]> git.ipfire.org Git - thirdparty/git.git/blob - t/t0300-credentials.sh
projects / thirdparty / git.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge branch 'es/maintenance-of-bare-repositories'
[thirdparty/git.git] / t / t0300-credentials.sh
1 #!/bin/sh
2
3 test_description='basic credential helper tests'
4 . ./test-lib.sh
5 . "$TEST_DIRECTORY"/lib-credential.sh
6
7 test_expect_success 'setup helper scripts' '
8 cat >dump <<-\EOF &&
9 whoami=$(echo $0 | sed s/.*git-credential-//)
10 echo >&2 "$whoami: $*"
11 OIFS=$IFS
12 IFS==
13 while read key value; do
14 echo >&2 "$whoami: $key=$value"
15 eval "$key=$value"
16 done
17 IFS=$OIFS
18 EOF
19
20 write_script git-credential-useless <<-\EOF &&
21 . ./dump
22 exit 0
23 EOF
24
25 write_script git-credential-quit <<-\EOF &&
26 . ./dump
27 echo quit=1
28 EOF
29
30 write_script git-credential-verbatim <<-\EOF &&
31 user=$1; shift
32 pass=$1; shift
33 . ./dump
34 test -z "$user" || echo username=$user
35 test -z "$pass" || echo password=$pass
36 EOF
37
38 PATH="$PWD:$PATH"
39 '
40
41 test_expect_success 'credential_fill invokes helper' '
42 check fill "verbatim foo bar" <<-\EOF
43 protocol=http
44 host=example.com
45 --
46 protocol=http
47 host=example.com
48 username=foo
49 password=bar
50 --
51 verbatim: get
52 verbatim: protocol=http
53 verbatim: host=example.com
54 EOF
55 '
56
57 test_expect_success 'credential_fill invokes multiple helpers' '
58 check fill useless "verbatim foo bar" <<-\EOF
59 protocol=http
60 host=example.com
61 --
62 protocol=http
63 host=example.com
64 username=foo
65 password=bar
66 --
67 useless: get
68 useless: protocol=http
69 useless: host=example.com
70 verbatim: get
71 verbatim: protocol=http
72 verbatim: host=example.com
73 EOF
74 '
75
76 test_expect_success 'credential_fill stops when we get a full response' '
77 check fill "verbatim one two" "verbatim three four" <<-\EOF
78 protocol=http
79 host=example.com
80 --
81 protocol=http
82 host=example.com
83 username=one
84 password=two
85 --
86 verbatim: get
87 verbatim: protocol=http
88 verbatim: host=example.com
89 EOF
90 '
91
92 test_expect_success 'credential_fill continues through partial response' '
93 check fill "verbatim one \"\"" "verbatim two three" <<-\EOF
94 protocol=http
95 host=example.com
96 --
97 protocol=http
98 host=example.com
99 username=two
100 password=three
101 --
102 verbatim: get
103 verbatim: protocol=http
104 verbatim: host=example.com
105 verbatim: get
106 verbatim: protocol=http
107 verbatim: host=example.com
108 verbatim: username=one
109 EOF
110 '
111
112 test_expect_success 'credential_fill passes along metadata' '
113 check fill "verbatim one two" <<-\EOF
114 protocol=ftp
115 host=example.com
116 path=foo.git
117 --
118 protocol=ftp
119 host=example.com
120 path=foo.git
121 username=one
122 password=two
123 --
124 verbatim: get
125 verbatim: protocol=ftp
126 verbatim: host=example.com
127 verbatim: path=foo.git
128 EOF
129 '
130
131 test_expect_success 'credential_approve calls all helpers' '
132 check approve useless "verbatim one two" <<-\EOF
133 protocol=http
134 host=example.com
135 username=foo
136 password=bar
137 --
138 --
139 useless: store
140 useless: protocol=http
141 useless: host=example.com
142 useless: username=foo
143 useless: password=bar
144 verbatim: store
145 verbatim: protocol=http
146 verbatim: host=example.com
147 verbatim: username=foo
148 verbatim: password=bar
149 EOF
150 '
151
152 test_expect_success 'do not bother storing password-less credential' '
153 check approve useless <<-\EOF
154 protocol=http
