You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
329 lines
8.3 KiB
329 lines
8.3 KiB
#!/bin/sh |
|
|
|
test_description='test http auth header and credential helper interop' |
|
|
|
. ./test-lib.sh |
|
. "$TEST_DIRECTORY"/lib-httpd.sh |
|
|
|
enable_cgipassauth |
|
if ! test_have_prereq CGIPASSAUTH |
|
then |
|
skip_all="no CGIPassAuth support" |
|
test_done |
|
fi |
|
start_httpd |
|
|
|
test_expect_success 'setup_credential_helper' ' |
|
mkdir "$TRASH_DIRECTORY/bin" && |
|
PATH=$PATH:"$TRASH_DIRECTORY/bin" && |
|
export PATH && |
|
|
|
CREDENTIAL_HELPER="$TRASH_DIRECTORY/bin/git-credential-test-helper" && |
|
write_script "$CREDENTIAL_HELPER" <<-\EOF |
|
cmd=$1 |
|
teefile=$cmd-query.cred |
|
catfile=$cmd-reply.cred |
|
sed -n -e "/^$/q" -e "p" >>$teefile |
|
if test "$cmd" = "get" |
|
then |
|
cat $catfile |
|
fi |
|
EOF |
|
' |
|
|
|
set_credential_reply () { |
|
cat >"$TRASH_DIRECTORY/$1-reply.cred" |
|
} |
|
|
|
expect_credential_query () { |
|
cat >"$TRASH_DIRECTORY/$1-expect.cred" && |
|
test_cmp "$TRASH_DIRECTORY/$1-expect.cred" \ |
|
"$TRASH_DIRECTORY/$1-query.cred" |
|
} |
|
|
|
per_test_cleanup () { |
|
rm -f *.cred && |
|
rm -f "$HTTPD_ROOT_PATH"/custom-auth.valid \ |
|
"$HTTPD_ROOT_PATH"/custom-auth.challenge |
|
} |
|
|
|
test_expect_success 'setup repository' ' |
|
test_commit foo && |
|
git init --bare "$HTTPD_DOCUMENT_ROOT_PATH/repo.git" && |
|
git push --mirror "$HTTPD_DOCUMENT_ROOT_PATH/repo.git" |
|
' |
|
|
|
test_expect_success 'access using basic auth' ' |
|
test_when_finished "per_test_cleanup" && |
|
|
|
set_credential_reply get <<-EOF && |
|
username=alice |
|
password=secret-passwd |
|
EOF |
|
|
|
# Basic base64(alice:secret-passwd) |
|
cat >"$HTTPD_ROOT_PATH/custom-auth.valid" <<-EOF && |
|
Basic YWxpY2U6c2VjcmV0LXBhc3N3ZA== |
|
EOF |
|
|
|
cat >"$HTTPD_ROOT_PATH/custom-auth.challenge" <<-EOF && |
|
WWW-Authenticate: Basic realm="example.com" |
|
EOF |
|
|
|
test_config_global credential.helper test-helper && |
|
git ls-remote "$HTTPD_URL/custom_auth/repo.git" && |
|
|
|
expect_credential_query get <<-EOF && |
|
protocol=http |
|
host=$HTTPD_DEST |
|
wwwauth[]=Basic realm="example.com" |
|
EOF |
|
|
|
expect_credential_query store <<-EOF |
|
protocol=http |
|
host=$HTTPD_DEST |
|
username=alice |
|
password=secret-passwd |
|
EOF |
|
' |
|
|
|
test_expect_success 'access using basic auth invalid credentials' ' |
|
test_when_finished "per_test_cleanup" && |
|
|
|
set_credential_reply get <<-EOF && |
|
username=baduser |
|
password=wrong-passwd |
|
EOF |
|
|
|
# Basic base64(alice:secret-passwd) |
|
cat >"$HTTPD_ROOT_PATH/custom-auth.valid" <<-EOF && |
|
Basic YWxpY2U6c2VjcmV0LXBhc3N3ZA== |
|
EOF |
|
|
|
cat >"$HTTPD_ROOT_PATH/custom-auth.challenge" <<-EOF && |
|
WWW-Authenticate: Basic realm="example.com" |
|
EOF |
|
|
|
test_config_global credential.helper test-helper && |
|
test_must_fail git ls-remote "$HTTPD_URL/custom_auth/repo.git" && |
|
|
|
expect_credential_query get <<-EOF && |
|
protocol=http |
|
host=$HTTPD_DEST |
|
wwwauth[]=Basic realm="example.com" |
|
EOF |
|
|
|
expect_credential_query erase <<-EOF |
|
protocol=http |
|
host=$HTTPD_DEST |
|
username=baduser |
|
password=wrong-passwd |
