projects / thirdparty / git.git / blame
| Commit | Line | Data |
|---|---|---|
| f27491d5 JK |
1 | # Shell library for testing credential handling including helpers. See t0302 |
| 2 | # for an example of testing a specific helper. | |
| abca927d JK |
3 | |
| 4 | # Try a set of credential helpers; the expected stdin, | |
| 5 | # stdout and stderr should be provided on stdin, | |
| 6 | # separated by "--". | |
| 7 | check() { | |
| e30b2feb JRI |
8 | credential_opts= |
| 9 | credential_cmd=$1 | |
| 10 | shift | |
| 11 | for arg in "$@"; do | |
| 12 | credential_opts="$credential_opts -c credential.helper='$arg'" | |
| 13 | done | |
| abca927d JK |
14 | read_chunk >stdin && |
| 15 | read_chunk >expect-stdout && | |
| 16 | read_chunk >expect-stderr && | |
| e30b2feb JRI |
17 | if ! eval "git $credential_opts credential $credential_cmd <stdin >stdout 2>stderr"; then |
| 18 | echo "git credential failed with code $?" && | |
| 19 | cat stderr && | |
| 20 | false | |
| 21 | fi && | |
| abca927d | 22 | test_cmp expect-stdout stdout && |
| 1108cea7 | 23 | test_cmp expect-stderr stderr |
| abca927d JK |
24 | } |
| 25 | ||
| 26 | read_chunk() { | |
| 27 | while read line; do | |
| 28 | case "$line" in | |
| 29 | --) break ;; | |
| 30 | *) echo "$line" ;; | |
| 31 | esac | |
| 32 | done | |
| 33 | } | |
| 34 | ||
| e2770979 JK |
35 | # Clear any residual data from previous tests. We only |
| 36 | # need this when testing third-party helpers which read and | |
| 37 | # write outside of our trash-directory sandbox. | |
| 38 | # | |
| 39 | # Don't bother checking for success here, as it is | |
| 40 | # outside the scope of tests and represents a best effort to | |
| 41 | # clean up after ourselves. | |
| 42 | helper_test_clean() { | |
| 43 | reject $1 https example.com store-user | |
| 44 | reject $1 https example.com user1 | |
| 45 | reject $1 https example.com user2 | |
| 0ce02e2f H |
46 | reject $1 https example.com user-expiry |
| 47 | reject $1 https example.com user-expiry-overwrite | |
| a5c76569 | 48 | reject $1 https example.com user4 |
| aeb21ce2 H |
49 | reject $1 https example.com user-distinct-pass |
| 50 | reject $1 https example.com user-overwrite | |
| 6c26da84 H |
51 | reject $1 https example.com user-erase1 |
| 52 | reject $1 https example.com user-erase2 | |
| 83e6eb7d | 53 | reject $1 https victim.example.com user |
| e2770979 JK |
54 | reject $1 http path.tld user |
| 55 | reject $1 https timeout.tld user | |
| 3c90bda6 | 56 | reject $1 https sso.tld |
| e2770979 JK |
57 | } |
| 58 | ||
| 59 | reject() { | |
| 60 | ( | |
| 61 | echo protocol=$2 | |
| 62 | echo host=$3 | |
| 63 | echo username=$4 | |
| e30b2feb | 64 | ) | git -c credential.helper=$1 credential reject |
| e2770979 JK |
65 | } |
| 66 | ||
| 67 | helper_test() { | |
| 68 | HELPER=$1 | |
| 69 | ||
| 70 | test_expect_success "helper ($HELPER) has no existing data" ' | |
| 71 | check fill $HELPER <<-\EOF | |
| 72 | protocol=https | |
| 73 | host=example.com | |
| 74 | -- | |
| 2d6dc182 MM |
75 | protocol=https |
