t5551: test that GIT_TRACE_CURL redacts password

Verify that when GIT_TRACE_CURL is set, Git prints out "Authorization:
Basic <redacted>" instead of the base64-encoded authorization details.

Signed-off-by: Jonathan Tan <jonathantanmy@google.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

diff --git a/t/t5551-http-fetch-smart.sh b/t/t5551-http-fetch-smart.sh
index 6788aefaceb8b01d9f9914a3a096b2a6bddec1df..acc8473a72a8e7fb01635a825bf98bbc592c6bb8 100755 (executable)
--- a/t/t5551-http-fetch-smart.sh
+++ b/t/t5551-http-fetch-smart.sh
@@ -185,6 +185,18 @@ test_expect_success 'redirects send auth to new location' '
        expect_askpass both user@host auth/smart/repo.git
 '
 
+test_expect_success 'GIT_TRACE_CURL redacts auth details' '
+       rm -rf redact-auth trace &&
+       set_askpass user@host pass@host &&
+       GIT_TRACE_CURL="$(pwd)/trace" git clone --bare "$HTTPD_URL/auth/smart/repo.git" redact-auth &&
+       expect_askpass both user@host &&
+
+       # Ensure that there is no "Basic" followed by a base64 string, but that
+       # the auth details are redacted
+       ! grep "Authorization: Basic [0-9a-zA-Z+/]" trace &&
+       grep "Authorization: Basic <redacted>" trace
+'
+
 test_expect_success 'disable dumb http on server' '
        git --git-dir="$HTTPD_DOCUMENT_ROOT_PATH/repo.git" \
                config http.getanyfile false