|
wwwauth[]=Basic realm="example.com" |
|
EOF |
|
' |
|
|
|
test_expect_success 'access using basic auth with extra challenges' ' |
|
test_when_finished "per_test_cleanup" && |
|
|
|
set_credential_reply get <<-EOF && |
|
username=alice |
|
password=secret-passwd |
|
EOF |
|
|
|
# Basic base64(alice:secret-passwd) |
|
cat >"$HTTPD_ROOT_PATH/custom-auth.valid" <<-EOF && |
|
Basic YWxpY2U6c2VjcmV0LXBhc3N3ZA== |
|
EOF |
|
|
|
cat >"$HTTPD_ROOT_PATH/custom-auth.challenge" <<-EOF && |
|
WWW-Authenticate: FooBar param1="value1" param2="value2" |
|
WWW-Authenticate: Bearer authorize_uri="id.example.com" p=1 q=0 |
|
WWW-Authenticate: Basic realm="example.com" |
|
EOF |
|
|
|
test_config_global credential.helper test-helper && |
|
git ls-remote "$HTTPD_URL/custom_auth/repo.git" && |
|
|
|
expect_credential_query get <<-EOF && |
|
protocol=http |
|
host=$HTTPD_DEST |
|
wwwauth[]=FooBar param1="value1" param2="value2" |
|
wwwauth[]=Bearer authorize_uri="id.example.com" p=1 q=0 |
|
wwwauth[]=Basic realm="example.com" |
|
EOF |
|
|
|
expect_credential_query store <<-EOF |
|
protocol=http |
|
host=$HTTPD_DEST |
|
username=alice |
|
password=secret-passwd |
|
EOF |
|
' |
|
|
|
test_expect_success 'access using basic auth mixed-case wwwauth header name' ' |
|
test_when_finished "per_test_cleanup" && |
|
|
|
set_credential_reply get <<-EOF && |
|
username=alice |
|
password=secret-passwd |
|
EOF |
|
|
|
# Basic base64(alice:secret-passwd) |
|
cat >"$HTTPD_ROOT_PATH/custom-auth.valid" <<-EOF && |
|
Basic YWxpY2U6c2VjcmV0LXBhc3N3ZA== |
|
EOF |
|
|
|
cat >"$HTTPD_ROOT_PATH/custom-auth.challenge" <<-EOF && |
|
www-authenticate: foobar param1="value1" param2="value2" |
|
WWW-AUTHENTICATE: BEARER authorize_uri="id.example.com" p=1 q=0 |
|
WwW-aUtHeNtIcAtE: baSiC realm="example.com" |
|
EOF |
|
|
|
test_config_global credential.helper test-helper && |
|
git ls-remote "$HTTPD_URL/custom_auth/repo.git" && |
|
|
|
expect_credential_query get <<-EOF && |
|
protocol=http |
|
host=$HTTPD_DEST |
|
wwwauth[]=foobar param1="value1" param2="value2" |
|
wwwauth[]=BEARER authorize_uri="id.example.com" p=1 q=0 |
|
wwwauth[]=baSiC realm="example.com" |
|
EOF |
|
|
|
expect_credential_query store <<-EOF |
|
protocol=http |
|
host=$HTTPD_DEST |
|
username=alice |
|
password=secret-passwd |
|
EOF |
|
' |
|
|
|
test_expect_success 'access using basic auth with wwwauth header continuations' ' |
|
test_when_finished "per_test_cleanup" && |
|
|
|
set_credential_reply get <<-EOF && |
|
username=alice |
|
password=secret-passwd |
|
EOF |
|
|
|
# Basic base64(alice:secret-passwd) |
|
cat >"$HTTPD_ROOT_PATH/custom-auth.valid" <<-EOF && |
|
Basic YWxpY2U6c2VjcmV0LXBhc3N3ZA== |
|
EOF |
|
|
|
# Note that leading and trailing whitespace is important to correctly |
|
# simulate a continuation/folded header. |
|
cat >"$HTTPD_ROOT_PATH/custom-auth.challenge" <<-EOF && |
|
WWW-Authenticate: FooBar param1="value1" |
|
param2="value2" |
|
WWW-Authenticate: Bearer authorize_uri="id.example.com" |
|
p=1 |
|
q=0 |
|
WWW-Authenticate: Basic realm="example.com" |
|
EOF |
|
|
|
test_config_global credential.helper test-helper && |
|
git ls-remote "$HTTPD_URL/custom_auth/repo.git" && |
|
|
|
