From 3cf8fe1d26edd7c4cce6593d70212970f8b0bbc0 Mon Sep 17 00:00:00 2001
From: Gabriel Corona <gabriel.corona@enst-bretagne.fr>
Date: Sun, 14 Nov 2010 02:51:14 +0100
Subject: [PATCH 1/2] t5550: test HTTP authentication and userinfo decoding

Add a test for HTTP authentication and proper percent-decoding of the
userinfo (username and password) part of the URL.

Signed-off-by: Gabriel Corona <gabriel.corona@enst-bretagne.fr>
Acked-by: Tay Ray Chuan <rctay89@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
---
 t/lib-httpd.sh          |  3 +++
 t/lib-httpd/apache.conf | 29 +++++++++++++++++++++++++++++
 t/lib-httpd/passwd      |  1 +
 t/t5550-http-fetch.sh   |  7 +++++++
 4 files changed, 40 insertions(+)
 create mode 100644 t/lib-httpd/passwd

diff --git a/t/lib-httpd.sh b/t/lib-httpd.sh
index e733f6516f..3f24384371 100644
--- a/t/lib-httpd.sh
+++ b/t/lib-httpd.sh
@@ -75,12 +75,14 @@ fi
 
 prepare_httpd() {
 	mkdir -p "$HTTPD_DOCUMENT_ROOT_PATH"
+	cp "$TEST_PATH"/passwd "$HTTPD_ROOT_PATH"
 
 	ln -s "$LIB_HTTPD_MODULE_PATH" "$HTTPD_ROOT_PATH/modules"
 
 	if test -n "$LIB_HTTPD_SSL"
 	then
 		HTTPD_URL=https://127.0.0.1:$LIB_HTTPD_PORT
+		AUTH_HTTPD_URL=https://user%40host:user%40host@127.0.0.1:$LIB_HTTPD_PORT
 
 		RANDFILE_PATH="$HTTPD_ROOT_PATH"/.rnd openssl req \
 			-config "$TEST_PATH/ssl.cnf" \
@@ -92,6 +94,7 @@ prepare_httpd() {
 		HTTPD_PARA="$HTTPD_PARA -DSSL"
 	else
 		HTTPD_URL=http://127.0.0.1:$LIB_HTTPD_PORT
+		AUTH_HTTPD_URL=http://user%40host:user%40host@127.0.0.1:$LIB_HTTPD_PORT
 	fi
 
 	if test -n "$LIB_HTTPD_DAV" -o -n "$LIB_HTTPD_SVN"
diff --git a/t/lib-httpd/apache.conf b/t/lib-httpd/apache.conf
index 4961505d1d..b40e43bb31 100644
--- a/t/lib-httpd/apache.conf
+++ b/t/lib-httpd/apache.conf
@@ -17,8 +17,30 @@ ErrorLog error.log
 <IfModule !mod_env.c>
 	LoadModule env_module modules/mod_env.so
 </IfModule>
+<IfModule !mod_version.c>
+	LoadModule version_module modules/mod_version.so
+</IfModule>
+
+<IfVersion < 2.1>
+<IfModule !mod_auth.c>
+	LoadModule auth_module modules/mod_auth.so
+</IfModule>
+</IfVersion>
+
+<IfVersion >= 2.1>
+<IfModule !mod_auth_basic.c>
+	LoadModule auth_basic_module modules/mod_auth_basic.so
+</IfModule>
+<IfModule !mod_authn_file.c>
+	LoadModule authn_file_module modules/mod_authn_file.so
+</IfModule>
+<IfModule !mod_authz_user.c>
+	LoadModule authz_user_module modules/mod_authz_user.so
+</IfModule>
+</IfVersion>
 
 Alias /dumb/ www/
+Alias /auth/ www/auth/
 
 <Location /smart/>
 	SetEnv GIT_EXEC_PATH ${GIT_EXEC_PATH}
@@ -48,6 +70,13 @@ SSLMutex file:ssl_mutex
 SSLEngine On
 </IfDefine>
 