155 host=example.com
156 username=foo
157 --
158 --
159 EOF
160 '
161
162
163 test_expect_success 'credential_reject calls all helpers' '
164 check reject useless "verbatim one two" <<-\EOF
165 protocol=http
166 host=example.com
167 username=foo
168 password=bar
169 --
170 --
171 useless: erase
172 useless: protocol=http
173 useless: host=example.com
174 useless: username=foo
175 useless: password=bar
176 verbatim: erase
177 verbatim: protocol=http
178 verbatim: host=example.com
179 verbatim: username=foo
180 verbatim: password=bar
181 EOF
182 '
183
184 test_expect_success 'usernames can be preserved' '
185 check fill "verbatim \"\" three" <<-\EOF
186 protocol=http
187 host=example.com
188 username=one
189 --
190 protocol=http
191 host=example.com
192 username=one
193 password=three
194 --
195 verbatim: get
196 verbatim: protocol=http
197 verbatim: host=example.com
198 verbatim: username=one
199 EOF
200 '
201
202 test_expect_success 'usernames can be overridden' '
203 check fill "verbatim two three" <<-\EOF
204 protocol=http
205 host=example.com
206 username=one
207 --
208 protocol=http
209 host=example.com
210 username=two
211 password=three
212 --
213 verbatim: get
214 verbatim: protocol=http
215 verbatim: host=example.com
216 verbatim: username=one
217 EOF
218 '
219
220 test_expect_success 'do not bother completing already-full credential' '
221 check fill "verbatim three four" <<-\EOF
222 protocol=http
223 host=example.com
224 username=one
225 password=two
226 --
227 protocol=http
228 host=example.com
229 username=one
230 password=two
231 --
232 EOF
233 '
234
235 # We can't test the basic terminal password prompt here because
236 # getpass() tries too hard to find the real terminal. But if our
237 # askpass helper is run, we know the internal getpass is working.
238 test_expect_success 'empty helper list falls back to internal getpass' '
239 check fill <<-\EOF
240 protocol=http
241 host=example.com
242 --
243 protocol=http
244 host=example.com
245 username=askpass-username
246 password=askpass-password
247 --
248 askpass: Username for '\''http://example.com'\'':
249 askpass: Password for '\''http://askpass-username@example.com'\'':
250 EOF
251 '
252
253 test_expect_success 'internal getpass does not ask for known username' '
254 check fill <<-\EOF
255 protocol=http
256 host=example.com
257 username=foo
258 --
259 protocol=http
260 host=example.com
261 username=foo
262 password=askpass-password
263 --
264 askpass: Password for '\''http://foo@example.com'\'':
265 EOF
266 '
267
268 test_expect_success 'git-credential respects core.askPass' '
269 write_script alternate-askpass <<-\EOF &&
270 echo >&2 "alternate askpass invoked"
271 echo alternate-value
272 EOF
273 test_config core.askpass "$PWD/alternate-askpass" &&
274 (
275 # unset GIT_ASKPASS set by lib-credential.sh which would
276 # override our config, but do so in a subshell so that we do
277 # not interfere with other tests
278 sane_unset GIT_ASKPASS &&
279 check fill <<-\EOF
280 protocol=http
281 host=example.com
282 --
283 protocol=http
284 host=example.com
285 username=alternate-value
286 password=alternate-value
287 --
288 alternate askpass invoked
289 alternate askpass invoked
290 EOF
291 )
292 '
293
294 HELPER="!f() {
295 cat >/dev/null
296 echo username=foo
297 echo password=bar
298 }; f"
299 test_expect_success 'respect configured credentials' '
300 test_config credential.helper "$HELPER" &&
301 check fill <<-\EOF
302 protocol=http
303 host=example.com
304 --
305 protocol=http
306 host=example.com
307 username=foo
308 password=bar
309 --
