|
|
|
#!/bin/sh
|
|
|
|
|
|
|
|
test_description='test dumb fetching over http via static file'
|
|
|
|
. ./test-lib.sh
|
|
|
|
|
|
|
|
if test -n "$NO_CURL"; then
|
|
|
|
skip_all='skipping test, git built without http support'
|
|
|
|
test_done
|
|
|
|
fi
|
|
|
|
|
|
|
|
. "$TEST_DIRECTORY"/lib-httpd.sh
|
|
|
|
start_httpd
|
|
|
|
|
|
|
|
test_expect_success 'setup repository' '
|
|
|
|
git config push.default matching &&
|
|
|
|
echo content1 >file &&
|
|
|
|
git add file &&
|
|
|
|
git commit -m one
|
|
|
|
echo content2 >file &&
|
|
|
|
git add file &&
|
|
|
|
git commit -m two
|
|
|
|
'
|
|
|
|
|
|
|
|
test_expect_success 'create http-accessible bare repository with loose objects' '
|
|
|
|
cp -R .git "$HTTPD_DOCUMENT_ROOT_PATH/repo.git" &&
|
|
|
|
(cd "$HTTPD_DOCUMENT_ROOT_PATH/repo.git" &&
|
|
|
|
git config core.bare true &&
|
|
|
|
mkdir -p hooks &&
|
|
|
|
echo "exec git update-server-info" >hooks/post-update &&
|
|
|
|
chmod +x hooks/post-update &&
|
|
|
|
hooks/post-update
|
|
|
|
) &&
|
|
|
|
git remote add public "$HTTPD_DOCUMENT_ROOT_PATH/repo.git" &&
|
|
|
|
git push public master:master
|
|
|
|
'
|
|
|
|
|
|
|
|
test_expect_success 'clone http repository' '
|
|
|
|
git clone $HTTPD_URL/dumb/repo.git clone-tmpl &&
|
|
|
|
cp -R clone-tmpl clone &&
|
|
|
|
test_cmp file clone/file
|
|
|
|
'
|
|
|
|
|
|
|
|
test_expect_success 'create password-protected repository' '
|
|
|
|
mkdir -p "$HTTPD_DOCUMENT_ROOT_PATH/auth/dumb/" &&
|
|
|
|
cp -Rf "$HTTPD_DOCUMENT_ROOT_PATH/repo.git" \
|
|
|
|
"$HTTPD_DOCUMENT_ROOT_PATH/auth/dumb/repo.git"
|
|
|
|
'
|
|
|
|
|
|
|
|
setup_askpass_helper
|
http: use credential API to get passwords
This patch converts the http code to use the new credential
API, both for http authentication as well as for getting
certificate passwords.
Most of the code change is simply variable naming (the
passwords are now contained inside the credential struct)
or deletion of obsolete code (the credential code handles
URL parsing and prompting for us).
The behavior should be the same, with one exception: the
credential code will prompt with a description based on the
credential components. Therefore, the old prompt of:
Username for 'example.com':
Password for 'example.com':
now looks like:
Username for 'https://example.com/repo.git':
Password for 'https://user@example.com/repo.git':
Note that we include more information in each line,
specifically:
1. We now include the protocol. While more noisy, this is
an important part of knowing what you are accessing
(especially if you care about http vs https).
2. We include the username in the password prompt. This is
not a big deal when you have just been prompted for it,
but the username may also come from the remote's URL
(and after future patches, from configuration or
credential helpers). In that case, it's a nice
reminder of the user for which you're giving the
password.
3. We include the path component of the URL. In many
cases, the user won't care about this and it's simply
noise (i.e., they'll use the same credential for a
whole site). However, that is part of a larger
question, which is whether path components should be
part of credential context, both for prompting and for
lookup by storage helpers. That issue will be addressed
as a whole in a future patch.
Similarly, for unlocking certificates, we used to say:
Certificate Password for 'example.com':
and we now say:
Password for 'cert:///path/to/certificate':
Showing the path to the client certificate makes more sense,
as that is what you are unlocking, not "example.com".
Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
13 years ago
|
|
|
|
|
|
|
test_expect_success 'cloning password-protected repository can fail' '
|
|
|
|
set_askpass wrong &&
|
|
|
|
test_must_fail git clone "$HTTPD_URL/auth/dumb/repo.git" clone-auth-fail &&
|
http: use credential API to get passwords
This patch converts the http code to use the new credential
API, both for http authentication as well as for getting
certificate passwords.
Most of the code change is simply variable naming (the
passwords are now contained inside the credential struct)
or deletion of obsolete code (the credential code handles
URL parsing and prompting for us).
