scheme (RFC 7617 and RFC 2617 compliant, base64-encoded credentials) for Rust applications"
 readme = "README.md"
 repository = "https://github.com/EstebanBorai/http-auth-basic"
 categories = ["authentication", "encoding", "web-programming", "web-programming::http-server", "web-programming::http-client"]

README.md

@@ -8,7 +8,7 @@
   </div>
   <h1 align="center">http-auth-basic</h1>
   <h4 align="center">
-    HTTP Basic Authentication Scheme (RFC 7617 and RFC 2617 compilant, base64-encoded credentials) for Rust applications
+    HTTP Basic Authentication Scheme (RFC 7617 and RFC 2617 compliant, base64-encoded credentials) for Rust applications
   </h4>
 </div>
 

src/credentials.rs

@@ -1,12 +1,12 @@
-use std::str::FromStr;
+use std::{fmt, str::FromStr};
 
-use base64::{prelude::BASE64_STANDARD, Engine};
+use base64::{Engine, prelude::BASE64_STANDARD};
 
 use crate::error::AuthBasicError;
 
 /// A `struct` to represent the `user_id` and `password` fields
 /// from an _Authorization Basic_ header value
-#[derive(Debug, PartialEq)]
+#[derive(PartialEq)]
 pub struct Credentials {
     pub user_id: String,
     pub password: String,
@@ -102,3 +102,13 @@ impl FromStr for Credentials {
         Self::decode(s.into())
     }
 }
+
+/// Debug implementation never prints out the password.
+impl fmt::Debug for Credentials {
+    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
+        f.debug_struct("Credentials")
+            .field("user_id", &self.user_id)
+            .field("password", &"REDACTED")
+            .finish()
+    }
+}

src/lib.rs

@@ -153,4 +153,22 @@ mod tests {
 
         assert!(credentials.is_err());
     }
+
+    #[test]
+    fn debug_redacts_password() {
+        let password = "secret teapot";
+        let credentials = Credentials::new("username", password);
+
+        let debugged = format!("{credentials:?}");
+        let pretty = format!("{credentials:#?}");
+
+        // The password should not appear in the prints.
+        assert!(!debugged.contains(password));
+        assert!(!pretty.contains(password));
+
+        // It should be replaced with this:
+        const REDACTED: &str = "REDACTED";
+        assert!(debugged.contains(REDACTED));
+        assert!(pretty.contains(REDACTED));
+    }
 }