310 EOF
311 '
312
313 test_expect_success 'match configured credential' '
314 test_config credential.https://example.com.helper "$HELPER" &&
315 check fill <<-\EOF
316 protocol=https
317 host=example.com
318 path=repo.git
319 --
320 protocol=https
321 host=example.com
322 username=foo
323 password=bar
324 --
325 EOF
326 '
327
328 test_expect_success 'do not match configured credential' '
329 test_config credential.https://foo.helper "$HELPER" &&
330 check fill <<-\EOF
331 protocol=https
332 host=bar
333 --
334 protocol=https
335 host=bar
336 username=askpass-username
337 password=askpass-password
338 --
339 askpass: Username for '\''https://bar'\'':
340 askpass: Password for '\''https://askpass-username@bar'\'':
341 EOF
342 '
343
344 test_expect_success 'match multiple configured helpers' '
345 test_config credential.helper "verbatim \"\" \"\"" &&
346 test_config credential.https://example.com.helper "$HELPER" &&
347 check fill <<-\EOF
348 protocol=https
349 host=example.com
350 path=repo.git
351 --
352 protocol=https
353 host=example.com
354 username=foo
355 password=bar
356 --
357 verbatim: get
358 verbatim: protocol=https
359 verbatim: host=example.com
360 EOF
361 '
362
363 test_expect_success 'match multiple configured helpers with URLs' '
364 test_config credential.https://example.com/repo.git.helper "verbatim \"\" \"\"" &&
365 test_config credential.https://example.com.helper "$HELPER" &&
366 check fill <<-\EOF
367 protocol=https
368 host=example.com
369 path=repo.git
370 --
371 protocol=https
372 host=example.com
373 username=foo
374 password=bar
375 --
376 verbatim: get
377 verbatim: protocol=https
378 verbatim: host=example.com
379 EOF
380 '
381
382 test_expect_success 'match percent-encoded values' '
383 test_config credential.https://example.com/%2566.git.helper "$HELPER" &&
384 check fill <<-\EOF
385 url=https://example.com/%2566.git
386 --
387 protocol=https
388 host=example.com
389 username=foo
390 password=bar
391 --
392 EOF
393 '
394
395 test_expect_success 'match percent-encoded UTF-8 values in path' '
396 test_config credential.https://example.com.useHttpPath true &&
397 test_config credential.https://example.com/perú.git.helper "$HELPER" &&
398 check fill <<-\EOF
399 url=https://example.com/per%C3%BA.git
400 --
401 protocol=https
402 host=example.com
403 path=perú.git
404 username=foo
405 password=bar
406 --
407 EOF
408 '
409
410 test_expect_success 'match percent-encoded values in username' '
411 test_config credential.https://user%2fname@example.com/foo/bar.git.helper "$HELPER" &&
412 check fill <<-\EOF
413 url=https://user%2fname@example.com/foo/bar.git
414 --
415 protocol=https
416 host=example.com
417 username=foo
418 password=bar
419 --
420 EOF
421 '
422
423 test_expect_success 'fetch with multiple path components' '
424 test_unconfig credential.helper &&
425 test_config credential.https://example.com/foo/repo.git.helper "verbatim foo bar" &&
426 check fill <<-\EOF
427 url=https://example.com/foo/repo.git
428 --
429 protocol=https
430 host=example.com
431 username=foo
432 password=bar
433 --
434 verbatim: get
435 verbatim: protocol=https
436 verbatim: host=example.com
437 EOF
438 '
439
440 test_expect_success 'pull username from config' '
441 test_config credential.https://example.com.username foo &&
442 check fill <<-\EOF
443 protocol=https
444 host=example.com
445 --
446 protocol=https
447 host=example.com
448 username=foo
449 password=askpass-password
450 --
451 askpass: Password for '\''https://foo@example.com'\'':
452 EOF
453 '
454
