]> git.ipfire.org Git - thirdparty/git.git/blob - t/lib-credential.sh
projects / thirdparty / git.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
rebase: allow overriding the maximal length of the generated labels
[thirdparty/git.git] / t / lib-credential.sh
1 # Shell library for testing credential handling including helpers. See t0302
2 # for an example of testing a specific helper.
3
4 # Try a set of credential helpers; the expected stdin,
5 # stdout and stderr should be provided on stdin,
6 # separated by "--".
7 check() {
8 credential_opts=
9 credential_cmd=$1
10 shift
11 for arg in "$@"; do
12 credential_opts="$credential_opts -c credential.helper='$arg'"
13 done
14 read_chunk >stdin &&
15 read_chunk >expect-stdout &&
16 read_chunk >expect-stderr &&
17 if ! eval "git $credential_opts credential $credential_cmd <stdin >stdout 2>stderr"; then
18 echo "git credential failed with code $?" &&
19 cat stderr &&
20 false
21 fi &&
22 test_cmp expect-stdout stdout &&
23 test_cmp expect-stderr stderr
24 }
25
26 read_chunk() {
27 while read line; do
28 case "$line" in
29 --) break ;;
30 *) echo "$line" ;;
31 esac
32 done
33 }
34
35 # Clear any residual data from previous tests. We only
36 # need this when testing third-party helpers which read and
37 # write outside of our trash-directory sandbox.
38 #
39 # Don't bother checking for success here, as it is
40 # outside the scope of tests and represents a best effort to
41 # clean up after ourselves.
42 helper_test_clean() {
43 reject $1 https example.com store-user
44 reject $1 https example.com user1
45 reject $1 https example.com user2
46 reject $1 https example.com user4
47 reject $1 http path.tld user
48 reject $1 https timeout.tld user
49 reject $1 https sso.tld
50 }
51
52 reject() {
53 (
54 echo protocol=$2
55 echo host=$3
56 echo username=$4
57 ) | git -c credential.helper=$1 credential reject
58 }
59
60 helper_test() {
61 HELPER=$1
62
63 test_expect_success "helper ($HELPER) has no existing data" '
64 check fill $HELPER <<-\EOF
65 protocol=https
66 host=example.com
67 --
68 protocol=https
69 host=example.com
70 username=askpass-username
71 password=askpass-password
72 --
73 askpass: Username for '\''https://example.com'\'':
74 askpass: Password for '\''https://askpass-username@example.com'\'':
75 EOF
76 '
77
78 test_expect_success "helper ($HELPER) stores password" '
79 check approve $HELPER <<-\EOF
80 protocol=https
81 host=example.com
82 username=store-user
83 password=store-pass
84 EOF
85 '
86
87 test_expect_success "helper ($HELPER) can retrieve password" '
88 check fill $HELPER <<-\EOF
89 protocol=https
90 host=example.com
91 --
92 protocol=https
93 host=example.com
94 username=store-user
95 password=store-pass
96 --
97 EOF
98 '
99
100 test_expect_success "helper ($HELPER) requires matching protocol" '
101 check fill $HELPER <<-\EOF
102 protocol=http
103 host=example.com
104 --
105 protocol=http
106 host=example.com
107 username=askpass-username
108 password=askpass-password
109 --
110 askpass: Username for '\''http://example.com'\'':
111 askpass: Password for '\''http://askpass-username@example.com'\'':
112 EOF
113 '
114
115 test_expect_success "helper ($HELPER) requires matching host" '
116 check fill $HELPER <<-\EOF
117 protocol=https
118 host=other.tld
119 --
120 protocol=https
121 host=other.tld
122 username=askpass-username
123 password=askpass-password
124 --
125 askpass: Username for '\''https://other.tld'\'':
126 askpass: Password for '\''https://askpass-username@other.tld'\'':
127 EOF
128 '
129
130 test_expect_success "helper ($HELPER) requires matching username" '
131 check fill $HELPER <<-\EOF
132 protocol=https
133 host=example.com
134 username=other
135 --
136 protocol=https
137 host=example.com
138 username=other
139 password=askpass-password
140 --
141 askpass: Password for '\''https://other@example.com'\'':
142 EOF
143 '
144
145 test_expect_success "helper ($HELPER) requires matching path" '
146 test_config credential.usehttppath true &&
147 check approve $HELPER <<-\EOF &&
148 protocol=http
149 host=path.tld
150 path=foo.git
151 username=user
152 password=pass
153 EOF
154 check fill $HELPER <<-\EOF
155 protocol=http
156 host=path.tld
157 path=bar.git
158 --
159 protocol=http
160 host=path.tld
161 path=bar.git
162 username=askpass-username
163 password=askpass-password
164 --
165 askpass: Username for '\''http://path.tld/bar.git'\'':
166 askpass: Password for '\''http://askpass-username@path.tld/bar.git'\'':
167 EOF
168 '
169
170 test_expect_success "helper ($HELPER) can forget host" '