| 76 | host=example.com | |
| e2770979 JK |
77 | username=askpass-username |
| 78 | password=askpass-password | |
| 79 | -- | |
| 80 | askpass: Username for '\''https://example.com'\'': | |
| 81 | askpass: Password for '\''https://askpass-username@example.com'\'': | |
| 82 | EOF | |
| 83 | ' | |
| 84 | ||
| 85 | test_expect_success "helper ($HELPER) stores password" ' | |
| 86 | check approve $HELPER <<-\EOF | |
| 87 | protocol=https | |
| 88 | host=example.com | |
| 89 | username=store-user | |
| 90 | password=store-pass | |
| 91 | EOF | |
| 92 | ' | |
| 93 | ||
| 94 | test_expect_success "helper ($HELPER) can retrieve password" ' | |
| 95 | check fill $HELPER <<-\EOF | |
| 96 | protocol=https | |
| 97 | host=example.com | |
| 98 | -- | |
| 2d6dc182 MM |
99 | protocol=https |
| 100 | host=example.com | |
| e2770979 JK |
101 | username=store-user |
| 102 | password=store-pass | |
| 103 | -- | |
| 104 | EOF | |
| 105 | ' | |
| 106 | ||
| 107 | test_expect_success "helper ($HELPER) requires matching protocol" ' | |
| 108 | check fill $HELPER <<-\EOF | |
| 109 | protocol=http | |
| 110 | host=example.com | |
| 111 | -- | |
| 2d6dc182 MM |
112 | protocol=http |
| 113 | host=example.com | |
| e2770979 JK |
114 | username=askpass-username |
| 115 | password=askpass-password | |
| 116 | -- | |
| 117 | askpass: Username for '\''http://example.com'\'': | |
| 118 | askpass: Password for '\''http://askpass-username@example.com'\'': | |
| 119 | EOF | |
| 120 | ' | |
| 121 | ||
| 122 | test_expect_success "helper ($HELPER) requires matching host" ' | |
| 123 | check fill $HELPER <<-\EOF | |
| 124 | protocol=https | |
| 125 | host=other.tld | |
| 126 | -- | |
| 2d6dc182 MM |
127 | protocol=https |
| 128 | host=other.tld | |
| e2770979 JK |
129 | username=askpass-username |
| 130 | password=askpass-password | |
| 131 | -- | |
| 132 | askpass: Username for '\''https://other.tld'\'': | |
| 133 | askpass: Password for '\''https://askpass-username@other.tld'\'': | |
| 134 | EOF | |
| 135 | ' | |
| 136 | ||
| 137 | test_expect_success "helper ($HELPER) requires matching username" ' | |
| 138 | check fill $HELPER <<-\EOF | |
| 139 | protocol=https | |
| 140 | host=example.com | |
| 141 | username=other | |
| 142 | -- | |
| 2d6dc182 MM |
143 | protocol=https |
| 144 | host=example.com | |
| e2770979 JK |
145 | username=other |
| 146 | password=askpass-password | |
| 147 | -- | |
| 148 | askpass: Password for '\''https://other@example.com'\'': | |
| 149 | EOF | |
| 150 | ' | |
| 151 | ||
| 152 | test_expect_success "helper ($HELPER) requires matching path" ' | |
| 153 | test_config credential.usehttppath true && | |
| 154 | check approve $HELPER <<-\EOF && | |
| 155 | protocol=http | |
| 156 | host=path.tld | |
| 157 | path=foo.git | |
| 158 | username=user | |
| 159 | password=pass | |
| 160 | EOF | |
| 161 | check fill $HELPER <<-\EOF | |
| 162 | protocol=http | |
| 163 | host=path.tld | |
| 164 | path=bar.git | |
| 165 | -- | |
| 2d6dc182 MM |
166 | protocol=http |
| 167 | host=path.tld | |
| 168 | path=bar.git | |