+<Location /auth/>
+	AuthType Basic
+	AuthName "git-auth"
+	AuthUserFile passwd
+	Require valid-user
+</Location>
+
 <IfDefine DAV>
 	LoadModule dav_module modules/mod_dav.so
 	LoadModule dav_fs_module modules/mod_dav_fs.so
diff --git a/t/lib-httpd/passwd b/t/lib-httpd/passwd
new file mode 100644
index 0000000000..f2fbcad33e
--- /dev/null
+++ b/t/lib-httpd/passwd
@@ -0,0 +1 @@
+user@host:nKpa8pZUHx/ic
diff --git a/t/t5550-http-fetch.sh b/t/t5550-http-fetch.sh
index 2fb48d09ed..a0564deaae 100755
--- a/t/t5550-http-fetch.sh
+++ b/t/t5550-http-fetch.sh
@@ -34,6 +34,13 @@ test_expect_success 'clone http repository' '
 	test_cmp file clone/file
 '
 
+test_expect_failure 'clone http repository with authentication' '
+	mkdir "$HTTPD_DOCUMENT_ROOT_PATH/auth/" &&
+	cp -Rf "$HTTPD_DOCUMENT_ROOT_PATH/repo.git" "$HTTPD_DOCUMENT_ROOT_PATH/auth/repo.git" &&
+	git clone $AUTH_HTTPD_URL/auth/repo.git clone-auth &&
+	test_cmp file clone-auth/file
+'
+
 test_expect_success 'fetch changes via http' '
 	echo content >>file &&
 	git commit -a -m two &&

From f39f72d8cf03b61407f64460eba3357ec532280e Mon Sep 17 00:00:00 2001
From: Gabriel Corona <gabriel.corona@enst-bretagne.fr>
Date: Sun, 14 Nov 2010 02:51:15 +0100
Subject: [PATCH 2/2] Fix username and password extraction from HTTP URLs

Change the authentification initialisation to percent-decode username
and password for HTTP URLs.

Signed-off-by: Gabriel Corona <gabriel.corona@enst-bretagne.fr>
Acked-by: Tay Ray Chuan <rctay89@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
---
 http.c                | 12 +++++++++++-
 t/t5550-http-fetch.sh |  2 +-
 2 files changed, 12 insertions(+), 2 deletions(-)

diff --git a/http.c b/http.c
index 0a5011f615..c9393a8471 100644
--- a/http.c
+++ b/http.c
@@ -2,6 +2,7 @@
 #include "pack.h"
 #include "sideband.h"
 #include "run-command.h"
+#include "url.h"
 
 int data_received;
 int active_requests;
@@ -297,7 +298,7 @@ static CURL *get_curl_handle(void)
 
 static void http_auth_init(const char *url)
 {
-	char *at, *colon, *cp, *slash;
+	char *at, *colon, *cp, *slash, *decoded;
 	int len;
 
 	cp = strstr(url, "://");
@@ -322,16 +323,25 @@ static void http_auth_init(const char *url)
 		user_name = xmalloc(len + 1);
 		memcpy(user_name, cp, len);
 		user_name[len] = '\0';
+		decoded = url_decode(user_name);
+		free(user_name);
+		user_name = decoded;
 		user_pass = NULL;
 	} else {
 		len = colon - cp;
 		user_name = xmalloc(len + 1);
 		memcpy(user_name, cp, len);
 		user_name[len] = '\0';
+		decoded = url_decode(user_name);
+		free(user_name);
+		user_name = decoded;
 		len = at - (colon + 1);
 		user_pass = xmalloc(len + 1);
 		memcpy(user_pass, colon + 1, len);
 		user_pass[len] = '\0';
+		decoded = url_decode(user_pass);
+		free(user_pass);
+		user_pass = decoded;
 	}
 }
 
diff --git a/t/t5550-http-fetch.sh b/t/t5550-http-fetch.sh
index a0564deaae..8c2ac353b7 100755
--- a/t/t5550-http-fetch.sh
+++ b/t/t5550-http-fetch.sh
@@ -34,7 +34,7 @@ test_expect_success 'clone http repository' '
 	test_cmp file clone/file
 '
 
-test_expect_failure 'clone http repository with authentication' '
+test_expect_success 'clone http repository with authentication' '
 	mkdir "$HTTPD_DOCUMENT_ROOT_PATH/auth/" &&
 	cp -Rf "$HTTPD_DOCUMENT_ROOT_PATH/repo.git" "$HTTPD_DOCUMENT_ROOT_PATH/auth/repo.git" &&
 	git clone $AUTH_HTTPD_URL/auth/repo.git clone-auth &&