]> git.ipfire.org Git - thirdparty/git.git/blob - t/t0300-credentials.sh
commit-graph: avoid memory leaks
[thirdparty/git.git] / t / t0300-credentials.sh
1 #!/bin/sh
2
3 test_description='basic credential helper tests'
4 . ./test-lib.sh
5 . "$TEST_DIRECTORY"/lib-credential.sh
6
7 test_expect_success 'setup helper scripts' '
8 cat >dump <<-\EOF &&
9 whoami=$(echo $0 | sed s/.*git-credential-//)
10 echo >&2 "$whoami: $*"
11 OIFS=$IFS
12 IFS==
13 while read key value; do
14 echo >&2 "$whoami: $key=$value"
15 eval "$key=$value"
16 done
17 IFS=$OIFS
18 EOF
19
20 write_script git-credential-useless <<-\EOF &&
21 . ./dump
22 exit 0
23 EOF
24
25 write_script git-credential-verbatim <<-\EOF &&
26 user=$1; shift
27 pass=$1; shift
28 . ./dump
29 test -z "$user" || echo username=$user
30 test -z "$pass" || echo password=$pass
31 EOF
32
33 PATH="$PWD:$PATH"
34 '
35
36 test_expect_success 'credential_fill invokes helper' '
37 check fill "verbatim foo bar" <<-\EOF
38 --
39 username=foo
40 password=bar
41 --
42 verbatim: get
43 EOF
44 '
45
46 test_expect_success 'credential_fill invokes multiple helpers' '
47 check fill useless "verbatim foo bar" <<-\EOF
48 --
49 username=foo
50 password=bar
51 --
52 useless: get
53 verbatim: get
54 EOF
55 '
56
57 test_expect_success 'credential_fill stops when we get a full response' '
58 check fill "verbatim one two" "verbatim three four" <<-\EOF
59 --
60 username=one
61 password=two
62 --
63 verbatim: get
64 EOF
65 '
66
67 test_expect_success 'credential_fill continues through partial response' '
68 check fill "verbatim one \"\"" "verbatim two three" <<-\EOF
69 --
70 username=two
71 password=three
72 --
73 verbatim: get
74 verbatim: get
75 verbatim: username=one
76 EOF
77 '
78
79 test_expect_success 'credential_fill passes along metadata' '
80 check fill "verbatim one two" <<-\EOF
81 protocol=ftp
82 host=example.com
83 path=foo.git
84 --
85 protocol=ftp
86 host=example.com
87 path=foo.git
88 username=one
89 password=two
90 --
91 verbatim: get
92 verbatim: protocol=ftp
93 verbatim: host=example.com
94 verbatim: path=foo.git
95 EOF
96 '
97
98 test_expect_success 'credential_approve calls all helpers' '
99 check approve useless "verbatim one two" <<-\EOF
100 username=foo
101 password=bar
102 --
103 --
104 useless: store
105 useless: username=foo
106 useless: password=bar
107 verbatim: store
108 verbatim: username=foo
109 verbatim: password=bar
110 EOF
111 '
112
113 test_expect_success 'do not bother storing password-less credential' '
114 check approve useless <<-\EOF
115 username=foo
116 --
117 --
118 EOF
119 '
120
121
122 test_expect_success 'credential_reject calls all helpers' '
123 check reject useless "verbatim one two" <<-\EOF
124 username=foo
125 password=bar
126 --
127 --
128 useless: erase
129 useless: username=foo
130 useless: password=bar
131 verbatim: erase
132 verbatim: username=foo
133 verbatim: password=bar
134 EOF
135 '
136
137 test_expect_success 'usernames can be preserved' '
138 check fill "verbatim \"\" three" <<-\EOF
139 username=one
140 --
141 username=one
142 password=three
143 --
144 verbatim: get
145 verbatim: username=one
146 EOF
147 '
148
149 test_expect_success 'usernames can be overridden' '
150 check fill "verbatim two three" <<-\EOF
151 username=one
152 --
153 username=two
154 password=three
155 --
156 verbatim: get
157 verbatim: username=one
158 EOF
159 '
160
161 test_expect_success 'do not bother completing already-full credential' '
162 check fill "verbatim three four" <<-\EOF
163 username=one
164 password=two
165 --
166 username=one
167 password=two
168 --
169 EOF
170 '
171
172 # We can't test the basic terminal password prompt here because
173 # getpass() tries too hard to find the real terminal. But if our
174 # askpass helper is run, we know the internal getpass is working.