| e2770979 JK |
169 | username=askpass-username |
| 170 | password=askpass-password | |
| 171 | -- | |
| 172 | askpass: Username for '\''http://path.tld/bar.git'\'': | |
| 173 | askpass: Password for '\''http://askpass-username@path.tld/bar.git'\'': | |
| 174 | EOF | |
| 175 | ' | |
| 176 | ||
| aeb21ce2 H |
177 | test_expect_success "helper ($HELPER) overwrites on store" ' |
| 178 | check approve $HELPER <<-\EOF && | |
| 179 | protocol=https | |
| 180 | host=example.com | |
| 181 | username=user-overwrite | |
| 182 | password=pass1 | |
| 183 | EOF | |
| 184 | check approve $HELPER <<-\EOF && | |
| 185 | protocol=https | |
| 186 | host=example.com | |
| 187 | username=user-overwrite | |
| 188 | password=pass2 | |
| 189 | EOF | |
| 190 | check fill $HELPER <<-\EOF && | |
| 191 | protocol=https | |
| 192 | host=example.com | |
| 193 | username=user-overwrite | |
| 194 | -- | |
| 195 | protocol=https | |
| 196 | host=example.com | |
| 197 | username=user-overwrite | |
| 198 | password=pass2 | |
| 199 | EOF | |
| 200 | check reject $HELPER <<-\EOF && | |
| 201 | protocol=https | |
| 202 | host=example.com | |
| 203 | username=user-overwrite | |
| 204 | password=pass2 | |
| 205 | EOF | |
| 206 | check fill $HELPER <<-\EOF | |
| 207 | protocol=https | |
| 208 | host=example.com | |
| 209 | username=user-overwrite | |
| 210 | -- | |
| 211 | protocol=https | |
| 212 | host=example.com | |
| 213 | username=user-overwrite | |
| 214 | password=askpass-password | |
| 215 | -- | |
| 216 | askpass: Password for '\''https://user-overwrite@example.com'\'': | |
| 217 | EOF | |
| 218 | ' | |
| 219 | ||
| e2770979 JK |
220 | test_expect_success "helper ($HELPER) can forget host" ' |
| 221 | check reject $HELPER <<-\EOF && | |
| 222 | protocol=https | |
| 223 | host=example.com | |
| 224 | EOF | |
| 225 | check fill $HELPER <<-\EOF | |
| 226 | protocol=https | |
| 227 | host=example.com | |
| 228 | -- | |
| 2d6dc182 MM |
229 | protocol=https |
| 230 | host=example.com | |
| e2770979 JK |
231 | username=askpass-username |
| 232 | password=askpass-password | |
| 233 | -- | |
| 234 | askpass: Username for '\''https://example.com'\'': | |
| 235 | askpass: Password for '\''https://askpass-username@example.com'\'': | |
| 236 | EOF | |
| 237 | ' | |
| 238 | ||
| 239 | test_expect_success "helper ($HELPER) can store multiple users" ' | |
| 240 | check approve $HELPER <<-\EOF && | |
| 241 | protocol=https | |
| 242 | host=example.com | |
| 243 | username=user1 | |
| 244 | password=pass1 | |
| 245 | EOF | |
| 246 | check approve $HELPER <<-\EOF && | |
| 247 | protocol=https | |
| 248 | host=example.com | |
| 249 | username=user2 | |
| 250 | password=pass2 | |
| 251 | EOF | |
| 252 | check fill $HELPER <<-\EOF && | |
| 253 | protocol=https | |
| 254 | host=example.com | |
| 255 | username=user1 | |
| 256 | -- | |
| 2d6dc182 MM |
257 | protocol=https |
| 258 | host=example.com | |
| e2770979 JK |
259 | username=user1 |
| 260 | password=pass1 | |
| 261 | EOF | |
| 262 | check fill $HELPER <<-\EOF | |
