| #!/bin/sh |
| |
| test_description='test http auth header and credential helper interop' |
| |
| . ./test-lib.sh |
| . "$TEST_DIRECTORY"/lib-httpd.sh |
| |
| enable_cgipassauth |
| if ! test_have_prereq CGIPASSAUTH |
| then |
| skip_all="no CGIPassAuth support" |
| test_done |
| fi |
| start_httpd |
| |
| test_expect_success 'setup_credential_helper' ' |
| mkdir "$TRASH_DIRECTORY/bin" && |
| PATH=$PATH:"$TRASH_DIRECTORY/bin" && |
| export PATH && |
| |
| CREDENTIAL_HELPER="$TRASH_DIRECTORY/bin/git-credential-test-helper" && |
| write_script "$CREDENTIAL_HELPER" <<-\EOF |
| cmd=$1 |
| teefile=$cmd-query.cred |
| catfile=$cmd-reply.cred |
| sed -n -e "/^$/q" -e "p" >>$teefile |
| if test "$cmd" = "get" |
| then |
| cat $catfile |
| fi |
| EOF |
| ' |
| |
| set_credential_reply () { |
| cat >"$TRASH_DIRECTORY/$1-reply.cred" |
| } |
| |
| expect_credential_query () { |
| cat >"$TRASH_DIRECTORY/$1-expect.cred" && |
| test_cmp "$TRASH_DIRECTORY/$1-expect.cred" \ |
| "$TRASH_DIRECTORY/$1-query.cred" |
| } |
| |
| per_test_cleanup () { |
| rm -f *.cred && |
| rm -f "$HTTPD_ROOT_PATH"/custom-auth.valid \ |
| "$HTTPD_ROOT_PATH"/custom-auth.challenge |
| } |
| |
| test_expect_success 'setup repository' ' |
| test_commit foo && |
| git init --bare "$HTTPD_DOCUMENT_ROOT_PATH/repo.git" && |
| git push --mirror "$HTTPD_DOCUMENT_ROOT_PATH/repo.git" |
| ' |
| |
| test_expect_success 'access using basic auth' ' |
| test_when_finished "per_test_cleanup" && |
| |
| set_credential_reply get <<-EOF && |
| username=alice |
| password=secret-passwd |
| EOF |
| |
| # Basic base64(alice:secret-passwd) |
| cat >"$HTTPD_ROOT_PATH/custom-auth.valid" <<-EOF && |
| Basic YWxpY2U6c2VjcmV0LXBhc3N3ZA== |
| EOF |
| |
| cat >"$HTTPD_ROOT_PATH/custom-auth.challenge" <<-EOF && |
| WWW-Authenticate: Basic realm="example.com" |
| EOF |
| |
| test_config_global credential.helper test-helper && |
| git ls-remote "$HTTPD_URL/custom_auth/repo.git" && |
| |
| expect_credential_query get <<-EOF && |
| protocol=http |
| host=$HTTPD_DEST |
| wwwauth[]=Basic realm="example.com" |
| EOF |
| |
| expect_credential_query store <<-EOF |
| protocol=http |
| host=$HTTPD_DEST |
| username=alice |
| password=secret-passwd |
| EOF |
| ' |
| |
| test_expect_success 'access using basic auth invalid credentials' ' |
| test_when_finished "per_test_cleanup" && |
| |
| set_credential_reply get <<-EOF && |
| username=baduser |
| password=wrong-passwd |
| EOF |
| |
| # Basic base64(alice:secret-passwd) |
| cat >"$HTTPD_ROOT_PATH/custom-auth.valid" <<-EOF && |
| Basic YWxpY2U6c2VjcmV0LXBhc3N3ZA== |
| EOF |
| |
| cat >"$HTTPD_ROOT_PATH/custom-auth.challenge" <<-EOF && |
| WWW-Authenticate: Basic realm="example.com" |
| EOF |
| |
| test_config_global credential.helper test-helper && |
| test_must_fail git ls-remote "$HTTPD_URL/custom_auth/repo.git" && |
| |
| expect_credential_query get <<-EOF && |
| protocol=http |
| host=$HTTPD_DEST |
| wwwauth[]=Basic realm="example.com" |
| EOF |
| |
| expect_credential_query erase <<-EOF |
| protocol=http |
| host=$HTTPD_DEST |
| username=baduser |
| password=wrong-passwd |
| wwwauth[]=Basic realm="example.com" |
| EOF |
| ' |
| |