175 test_expect_success 'empty helper list falls back to internal getpass' '
176 check fill <<-\EOF
177 --
178 username=askpass-username
179 password=askpass-password
180 --
181 askpass: Username:
182 askpass: Password:
183 EOF
184 '
185
186 test_expect_success 'internal getpass does not ask for known username' '
187 check fill <<-\EOF
188 username=foo
189 --
190 username=foo
191 password=askpass-password
192 --
193 askpass: Password:
194 EOF
195 '
196
197 HELPER="!f() {
198 cat >/dev/null
199 echo username=foo
200 echo password=bar
201 }; f"
202 test_expect_success 'respect configured credentials' '
203 test_config credential.helper "$HELPER" &&
204 check fill <<-\EOF
205 --
206 username=foo
207 password=bar
208 --
209 EOF
210 '
211
212 test_expect_success 'match configured credential' '
213 test_config credential.https://example.com.helper "$HELPER" &&
214 check fill <<-\EOF
215 protocol=https
216 host=example.com
217 path=repo.git
218 --
219 protocol=https
220 host=example.com
221 username=foo
222 password=bar
223 --
224 EOF
225 '
226
227 test_expect_success 'do not match configured credential' '
228 test_config credential.https://foo.helper "$HELPER" &&
229 check fill <<-\EOF
230 protocol=https
231 host=bar
232 --
233 protocol=https
234 host=bar
235 username=askpass-username
236 password=askpass-password
237 --
238 askpass: Username for '\''https://bar'\'':
239 askpass: Password for '\''https://askpass-username@bar'\'':
240 EOF
241 '
242
243 test_expect_success 'match multiple configured helpers' '
244 test_config credential.helper "verbatim \"\" \"\"" &&
245 test_config credential.https://example.com.helper "$HELPER" &&
246 check fill <<-\EOF
247 protocol=https
248 host=example.com
249 path=repo.git
250 --
251 protocol=https
252 host=example.com
253 username=foo
254 password=bar
255 --
256 verbatim: get
257 verbatim: protocol=https
258 verbatim: host=example.com
259 EOF
260 '
261
262 test_expect_success 'match multiple configured helpers with URLs' '
263 test_config credential.https://example.com/repo.git.helper "verbatim \"\" \"\"" &&
264 test_config credential.https://example.com.helper "$HELPER" &&
265 check fill <<-\EOF
266 protocol=https
267 host=example.com
268 path=repo.git
269 --
270 protocol=https
271 host=example.com
272 username=foo
273 password=bar
274 --
275 verbatim: get
276 verbatim: protocol=https
277 verbatim: host=example.com
278 EOF
279 '
280
281 test_expect_success 'match percent-encoded values' '
282 test_config credential.https://example.com/%2566.git.helper "$HELPER" &&
283 check fill <<-\EOF
284 url=https://example.com/%2566.git
285 --
286 protocol=https
287 host=example.com
288 username=foo
289 password=bar
290 --
291 EOF
292 '
293
294 test_expect_success 'pull username from config' '
295 test_config credential.https://example.com.username foo &&
296 check fill <<-\EOF
297 protocol=https
298 host=example.com
299 --
300 protocol=https
301 host=example.com
302 username=foo
303 password=askpass-password
304 --
305 askpass: Password for '\''https://foo@example.com'\'':
306 EOF
307 '
308
309 test_expect_success 'honors username from URL over helper (URL)' '
310 test_config credential.https://example.com.username bob &&
311 test_config credential.https://example.com.helper "verbatim \"\" bar" &&
312 check fill <<-\EOF
313 url=https://alice@example.com
314 --
315 protocol=https
316 host=example.com
317 username=alice
318 password=bar
319 --
320 verbatim: get
321 verbatim: protocol=https
322 verbatim: host=example.com
323 verbatim: username=alice
324 EOF
325 '
326
327 test_expect_success 'honors username from URL over helper (components)' '
328 test_config credential.https://example.com.username bob &&
329 test_config credential.https://example.com.helper "verbatim \"\" bar" &&
330 check fill <<-\EOF
331 protocol=https
332 host=example.com
333 username=alice
334 --
335 protocol=https
336 host=example.com
337 username=alice
338 password=bar
339 --
340 verbatim: get
341 verbatim: protocol=https
342 verbatim: host=example.com
343 verbatim: username=alice
344 EOF
345 '
346
347 test_expect_success 'last matching username wins' '
348 test_config credential.https://example.com/path.git.username bob &&
349 test_config credential.https://example.com.username alice &&
350 test_config credential.https://example.com.helper "verbatim \"\" bar" &&
351 check fill <<-\EOF
352 url=https://example.com/path.git
353 --
354 protocol=https
355 host=example.com
356 username=alice
357 password=bar
358 --
359 verbatim: get
360 verbatim: protocol=https
361 verbatim: host=example.com
362 verbatim: username=alice
363 EOF
364 '
365
366 test_expect_success 'http paths can be part of context' '
367 check fill "verbatim foo bar" <<-\EOF &&
368 protocol=https
369 host=example.com
370 path=foo.git
371 --
372 protocol=https
373 host=example.com
374 username=foo
375 password=bar
376 --
377 verbatim: get
378 verbatim: protocol=https
379 verbatim: host=example.com
380 EOF
381 test_config credential.https://example.com.useHttpPath true &&
382 check fill "verbatim foo bar" <<-\EOF
383 protocol=https
384 host=example.com
385 path=foo.git
386 --
387 protocol=https
388 host=example.com
389 path=foo.git
390 username=foo
391 password=bar
392 --
393 verbatim: get
394 verbatim: protocol=https
395 verbatim: host=example.com
396 verbatim: path=foo.git
397 EOF
398 '
399
400 test_expect_success 'context uses urlmatch' '
401 test_config "credential.https://*.org.useHttpPath" true &&
402 check fill "verbatim foo bar" <<-\EOF
403 protocol=https
404 host=example.org
405 path=foo.git
406 --
407 protocol=https
408 host=example.org
409 path=foo.git
410 username=foo
411 password=bar
412 --
413 verbatim: get
414 verbatim: protocol=https
415 verbatim: host=example.org
416 verbatim: path=foo.git
417 EOF
418 '
419
420 test_expect_success 'helpers can abort the process' '
421 test_must_fail git \
422 -c credential.helper="!f() { echo quit=1; }; f" \
423 -c credential.helper="verbatim foo bar" \
424 credential fill >stdout &&
425 test_must_be_empty stdout
426 '
427
428 test_expect_success 'empty helper spec resets helper list' '
429 test_config credential.helper "verbatim file file" &&
430 check fill "" "verbatim cmdline cmdline" <<-\EOF
431 --
432 username=cmdline
433 password=cmdline
434 --
435 verbatim: get
436 EOF
437 '
438
439 test_done