| 263 | protocol=https | |
| 264 | host=example.com | |
| 265 | username=user2 | |
| 266 | -- | |
| 2d6dc182 MM |
267 | protocol=https |
| 268 | host=example.com | |
| e2770979 JK |
269 | username=user2 |
| 270 | password=pass2 | |
| 271 | EOF | |
| 272 | ' | |
| 273 | ||
| aeb21ce2 H |
274 | test_expect_success "helper ($HELPER) does not erase a password distinct from input" ' |
| 275 | check approve $HELPER <<-\EOF && | |
| 276 | protocol=https | |
| 277 | host=example.com | |
| 278 | username=user-distinct-pass | |
| 279 | password=pass1 | |
| 280 | EOF | |
| 281 | check reject $HELPER <<-\EOF && | |
| 282 | protocol=https | |
| 283 | host=example.com | |
| 284 | username=user-distinct-pass | |
| 285 | password=pass2 | |
| 286 | EOF | |
| 287 | check fill $HELPER <<-\EOF | |
| 288 | protocol=https | |
| 289 | host=example.com | |
| 290 | username=user-distinct-pass | |
| 291 | -- | |
| 292 | protocol=https | |
| 293 | host=example.com | |
| 294 | username=user-distinct-pass | |
| 295 | password=pass1 | |
| 296 | EOF | |
| 297 | ' | |
| 298 | ||
| e2770979 JK |
299 | test_expect_success "helper ($HELPER) can forget user" ' |
| 300 | check reject $HELPER <<-\EOF && | |
| 301 | protocol=https | |
| 302 | host=example.com | |
| 303 | username=user1 | |
| 304 | EOF | |
| 305 | check fill $HELPER <<-\EOF | |
| 306 | protocol=https | |
| 307 | host=example.com | |
| 308 | username=user1 | |
| 309 | -- | |
| 2d6dc182 MM |
310 | protocol=https |
| 311 | host=example.com | |
| e2770979 JK |
312 | username=user1 |
| 313 | password=askpass-password | |
| 314 | -- | |
| 315 | askpass: Password for '\''https://user1@example.com'\'': | |
| 316 | EOF | |
| 317 | ' | |
| 318 | ||
| 319 | test_expect_success "helper ($HELPER) remembers other user" ' | |
| 320 | check fill $HELPER <<-\EOF | |
| 321 | protocol=https | |
| 322 | host=example.com | |
| 323 | username=user2 | |
| 324 | -- | |
| 2d6dc182 MM |
325 | protocol=https |
| 326 | host=example.com | |
| e2770979 JK |
327 | username=user2 |
| 328 | password=pass2 | |
| 329 | EOF | |
| 330 | ' | |
| 3c90bda6 JB |
331 | |
| 332 | test_expect_success "helper ($HELPER) can store empty username" ' | |
| 333 | check approve $HELPER <<-\EOF && | |
| 334 | protocol=https | |
| 335 | host=sso.tld | |
| 336 | username= | |
| 337 | password= | |
| 338 | EOF | |
| 339 | check fill $HELPER <<-\EOF | |
| 340 | protocol=https | |
| 341 | host=sso.tld | |
| 342 | -- | |
| 343 | protocol=https | |
| 344 | host=sso.tld | |
| 345 | username= | |
| 346 | password= | |
| 347 | EOF | |
| 348 | ' | |
| 71201ab0 | 349 | |
| 6c26da84 H |
350 | test_expect_success "helper ($HELPER) erases all matching credentials" ' |
| 351 | check approve $HELPER <<-\EOF && | |
| 352 | protocol=https | |
| 353 | host=example.com | |
| 354 | username=user-erase1 | |
| 355 | password=pass1 | |
| 356 | EOF | |
| 357 | check approve $HELPER <<-\EOF && | |
| 358 | protocol=https | |
| 359 | host=example.com | |
| 360 | username=user-erase2 | |
| 361 | password=pass1 | |
| 362 | EOF | |