| test_expect_success 'access using basic auth with extra challenges' ' |
| test_when_finished "per_test_cleanup" && |
| |
| set_credential_reply get <<-EOF && |
| username=alice |
| password=secret-passwd |
| EOF |
| |
| # Basic base64(alice:secret-passwd) |
| cat >"$HTTPD_ROOT_PATH/custom-auth.valid" <<-EOF && |
| Basic YWxpY2U6c2VjcmV0LXBhc3N3ZA== |
| EOF |
| |
| cat >"$HTTPD_ROOT_PATH/custom-auth.challenge" <<-EOF && |
| WWW-Authenticate: FooBar param1="value1" param2="value2" |
| WWW-Authenticate: Bearer authorize_uri="id.example.com" p=1 q=0 |
| WWW-Authenticate: Basic realm="example.com" |
| EOF |
| |
| test_config_global credential.helper test-helper && |
| git ls-remote "$HTTPD_URL/custom_auth/repo.git" && |
| |
| expect_credential_query get <<-EOF && |
| protocol=http |
| host=$HTTPD_DEST |
| wwwauth[]=FooBar param1="value1" param2="value2" |
| wwwauth[]=Bearer authorize_uri="id.example.com" p=1 q=0 |
| wwwauth[]=Basic realm="example.com" |
| EOF |
| |
| expect_credential_query store <<-EOF |
| protocol=http |
| host=$HTTPD_DEST |
| username=alice |
| password=secret-passwd |
| EOF |
| ' |
| |
| test_expect_success 'access using basic auth mixed-case wwwauth header name' ' |
| test_when_finished "per_test_cleanup" && |
| |
| set_credential_reply get <<-EOF && |
| username=alice |
| password=secret-passwd |
| EOF |
| |
| # Basic base64(alice:secret-passwd) |
| cat >"$HTTPD_ROOT_PATH/custom-auth.valid" <<-EOF && |
| Basic YWxpY2U6c2VjcmV0LXBhc3N3ZA== |
| EOF |
| |
| cat >"$HTTPD_ROOT_PATH/custom-auth.challenge" <<-EOF && |
| www-authenticate: foobar param1="value1" param2="value2" |
| WWW-AUTHENTICATE: BEARER authorize_uri="id.example.com" p=1 q=0 |
| WwW-aUtHeNtIcAtE: baSiC realm="example.com" |
| EOF |
| |
| test_config_global credential.helper test-helper && |
| git ls-remote "$HTTPD_URL/custom_auth/repo.git" && |
| |
| expect_credential_query get <<-EOF && |
| protocol=http |
| host=$HTTPD_DEST |
| wwwauth[]=foobar param1="value1" param2="value2" |
| wwwauth[]=BEARER authorize_uri="id.example.com" p=1 q=0 |
| wwwauth[]=baSiC realm="example.com" |
| EOF |
| |
| expect_credential_query store <<-EOF |
| protocol=http |
| host=$HTTPD_DEST |
| username=alice |
| password=secret-passwd |
| EOF |
| ' |
| |
| test_expect_success 'access using basic auth with wwwauth header continuations' ' |
| test_when_finished "per_test_cleanup" && |
| |
| set_credential_reply get <<-EOF && |
| username=alice |
| password=secret-passwd |
| EOF |
| |
| # Basic base64(alice:secret-passwd) |
| cat >"$HTTPD_ROOT_PATH/custom-auth.valid" <<-EOF && |
| Basic YWxpY2U6c2VjcmV0LXBhc3N3ZA== |
| EOF |
| |
| # Note that leading and trailing whitespace is important to correctly |
| # simulate a continuation/folded header. |
| cat >"$HTTPD_ROOT_PATH/custom-auth.challenge" <<-EOF && |
| WWW-Authenticate: FooBar param1="value1" |
| param2="value2" |
| WWW-Authenticate: Bearer authorize_uri="id.example.com" |
| p=1 |
| q=0 |
| WWW-Authenticate: Basic realm="example.com" |
| EOF |
| |
| test_config_global credential.helper test-helper && |
| git ls-remote "$HTTPD_URL/custom_auth/repo.git" && |
| |
| expect_credential_query get <<-EOF && |