The behavior should be the same, with one exception: the
credential code will prompt with a description based on the
credential components. Therefore, the old prompt of:
Username for 'example.com':
Password for 'example.com':
now looks like:
Username for 'https://example.com/repo.git':
Password for 'https://user@example.com/repo.git':
Note that we include more information in each line,
specifically:
1. We now include the protocol. While more noisy, this is
an important part of knowing what you are accessing
(especially if you care about http vs https).
2. We include the username in the password prompt. This is
not a big deal when you have just been prompted for it,
but the username may also come from the remote's URL
(and after future patches, from configuration or
credential helpers). In that case, it's a nice
reminder of the user for which you're giving the
password.
3. We include the path component of the URL. In many
cases, the user won't care about this and it's simply
noise (i.e., they'll use the same credential for a
whole site). However, that is part of a larger
question, which is whether path components should be
part of credential context, both for prompting and for
lookup by storage helpers. That issue will be addressed
as a whole in a future patch.
Similarly, for unlocking certificates, we used to say:
Certificate Password for 'example.com':
and we now say:
Password for 'cert:///path/to/certificate':
Showing the path to the client certificate makes more sense,
as that is what you are unlocking, not "example.com".
Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
13 years ago
|
|
|
expect_askpass both wrong
|
|
|
|
'
|
|
|
|
|
|
|
|
test_expect_success 'http auth can use user/pass in URL' '
|
|
|
|
set_askpass wrong &&
|
|
|
|
git clone "$HTTPD_URL_USER_PASS/auth/dumb/repo.git" clone-auth-none &&
|
http: use credential API to get passwords
This patch converts the http code to use the new credential
API, both for http authentication as well as for getting
certificate passwords.
Most of the code change is simply variable naming (the
passwords are now contained inside the credential struct)
or deletion of obsolete code (the credential code handles
URL parsing and prompting for us).
The behavior should be the same, with one exception: the
credential code will prompt with a description based on the
credential components. Therefore, the old prompt of:
Username for 'example.com':
Password for 'example.com':
now looks like:
Username for 'https://example.com/repo.git':
Password for 'https://user@example.com/repo.git':
Note that we include more information in each line,
specifically:
1. We now include the protocol. While more noisy, this is
an important part of knowing what you are accessing
(especially if you care about http vs https).
2. We include the username in the password prompt. This is
not a big deal when you have just been prompted for it,
but the username may also come from the remote's URL
(and after future patches, from configuration or
credential helpers). In that case, it's a nice
reminder of the user for which you're giving the
password.
3. We include the path component of the URL. In many
cases, the user won't care about this and it's simply
noise (i.e., they'll use the same credential for a
whole site). However, that is part of a larger
question, which is whether path components should be
part of credential context, both for prompting and for
lookup by storage helpers. That issue will be addressed
as a whole in a future patch.
Similarly, for unlocking certificates, we used to say:
Certificate Password for 'example.com':
and we now say:
Password for 'cert:///path/to/certificate':
Showing the path to the client certificate makes more sense,
as that is what you are unlocking, not "example.com".
Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
13 years ago
|
|
|
expect_askpass none
|
|
|
|
'
|
|
|
|
|
|
|
|
test_expect_success 'http auth can use just user in URL' '
|
|
|
|
set_askpass wrong pass@host &&
|
|
|
|
git clone "$HTTPD_URL_USER/auth/dumb/repo.git" clone-auth-pass &&
|
http: use credential API to get passwords
This patch converts the http code to use the new credential
API, both for http authentication as well as for getting
certificate passwords.
Most of the code change is simply variable naming (the
passwords are now contained inside the credential struct)
or deletion of obsolete code (the credential code handles
URL parsing and prompting for us).
The behavior should be the same, with one exception: the
credential code will prompt with a description based on the
credential components. Therefore, the old prompt of:
Username for 'example.com':
Password for 'example.com':
now looks like:
Username for 'https://example.com/repo.git':
Password for 'https://user@example.com/repo.git':
Note that we include more information in each line,
specifically:
1. We now include the protocol. While more noisy, this is
an important part of knowing what you are accessing
(especially if you care about http vs https).
2. We include the username in the password prompt. This is
not a big deal when you have just been prompted for it,
but the username may also come from the remote's URL
(and after future patches, from configuration or
credential helpers). In that case, it's a nice
reminder of the user for which you're giving the
password.
3. We include the path component of the URL. In many
cases, the user won't care about this and it's simply
noise (i.e., they'll use the same credential for a
whole site). However, that is part of a larger
question, which is whether path components should be
part of credential context, both for prompting and for
lookup by storage helpers. That issue will be addressed
as a whole in a future patch.