| 363 | check reject $HELPER <<-\EOF && | |
| 364 | protocol=https | |
| 365 | host=example.com | |
| 366 | EOF | |
| 367 | check fill $HELPER <<-\EOF | |
| 368 | protocol=https | |
| 369 | host=example.com | |
| 370 | -- | |
| 371 | protocol=https | |
| 372 | host=example.com | |
| 373 | username=askpass-username | |
| 374 | password=askpass-password | |
| 375 | -- | |
| 376 | askpass: Username for '\''https://example.com'\'': | |
| 377 | askpass: Password for '\''https://askpass-username@example.com'\'': | |
| 378 | EOF | |
| 379 | ' | |
| 380 | ||
| 71201ab0 TB |
381 | : ${GIT_TEST_LONG_CRED_BUFFER:=1024} |
| 382 | # 23 bytes accounts for "wwwauth[]=basic realm=" plus NUL | |
| 383 | LONG_VALUE_LEN=$((GIT_TEST_LONG_CRED_BUFFER - 23)) | |
| 384 | LONG_VALUE=$(perl -e 'print "a" x shift' $LONG_VALUE_LEN) | |
| 385 | ||
| 386 | test_expect_success "helper ($HELPER) not confused by long header" ' | |
| 387 | check approve $HELPER <<-\EOF && | |
| 388 | protocol=https | |
| 389 | host=victim.example.com | |
| 390 | username=user | |
| 391 | password=to-be-stolen | |
| 392 | EOF | |
| 393 | ||
| 394 | check fill $HELPER <<-EOF | |
| 395 | protocol=https | |
| 396 | host=badguy.example.com | |
| 397 | wwwauth[]=basic realm=${LONG_VALUE}host=victim.example.com | |
| 398 | -- | |
| 399 | protocol=https | |
| 400 | host=badguy.example.com | |
| 401 | username=askpass-username | |
| 402 | password=askpass-password | |
| 403 | wwwauth[]=basic realm=${LONG_VALUE}host=victim.example.com | |
| 404 | -- | |
| 405 | askpass: Username for '\''https://badguy.example.com'\'': | |
| 406 | askpass: Password for '\''https://askpass-username@badguy.example.com'\'': | |
| 407 | EOF | |
| 408 | ' | |
| e2770979 JK |
409 | } |
| 410 | ||
| 411 | helper_test_timeout() { | |
| 412 | HELPER="$*" | |
| 413 | ||
| 414 | test_expect_success "helper ($HELPER) times out" ' | |
| 415 | check approve "$HELPER" <<-\EOF && | |
| 416 | protocol=https | |
| 417 | host=timeout.tld | |
| 418 | username=user | |
| 419 | password=pass | |
| 420 | EOF | |
| 421 | sleep 2 && | |
| 422 | check fill "$HELPER" <<-\EOF | |
| 423 | protocol=https | |
| 424 | host=timeout.tld | |
| 425 | -- | |
| 2d6dc182 MM |
426 | protocol=https |
| 427 | host=timeout.tld | |
| e2770979 JK |
428 | username=askpass-username |
| 429 | password=askpass-password | |
| 430 | -- | |
| 431 | askpass: Username for '\''https://timeout.tld'\'': | |
| 432 | askpass: Password for '\''https://askpass-username@timeout.tld'\'': | |
| 433 | EOF | |
| 434 | ' | |
| 435 | } | |
| abca927d | 436 | |
| 0ce02e2f H |
437 | helper_test_password_expiry_utc() { |
| 438 | HELPER=$1 | |
| 439 | ||
| 440 | test_expect_success "helper ($HELPER) stores password_expiry_utc" ' | |
| 441 | check approve $HELPER <<-\EOF | |
| 442 | protocol=https | |
| 443 | host=example.com | |
| 444 | username=user-expiry | |
| 445 | password=pass | |
| 446 | password_expiry_utc=9999999999 | |
| 447 | EOF | |
| 448 | ' | |
| 449 | ||
| 450 | test_expect_success "helper ($HELPER) gets password_expiry_utc" ' | |