455 test_expect_success 'honors username from URL over helper (URL)' '
456 test_config credential.https://example.com.username bob &&
457 test_config credential.https://example.com.helper "verbatim \"\" bar" &&
458 check fill <<-\EOF
459 url=https://alice@example.com
460 --
461 protocol=https
462 host=example.com
463 username=alice
464 password=bar
465 --
466 verbatim: get
467 verbatim: protocol=https
468 verbatim: host=example.com
469 verbatim: username=alice
470 EOF
471 '
472
473 test_expect_success 'honors username from URL over helper (components)' '
474 test_config credential.https://example.com.username bob &&
475 test_config credential.https://example.com.helper "verbatim \"\" bar" &&
476 check fill <<-\EOF
477 protocol=https
478 host=example.com
479 username=alice
480 --
481 protocol=https
482 host=example.com
483 username=alice
484 password=bar
485 --
486 verbatim: get
487 verbatim: protocol=https
488 verbatim: host=example.com
489 verbatim: username=alice
490 EOF
491 '
492
493 test_expect_success 'last matching username wins' '
494 test_config credential.https://example.com/path.git.username bob &&
495 test_config credential.https://example.com.username alice &&
496 test_config credential.https://example.com.helper "verbatim \"\" bar" &&
497 check fill <<-\EOF
498 url=https://example.com/path.git
499 --
500 protocol=https
501 host=example.com
502 username=alice
503 password=bar
504 --
505 verbatim: get
506 verbatim: protocol=https
507 verbatim: host=example.com
508 verbatim: username=alice
509 EOF
510 '
511
512 test_expect_success 'http paths can be part of context' '
513 check fill "verbatim foo bar" <<-\EOF &&
514 protocol=https
515 host=example.com
516 path=foo.git
517 --
518 protocol=https
519 host=example.com
520 username=foo
521 password=bar
522 --
523 verbatim: get
524 verbatim: protocol=https
525 verbatim: host=example.com
526 EOF
527 test_config credential.https://example.com.useHttpPath true &&
528 check fill "verbatim foo bar" <<-\EOF
529 protocol=https
530 host=example.com
531 path=foo.git
532 --
533 protocol=https
534 host=example.com
535 path=foo.git
536 username=foo
537 password=bar
538 --
539 verbatim: get
540 verbatim: protocol=https
541 verbatim: host=example.com
542 verbatim: path=foo.git
543 EOF
544 '
545
546 test_expect_success 'context uses urlmatch' '
547 test_config "credential.https://*.org.useHttpPath" true &&
548 check fill "verbatim foo bar" <<-\EOF
549 protocol=https
550 host=example.org
551 path=foo.git
552 --
553 protocol=https
554 host=example.org
555 path=foo.git
556 username=foo
557 password=bar
558 --
559 verbatim: get
560 verbatim: protocol=https
561 verbatim: host=example.org
562 verbatim: path=foo.git
563 EOF
564 '
565
566 test_expect_success 'helpers can abort the process' '
567 test_must_fail git \
568 -c credential.helper=quit \
569 -c credential.helper="verbatim foo bar" \
570 credential fill >stdout 2>stderr <<-\EOF &&
571 protocol=http
572 host=example.com
573 EOF
574 test_must_be_empty stdout &&
575 cat >expect <<-\EOF &&
576 quit: get
577 quit: protocol=http
578 quit: host=example.com
579 fatal: credential helper '\''quit'\'' told us to quit
580 EOF
581 test_cmp expect stderr
582 '
583
584 test_expect_success 'empty helper spec resets helper list' '
585 test_config credential.helper "verbatim file file" &&
586 check fill "" "verbatim cmdline cmdline" <<-\EOF
587 protocol=http
588 host=example.com
589 --
590 protocol=http
591 host=example.com
592 username=cmdline
593 password=cmdline
594 --
595 verbatim: get
596 verbatim: protocol=http
597 verbatim: host=example.com
598 EOF