Similarly, for unlocking certificates, we used to say:
Certificate Password for 'example.com':
and we now say:
Password for 'cert:///path/to/certificate':
Showing the path to the client certificate makes more sense,
as that is what you are unlocking, not "example.com".
Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
13 years ago
|
|
|
expect_askpass pass user@host
|
|
|
|
'
|
|
|
|
|
|
|
|
test_expect_success 'http auth can request both user and pass' '
|
|
|
|
set_askpass user@host pass@host &&
|
|
|
|
git clone "$HTTPD_URL/auth/dumb/repo.git" clone-auth-both &&
|
http: use credential API to get passwords
This patch converts the http code to use the new credential
API, both for http authentication as well as for getting
certificate passwords.
Most of the code change is simply variable naming (the
passwords are now contained inside the credential struct)
or deletion of obsolete code (the credential code handles
URL parsing and prompting for us).
The behavior should be the same, with one exception: the
credential code will prompt with a description based on the
credential components. Therefore, the old prompt of:
Username for 'example.com':
Password for 'example.com':
now looks like:
Username for 'https://example.com/repo.git':
Password for 'https://user@example.com/repo.git':
Note that we include more information in each line,
specifically:
1. We now include the protocol. While more noisy, this is
an important part of knowing what you are accessing
(especially if you care about http vs https).
2. We include the username in the password prompt. This is
not a big deal when you have just been prompted for it,
but the username may also come from the remote's URL
(and after future patches, from configuration or
credential helpers). In that case, it's a nice
reminder of the user for which you're giving the
password.
3. We include the path component of the URL. In many
cases, the user won't care about this and it's simply
noise (i.e., they'll use the same credential for a
whole site). However, that is part of a larger
question, which is whether path components should be
part of credential context, both for prompting and for
lookup by storage helpers. That issue will be addressed
as a whole in a future patch.
Similarly, for unlocking certificates, we used to say:
Certificate Password for 'example.com':
and we now say:
Password for 'cert:///path/to/certificate':
Showing the path to the client certificate makes more sense,
as that is what you are unlocking, not "example.com".
Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
13 years ago
|
|
|
expect_askpass both user@host
|
|
|
|
'
|
|
|
|
|
|
|
|
test_expect_success 'http auth respects credential helper config' '
|
|
|
|
test_config_global credential.helper "!f() {
|
|
|
|
cat >/dev/null
|
|
|
|
echo username=user@host
|
|
|
|
echo password=pass@host
|
|
|
|
}; f" &&
|
|
|
|
set_askpass wrong &&
|
|
|
|
git clone "$HTTPD_URL/auth/dumb/repo.git" clone-auth-helper &&
|
|
|
|
expect_askpass none
|
|
|
|
'
|
|
|
|
|
|
|
|
test_expect_success 'http auth can get username from config' '
|
|
|
|
test_config_global "credential.$HTTPD_URL.username" user@host &&
|
|
|
|
set_askpass wrong pass@host &&
|
|
|
|
git clone "$HTTPD_URL/auth/dumb/repo.git" clone-auth-user &&
|
|
|
|
expect_askpass pass user@host
|
|
|
|
'
|
|
|
|
|
|
|
|
test_expect_success 'configured username does not override URL' '
|
|
|
|
test_config_global "credential.$HTTPD_URL.username" wrong &&
|
|
|
|
set_askpass wrong pass@host &&
|
|
|
|
git clone "$HTTPD_URL_USER/auth/dumb/repo.git" clone-auth-user2 &&
|
|
|
|
expect_askpass pass user@host