| 451 | check fill $HELPER <<-\EOF | |
| 452 | protocol=https | |
| 453 | host=example.com | |
| 454 | username=user-expiry | |
| 455 | -- | |
| 456 | protocol=https | |
| 457 | host=example.com | |
| 458 | username=user-expiry | |
| 459 | password=pass | |
| 460 | password_expiry_utc=9999999999 | |
| 461 | -- | |
| 462 | EOF | |
| 463 | ' | |
| 464 | ||
| 465 | test_expect_success "helper ($HELPER) overwrites when password_expiry_utc changes" ' | |
| 466 | check approve $HELPER <<-\EOF && | |
| 467 | protocol=https | |
| 468 | host=example.com | |
| 469 | username=user-expiry-overwrite | |
| 470 | password=pass1 | |
| 471 | password_expiry_utc=9999999998 | |
| 472 | EOF | |
| 473 | check approve $HELPER <<-\EOF && | |
| 474 | protocol=https | |
| 475 | host=example.com | |
| 476 | username=user-expiry-overwrite | |
| 477 | password=pass2 | |
| 478 | password_expiry_utc=9999999999 | |
| 479 | EOF | |
| 480 | check fill $HELPER <<-\EOF && | |
| 481 | protocol=https | |
| 482 | host=example.com | |
| 483 | username=user-expiry-overwrite | |
| 484 | -- | |
| 485 | protocol=https | |
| 486 | host=example.com | |
| 487 | username=user-expiry-overwrite | |
| 488 | password=pass2 | |
| 489 | password_expiry_utc=9999999999 | |
| 490 | EOF | |
| 491 | check reject $HELPER <<-\EOF && | |
| 492 | protocol=https | |
| 493 | host=example.com | |
| 494 | username=user-expiry-overwrite | |
| 495 | password=pass2 | |
| 496 | EOF | |
| 497 | check fill $HELPER <<-\EOF | |
| 498 | protocol=https | |
| 499 | host=example.com | |
| 500 | username=user-expiry-overwrite | |
| 501 | -- | |
| 502 | protocol=https | |
| 503 | host=example.com | |
| 504 | username=user-expiry-overwrite | |
| 505 | password=askpass-password | |
| 506 | -- | |
| 507 | askpass: Password for '\''https://user-expiry-overwrite@example.com'\'': | |
| 508 | EOF | |
| 509 | ' | |
| 510 | } | |
| 511 | ||
| a5c76569 H |
512 | helper_test_oauth_refresh_token() { |
| 513 | HELPER=$1 | |
| 514 | ||
| 515 | test_expect_success "helper ($HELPER) stores oauth_refresh_token" ' | |
| 516 | check approve $HELPER <<-\EOF | |
| 517 | protocol=https | |
| 518 | host=example.com | |
| 519 | username=user4 | |
| 520 | password=pass | |
| 521 | oauth_refresh_token=xyzzy | |
| 522 | EOF | |
| 523 | ' | |
| 524 | ||
| 525 | test_expect_success "helper ($HELPER) gets oauth_refresh_token" ' | |
| 526 | check fill $HELPER <<-\EOF | |
| 527 | protocol=https | |
| 528 | host=example.com | |
| 529 | username=user4 | |
| 530 | -- | |
| 531 | protocol=https | |
| 532 | host=example.com | |
| 533 | username=user4 | |
| 534 | password=pass | |
| 535 | oauth_refresh_token=xyzzy | |
| 536 | -- | |
| 537 | EOF | |
| 538 | ' | |
| 539 | } | |
| 540 | ||
| c049216f | 541 | write_script askpass <<\EOF |
| abca927d | 542 | echo >&2 askpass: $* |
| 5a435202 | 543 | what=$(echo $1 | cut -d" " -f1 | tr A-Z a-z | tr -cd a-z) |
| abca927d JK |
544 | echo "askpass-$what" |
| 545 | EOF | |
| abca927d JK |
546 | GIT_ASKPASS="$PWD/askpass" |
| 547 | export GIT_ASKPASS |