expect_credential_query get <<-EOF && |
|
protocol=http |
|
host=$HTTPD_DEST |
|
wwwauth[]=FooBar param1="value1" param2="value2" |
|
wwwauth[]=Bearer authorize_uri="id.example.com" p=1 q=0 |
|
wwwauth[]=Basic realm="example.com" |
|
EOF |
|
|
|
expect_credential_query store <<-EOF |
|
protocol=http |
|
host=$HTTPD_DEST |
|
username=alice |
|
password=secret-passwd |
|
EOF |
|
' |
|
|
|
test_expect_success 'access using basic auth with wwwauth header empty continuations' ' |
|
test_when_finished "per_test_cleanup" && |
|
|
|
set_credential_reply get <<-EOF && |
|
username=alice |
|
password=secret-passwd |
|
EOF |
|
|
|
# Basic base64(alice:secret-passwd) |
|
cat >"$HTTPD_ROOT_PATH/custom-auth.valid" <<-EOF && |
|
Basic YWxpY2U6c2VjcmV0LXBhc3N3ZA== |
|
EOF |
|
|
|
CHALLENGE="$HTTPD_ROOT_PATH/custom-auth.challenge" && |
|
|
|
# Note that leading and trailing whitespace is important to correctly |
|
# simulate a continuation/folded header. |
|
printf "WWW-Authenticate: FooBar param1=\"value1\"\r\n" >"$CHALLENGE" && |
|
printf " \r\n" >>"$CHALLENGE" && |
|
printf " param2=\"value2\"\r\n" >>"$CHALLENGE" && |
|
printf "WWW-Authenticate: Bearer authorize_uri=\"id.example.com\"\r\n" >>"$CHALLENGE" && |
|
printf " p=1\r\n" >>"$CHALLENGE" && |
|
printf " \r\n" >>"$CHALLENGE" && |
|
printf " q=0\r\n" >>"$CHALLENGE" && |
|
printf "WWW-Authenticate: Basic realm=\"example.com\"\r\n" >>"$CHALLENGE" && |
|
|
|
test_config_global credential.helper test-helper && |
|
git ls-remote "$HTTPD_URL/custom_auth/repo.git" && |
|
|
|
expect_credential_query get <<-EOF && |
|
protocol=http |
|
host=$HTTPD_DEST |
|
wwwauth[]=FooBar param1="value1" param2="value2" |
|
wwwauth[]=Bearer authorize_uri="id.example.com" p=1 q=0 |
|
wwwauth[]=Basic realm="example.com" |
|
EOF |
|
|
|
expect_credential_query store <<-EOF |
|
protocol=http |
|
host=$HTTPD_DEST |
|
username=alice |
|
password=secret-passwd |
|
EOF |
|
' |
|
|
|
test_expect_success 'access using basic auth with wwwauth header mixed line-endings' ' |
|
test_when_finished "per_test_cleanup" && |
|
|
|
set_credential_reply get <<-EOF && |
|
username=alice |
|
password=secret-passwd |
|
EOF |
|
|
|
# Basic base64(alice:secret-passwd) |
|
cat >"$HTTPD_ROOT_PATH/custom-auth.valid" <<-EOF && |
|
Basic YWxpY2U6c2VjcmV0LXBhc3N3ZA== |
|
EOF |
|
|
|
CHALLENGE="$HTTPD_ROOT_PATH/custom-auth.challenge" && |
|
|
|
# Note that leading and trailing whitespace is important to correctly |
|
# simulate a continuation/folded header. |
|
printf "WWW-Authenticate: FooBar param1=\"value1\"\r\n" >"$CHALLENGE" && |
|
printf " \r\n" >>"$CHALLENGE" && |
|
printf "\tparam2=\"value2\"\r\n" >>"$CHALLENGE" && |
|
printf "WWW-Authenticate: Basic realm=\"example.com\"" >>"$CHALLENGE" && |
|
|
|
test_config_global credential.helper test-helper && |
|
git ls-remote "$HTTPD_URL/custom_auth/repo.git" && |
|
|
|
expect_credential_query get <<-EOF && |
|
protocol=http |
|
host=$HTTPD_DEST |
|
wwwauth[]=FooBar param1="value1" param2="value2" |
|
wwwauth[]=Basic realm="example.com" |
|
EOF |
|
|
|
expect_credential_query store <<-EOF |
|
protocol=http |
|
host=$HTTPD_DEST |
|
username=alice |
|
password=secret-passwd |
|
EOF |
|
' |
|
|
|
test_done
|
|
|