599 '
600
601 test_expect_success 'url parser rejects embedded newlines' '
602 test_must_fail git credential fill 2>stderr <<-\EOF &&
603 url=https://one.example.com?%0ahost=two.example.com/
604 EOF
605 cat >expect <<-\EOF &&
606 warning: url contains a newline in its path component: https://one.example.com?%0ahost=two.example.com/
607 fatal: credential url cannot be parsed: https://one.example.com?%0ahost=two.example.com/
608 EOF
609 test_cmp expect stderr
610 '
611
612 test_expect_success 'host-less URLs are parsed as empty host' '
613 check fill "verbatim foo bar" <<-\EOF
614 url=cert:///path/to/cert.pem
615 --
616 protocol=cert
617 host=
618 path=path/to/cert.pem
619 username=foo
620 password=bar
621 --
622 verbatim: get
623 verbatim: protocol=cert
624 verbatim: host=
625 verbatim: path=path/to/cert.pem
626 EOF
627 '
628
629 test_expect_success 'credential system refuses to work with missing host' '
630 test_must_fail git credential fill 2>stderr <<-\EOF &&
631 protocol=http
632 EOF
633 cat >expect <<-\EOF &&
634 fatal: refusing to work with credential missing host field
635 EOF
636 test_cmp expect stderr
637 '
638
639 test_expect_success 'credential system refuses to work with missing protocol' '
640 test_must_fail git credential fill 2>stderr <<-\EOF &&
641 host=example.com
642 EOF
643 cat >expect <<-\EOF &&
644 fatal: refusing to work with credential missing protocol field
645 EOF
646 test_cmp expect stderr
647 '
648
649 # usage: check_host_and_path <url> <expected-host> <expected-path>
650 check_host_and_path () {
651 # we always parse the path component, but we need this to make sure it
652 # is passed to the helper
653 test_config credential.useHTTPPath true &&
654 check fill "verbatim user pass" <<-EOF
655 url=$1
656 --
657 protocol=https
658 host=$2
659 path=$3
660 username=user
661 password=pass
662 --
663 verbatim: get
664 verbatim: protocol=https
665 verbatim: host=$2
666 verbatim: path=$3
667 EOF
668 }
669
670 test_expect_success 'url parser handles bare query marker' '
671 check_host_and_path https://example.com?foo.git example.com ?foo.git
672 '
673
674 test_expect_success 'url parser handles bare fragment marker' '
675 check_host_and_path https://example.com#foo.git example.com "#foo.git"
676 '
677
678 test_expect_success 'url parser not confused by encoded markers' '
679 check_host_and_path https://example.com%23%3f%2f/foo.git \
680 "example.com#?/" foo.git
681 '
682
683 test_expect_success 'credential config with partial URLs' '
684 echo "echo password=yep" | write_script git-credential-yep &&
685 test_write_lines url=https://user@example.com/repo.git >stdin &&
686 for partial in \
687 example.com \
688 user@example.com \
689 https:// \
690 https://example.com \
691 https://example.com/ \
692 https://user@example.com \
693 https://user@example.com/ \
694 https://example.com/repo.git \
695 https://user@example.com/repo.git \
696 /repo.git
697 do
698 git -c credential.$partial.helper=yep \
699 credential fill <stdin >stdout &&
700 grep yep stdout ||
701 return 1
702 done &&
703
704 for partial in \
705 dont.use.this \
706 http:// \
707 /repo
708 do
709 git -c credential.$partial.helper=yep \
710 credential fill <stdin >stdout &&
711 ! grep yep stdout ||
712 return 1
713 done &&
714
715 git -c credential.$partial.helper=yep \
716 -c credential.with%0anewline.username=uh-oh \
717 credential fill <stdin >stdout 2>stderr &&
718 test_i18ngrep "skipping credential lookup for key" stderr
719 '
720
721 test_done
Unnamed repository; edit this file 'description' to name the repository.