From: Junio C Hamano <gitster@pobox.com>
Date: Mon, 13 Jun 2022 22:53:42 +0000 (-0700)
Subject: Merge branch 'ds/credentials-in-url'
X-Git-Tag: v2.37.0-rc0~7
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=11698e551ce0590af6d7ce1f5b683eca27e68ab3;p=thirdparty%2Fgit.git

Merge branch 'ds/credentials-in-url'

The "fetch.credentialsInUrl" configuration variable controls what
happens when a URL with embedded login credential is used.

* ds/credentials-in-url:
  remote: create fetch.credentialsInUrl config
---

11698e551ce0590af6d7ce1f5b683eca27e68ab3
diff --cc t/t5516-fetch-push.sh
index e99c31f8c3,a67acc3263..dedca106a7
--- a/t/t5516-fetch-push.sh
+++ b/t/t5516-fetch-push.sh
@@@ -1825,12 -1810,35 +1826,43 @@@ test_expect_success 'refuse fetch to cu
  	git -C bare.git fetch -u .. HEAD:wt
  '
  
 +test_expect_success 'refuse to push a hidden ref, and make sure do not pollute the repository' '
 +	mk_empty testrepo &&
 +	git -C testrepo config receive.hiderefs refs/hidden &&
 +	git -C testrepo config receive.unpackLimit 1 &&
 +	test_must_fail git push testrepo HEAD:refs/hidden/foo &&
 +	test_dir_is_empty testrepo/.git/objects/pack
 +'
 +
+ test_expect_success 'fetch warns or fails when using username:password' '
+ 	message="URL '\''https://username:<redacted>@localhost/'\'' uses plaintext credentials" &&
+ 	test_must_fail git -c fetch.credentialsInUrl=allow fetch https://username:password@localhost 2>err &&
+ 	! grep "$message" err &&
+ 
+ 	test_must_fail git -c fetch.credentialsInUrl=warn fetch https://username:password@localhost 2>err &&
+ 	grep "warning: $message" err >warnings &&
+ 	test_line_count = 3 warnings &&
+ 
+ 	test_must_fail git -c fetch.credentialsInUrl=die fetch https://username:password@localhost 2>err &&
+ 	grep "fatal: $message" err >warnings &&
+ 	test_line_count = 1 warnings &&
+ 
+ 	test_must_fail git -c fetch.credentialsInUrl=die fetch https://username:@localhost 2>err &&
+ 	grep "fatal: $message" err >warnings &&
+ 	test_line_count = 1 warnings
+ '
+ 
+ 
+ test_expect_success 'push warns or fails when using username:password' '
+ 	message="URL '\''https://username:<redacted>@localhost/'\'' uses plaintext credentials" &&
+ 	test_must_fail git -c fetch.credentialsInUrl=allow push https://username:password@localhost 2>err &&
+ 	! grep "$message" err &&
+ 
+ 	test_must_fail git -c fetch.credentialsInUrl=warn push https://username:password@localhost 2>err &&
+ 	grep "warning: $message" err >warnings &&
+ 	test_must_fail git -c fetch.credentialsInUrl=die push https://username:password@localhost 2>err &&
+ 	grep "fatal: $message" err >warnings &&
+ 	test_line_count = 1 warnings
+ '
+ 
  test_done