171 check reject $HELPER <<-\EOF &&
172 protocol=https
173 host=example.com
174 EOF
175 check fill $HELPER <<-\EOF
176 protocol=https
177 host=example.com
178 --
179 protocol=https
180 host=example.com
181 username=askpass-username
182 password=askpass-password
183 --
184 askpass: Username for '\''https://example.com'\'':
185 askpass: Password for '\''https://askpass-username@example.com'\'':
186 EOF
187 '
188
189 test_expect_success "helper ($HELPER) can store multiple users" '
190 check approve $HELPER <<-\EOF &&
191 protocol=https
192 host=example.com
193 username=user1
194 password=pass1
195 EOF
196 check approve $HELPER <<-\EOF &&
197 protocol=https
198 host=example.com
199 username=user2
200 password=pass2
201 EOF
202 check fill $HELPER <<-\EOF &&
203 protocol=https
204 host=example.com
205 username=user1
206 --
207 protocol=https
208 host=example.com
209 username=user1
210 password=pass1
211 EOF
212 check fill $HELPER <<-\EOF
213 protocol=https
214 host=example.com
215 username=user2
216 --
217 protocol=https
218 host=example.com
219 username=user2
220 password=pass2
221 EOF
222 '
223
224 test_expect_success "helper ($HELPER) can forget user" '
225 check reject $HELPER <<-\EOF &&
226 protocol=https
227 host=example.com
228 username=user1
229 EOF
230 check fill $HELPER <<-\EOF
231 protocol=https
232 host=example.com
233 username=user1
234 --
235 protocol=https
236 host=example.com
237 username=user1
238 password=askpass-password
239 --
240 askpass: Password for '\''https://user1@example.com'\'':
241 EOF
242 '
243
244 test_expect_success "helper ($HELPER) remembers other user" '
245 check fill $HELPER <<-\EOF
246 protocol=https
247 host=example.com
248 username=user2
249 --
250 protocol=https
251 host=example.com
252 username=user2
253 password=pass2
254 EOF
255 '
256
257 test_expect_success "helper ($HELPER) can store empty username" '
258 check approve $HELPER <<-\EOF &&
259 protocol=https
260 host=sso.tld
261 username=
262 password=
263 EOF
264 check fill $HELPER <<-\EOF
265 protocol=https
266 host=sso.tld
267 --
268 protocol=https
269 host=sso.tld
270 username=
271 password=
272 EOF
273 '
274
275 : ${GIT_TEST_LONG_CRED_BUFFER:=1024}
276 # 23 bytes accounts for "wwwauth[]=basic realm=" plus NUL
277 LONG_VALUE_LEN=$((GIT_TEST_LONG_CRED_BUFFER - 23))
278 LONG_VALUE=$(perl -e 'print "a" x shift' $LONG_VALUE_LEN)
279
280 test_expect_success "helper ($HELPER) not confused by long header" '
281 check approve $HELPER <<-\EOF &&
282 protocol=https
283 host=victim.example.com
284 username=user
285 password=to-be-stolen
286 EOF
287
288 check fill $HELPER <<-EOF
289 protocol=https
290 host=badguy.example.com
291 wwwauth[]=basic realm=${LONG_VALUE}host=victim.example.com
292 --
293 protocol=https
294 host=badguy.example.com
295 username=askpass-username
296 password=askpass-password
297 wwwauth[]=basic realm=${LONG_VALUE}host=victim.example.com
298 --
299 askpass: Username for '\''https://badguy.example.com'\'':
300 askpass: Password for '\''https://askpass-username@badguy.example.com'\'':
301 EOF
302 '
303 }
304
305 helper_test_timeout() {
306 HELPER="$*"
307
308 test_expect_success "helper ($HELPER) times out" '
309 check approve "$HELPER" <<-\EOF &&
310 protocol=https
311 host=timeout.tld
312 username=user
313 password=pass
314 EOF
315 sleep 2 &&
316 check fill "$HELPER" <<-\EOF
317 protocol=https
318 host=timeout.tld
319 --
320 protocol=https
321 host=timeout.tld
322 username=askpass-username
323 password=askpass-password
324 --
325 askpass: Username for '\''https://timeout.tld'\'':
326 askpass: Password for '\''https://askpass-username@timeout.tld'\'':
327 EOF
328 '
329 }
330
331 helper_test_oauth_refresh_token() {
332 HELPER=$1
333
334 test_expect_success "helper ($HELPER) stores oauth_refresh_token" '
335 check approve $HELPER <<-\EOF
336 protocol=https
337 host=example.com
338 username=user4
339 password=pass
340 oauth_refresh_token=xyzzy
341 EOF
342 '
343
344 test_expect_success "helper ($HELPER) gets oauth_refresh_token" '
345 check fill $HELPER <<-\EOF
346 protocol=https
347 host=example.com
348 username=user4
349 --
350 protocol=https
351 host=example.com
352 username=user4
353 password=pass
354 oauth_refresh_token=xyzzy
355 --
356 EOF
357 '
358 }
359
360 write_script askpass <<\EOF
361 echo >&2 askpass: $*
362 what=$(echo $1 | cut -d" " -f1 | tr A-Z a-z | tr -cd a-z)
363 echo "askpass-$what"
364 EOF
365 GIT_ASKPASS="$PWD/askpass"
366 export GIT_ASKPASS
Unnamed repository; edit this file 'description' to name the repository.