| protocol=http |
| host=$HTTPD_DEST |
| wwwauth[]=FooBar param1="value1" param2="value2" |
| wwwauth[]=Bearer authorize_uri="id.example.com" p=1 q=0 |
| wwwauth[]=Basic realm="example.com" |
| EOF |
| |
| expect_credential_query store <<-EOF |
| protocol=http |
| host=$HTTPD_DEST |
| username=alice |
| password=secret-passwd |
| EOF |
| ' |
| |
| test_expect_success 'access using basic auth with wwwauth header empty continuations' ' |
| test_when_finished "per_test_cleanup" && |
| |
| set_credential_reply get <<-EOF && |
| username=alice |
| password=secret-passwd |
| EOF |
| |
| # Basic base64(alice:secret-passwd) |
| cat >"$HTTPD_ROOT_PATH/custom-auth.valid" <<-EOF && |
| Basic YWxpY2U6c2VjcmV0LXBhc3N3ZA== |
| EOF |
| |
| CHALLENGE="$HTTPD_ROOT_PATH/custom-auth.challenge" && |
| |
| # Note that leading and trailing whitespace is important to correctly |
| # simulate a continuation/folded header. |
| printf "WWW-Authenticate: FooBar param1=\"value1\"\r\n" >"$CHALLENGE" && |
| printf " \r\n" >>"$CHALLENGE" && |
| printf " param2=\"value2\"\r\n" >>"$CHALLENGE" && |
| printf "WWW-Authenticate: Bearer authorize_uri=\"id.example.com\"\r\n" >>"$CHALLENGE" && |
| printf " p=1\r\n" >>"$CHALLENGE" && |
| printf " \r\n" >>"$CHALLENGE" && |
| printf " q=0\r\n" >>"$CHALLENGE" && |
| printf "WWW-Authenticate: Basic realm=\"example.com\"\r\n" >>"$CHALLENGE" && |
| |
| test_config_global credential.helper test-helper && |
| git ls-remote "$HTTPD_URL/custom_auth/repo.git" && |
| |
| expect_credential_query get <<-EOF && |
| protocol=http |
| host=$HTTPD_DEST |
| wwwauth[]=FooBar param1="value1" param2="value2" |
| wwwauth[]=Bearer authorize_uri="id.example.com" p=1 q=0 |
| wwwauth[]=Basic realm="example.com" |
| EOF |
| |
| expect_credential_query store <<-EOF |
| protocol=http |
| host=$HTTPD_DEST |
| username=alice |
| password=secret-passwd |
| EOF |
| ' |
| |
| test_expect_success 'access using basic auth with wwwauth header mixed line-endings' ' |
| test_when_finished "per_test_cleanup" && |
| |
| set_credential_reply get <<-EOF && |
| username=alice |
| password=secret-passwd |
| EOF |
| |
| # Basic base64(alice:secret-passwd) |
| cat >"$HTTPD_ROOT_PATH/custom-auth.valid" <<-EOF && |
| Basic YWxpY2U6c2VjcmV0LXBhc3N3ZA== |
| EOF |
| |
| CHALLENGE="$HTTPD_ROOT_PATH/custom-auth.challenge" && |
| |
| # Note that leading and trailing whitespace is important to correctly |
| # simulate a continuation/folded header. |
| printf "WWW-Authenticate: FooBar param1=\"value1\"\r\n" >"$CHALLENGE" && |
| printf " \r\n" >>"$CHALLENGE" && |
| printf "\tparam2=\"value2\"\r\n" >>"$CHALLENGE" && |
| printf "WWW-Authenticate: Basic realm=\"example.com\"" >>"$CHALLENGE" && |
| |
| test_config_global credential.helper test-helper && |
| git ls-remote "$HTTPD_URL/custom_auth/repo.git" && |
| |
| expect_credential_query get <<-EOF && |
| protocol=http |
| host=$HTTPD_DEST |
| wwwauth[]=FooBar param1="value1" param2="value2" |
| wwwauth[]=Basic realm="example.com" |
| EOF |
| |
| expect_credential_query store <<-EOF |
| protocol=http |
| host=$HTTPD_DEST |
| username=alice |
| password=secret-passwd |
| EOF |
| ' |
| |
| test_done |