|
|
|
|
'
|
|
|
|
|
|
|
|
test_expect_success 'fetch changes via http' '
|
|
|
|
echo content >>file &&
|
|
|
|
git commit -a -m two &&
|
|
|
|
git push public &&
|
|
|
|
(cd clone && git pull) &&
|
|
|
|
test_cmp file clone/file
|
|
|
|
'
|
|
|
|
|
|
|
|
test_expect_success 'fetch changes via manual http-fetch' '
|
|
|
|
cp -R clone-tmpl clone2 &&
|
|
|
|
|
|
|
|
HEAD=$(git rev-parse --verify HEAD) &&
|
|
|
|
(cd clone2 &&
|
|
|
|
git http-fetch -a -w heads/master-new $HEAD $(git config remote.origin.url) &&
|
|
|
|
git checkout master-new &&
|
|
|
|
test $HEAD = $(git rev-parse --verify HEAD)) &&
|
|
|
|
test_cmp file clone2/file
|
|
|
|
'
|
|
|
|
|
|
|
|
test_expect_success 'http remote detects correct HEAD' '
|
|
|
|
git push public master:other &&
|
|
|
|
(cd clone &&
|
|
|
|
git remote set-head origin -d &&
|
|
|
|
git remote set-head origin -a &&
|
|
|
|
git symbolic-ref refs/remotes/origin/HEAD > output &&
|
|
|
|
echo refs/remotes/origin/master > expect &&
|
|
|
|
test_cmp expect output
|
|
|
|
)
|
|
|
|
'
|
|
|
|
|
|
|
|
test_expect_success 'fetch packed objects' '
|
|
|
|
cp -R "$HTTPD_DOCUMENT_ROOT_PATH"/repo.git "$HTTPD_DOCUMENT_ROOT_PATH"/repo_pack.git &&
|
|
|
|
(cd "$HTTPD_DOCUMENT_ROOT_PATH"/repo_pack.git &&
|
|
|
|
git --bare repack -a -d
|
|
|
|
) &&
|
|
|
|
git clone $HTTPD_URL/dumb/repo_pack.git
|
|
|
|
'
|
|
|
|
|
|
|
|
test_expect_success 'fetch notices corrupt pack' '
|
|
|
|
cp -R "$HTTPD_DOCUMENT_ROOT_PATH"/repo_pack.git "$HTTPD_DOCUMENT_ROOT_PATH"/repo_bad1.git &&
|
|
|
|
(cd "$HTTPD_DOCUMENT_ROOT_PATH"/repo_bad1.git &&
|
|
|
|
p=`ls objects/pack/pack-*.pack` &&
|
|
|
|
chmod u+w $p &&
|
|
|
|
printf %0256d 0 | dd of=$p bs=256 count=1 seek=1 conv=notrunc
|
|
|
|
) &&
|
|
|
|
mkdir repo_bad1.git &&
|
|
|
|
(cd repo_bad1.git &&
|
|
|
|
git --bare init &&
|
|
|
|
test_must_fail git --bare fetch $HTTPD_URL/dumb/repo_bad1.git &&
|
|
|
|
test 0 = `ls objects/pack/pack-*.pack | wc -l`
|
|
|
|
)
|
|
|
|
'
|
|
|
|
|
|
|
|
test_expect_success 'fetch notices corrupt idx' '
|
|
|
|
cp -R "$HTTPD_DOCUMENT_ROOT_PATH"/repo_pack.git "$HTTPD_DOCUMENT_ROOT_PATH"/repo_bad2.git &&
|
|
|
|
(cd "$HTTPD_DOCUMENT_ROOT_PATH"/repo_bad2.git &&
|
|
|
|
p=`ls objects/pack/pack-*.idx` &&
|
|
|
|
chmod u+w $p &&
|
|
|
|
printf %0256d 0 | dd of=$p bs=256 count=1 seek=1 conv=notrunc
|
|
|
|
) &&
|
|
|
|
mkdir repo_bad2.git &&
|
|
|
|
(cd repo_bad2.git &&
|
|
|
|
git --bare init &&
|
|
|
|
test_must_fail git --bare fetch $HTTPD_URL/dumb/repo_bad2.git &&
|
|
|
|
test 0 = `ls objects/pack | wc -l`
|
|
|
|
)
|
|
|
|
'
|
|
|
|
|
|
|
|
test_expect_success 'did not use upload-pack service' '
|
|
|
|
grep '/git-upload-pack' <"$HTTPD_ROOT_PATH"/access.log >act
|
|
|
|
: >exp
|
|
|
|
test_cmp exp act
|
|
|
|
'
|
|
|
|
|
|
|
|
test_expect_success 'git client shows text/plain errors' '
|
|
|
|
test_must_fail git clone "$HTTPD_URL/error/text" 2>stderr &&
|
|
|
|
grep "this is the error message" stderr
|
|
|
|
'
|
|
|
|
|
|
|
|
test_expect_success 'git client does not show html errors' '
|
|
|
|
test_must_fail git clone "$HTTPD_URL/error/html" 2>stderr &&
|
|
|
|
! grep "this is the error message" stderr
|
|
|
|
'
|
|
|
|
|
|
|
|
test_expect_success 'git client shows text/plain with a charset' '
|
|
|
|
test_must_fail git clone "$HTTPD_URL/error/charset" 2>stderr &&
|
|
|
|
grep "this is the error message" stderr
|
|
|
|
'
|
|
|
|
|
|
|
|
test_expect_success 'http error messages are reencoded' '
|
|
|
|
test_must_fail git clone "$HTTPD_URL/error/utf16" 2>stderr &&
|
|
|
|
grep "this is the error message" stderr
|
|
|
|
'
|
|
|
|
|
|
|
|
stop_httpd
|
|
|
|
test_done
|