[thirdparty/git.git] / t / t0300-credentials.sh

#!/bin/sh

test_description='basic credential helper tests'
. ./test-lib.sh
. "$TEST_DIRECTORY"/lib-credential.sh

test_expect_success 'setup helper scripts' '
	cat >dump <<-\EOF &&
	whoami=$(echo $0 | sed s/.*git-credential-//)
	echo >&2 "$whoami: $*"
	OIFS=$IFS
	IFS==
	while read key value; do
		echo >&2 "$whoami: $key=$value"
		eval "$key=$value"
	done
	IFS=$OIFS
	EOF

	write_script git-credential-useless <<-\EOF &&
	. ./dump
	exit 0
	EOF

	write_script git-credential-quit <<-\EOF &&
	. ./dump
	echo quit=1
	EOF

	write_script git-credential-verbatim <<-\EOF &&
	user=$1; shift
	pass=$1; shift
	. ./dump
	test -z "$user" || echo username=$user
	test -z "$pass" || echo password=$pass
	EOF

	PATH="$PWD:$PATH"
'

test_expect_success 'credential_fill invokes helper' '
	check fill "verbatim foo bar" <<-\EOF
	protocol=http
	host=example.com
	--
	protocol=http
	host=example.com
	username=foo
	password=bar
	--
	verbatim: get
	verbatim: protocol=http
	verbatim: host=example.com
	EOF
'

test_expect_success 'credential_fill invokes multiple helpers' '
	check fill useless "verbatim foo bar" <<-\EOF
	protocol=http
	host=example.com
	--
	protocol=http
	host=example.com
	username=foo
	password=bar
	--
	useless: get
	useless: protocol=http
	useless: host=example.com
	verbatim: get
	verbatim: protocol=http
	verbatim: host=example.com
	EOF
'

test_expect_success 'credential_fill stops when we get a full response' '
	check fill "verbatim one two" "verbatim three four" <<-\EOF
	protocol=http
	host=example.com
	--
	protocol=http
	host=example.com
	username=one
	password=two
	--
	verbatim: get
	verbatim: protocol=http
	verbatim: host=example.com
	EOF
'

test_expect_success 'credential_fill continues through partial response' '
	check fill "verbatim one \"\"" "verbatim two three" <<-\EOF
	protocol=http
	host=example.com
	--
	protocol=http
	host=example.com
	username=two
	password=three
	--
	verbatim: get
	verbatim: protocol=http
	verbatim: host=example.com
	verbatim: get
	verbatim: protocol=http
	verbatim: host=example.com
	verbatim: username=one
	EOF
'

test_expect_success 'credential_fill passes along metadata' '
	check fill "verbatim one two" <<-\EOF
	protocol=ftp
	host=example.com
	path=foo.git
	--
	protocol=ftp
	host=example.com
	path=foo.git
	username=one
	password=two
	--
	verbatim: get
	verbatim: protocol=ftp
	verbatim: host=example.com
	verbatim: path=foo.git
	EOF
'

test_expect_success 'credential_approve calls all helpers' '
	check approve useless "verbatim one two" <<-\EOF
	protocol=http
	host=example.com
	username=foo
	password=bar
	--
	--
	useless: store
	useless: protocol=http
	useless: host=example.com
	useless: username=foo
	useless: password=bar
	verbatim: store
	verbatim: protocol=http
	verbatim: host=example.com
	verbatim: username=foo
	verbatim: password=bar
	EOF
'

test_expect_success 'do not bother storing password-less credential' '
	check approve useless <<-\EOF
	protocol=http
	host=example.com
	username=foo
	--
	--
	EOF
'


test_expect_success 'credential_reject calls all helpers' '
	check reject useless "verbatim one two" <<-\EOF
	protocol=http
	host=example.com
	username=foo
	password=bar
	--
	--
	useless: erase
	useless: protocol=http
	useless: host=example.com
	useless: username=foo
	useless: password=bar
	verbatim: erase
	verbatim: protocol=http
	verbatim: host=example.com
	verbatim: username=foo
	verbatim: password=bar
	EOF
'

test_expect_success 'usernames can be preserved' '
	check fill "verbatim \"\" three" <<-\EOF
	protocol=http
	host=example.com
	username=one
	--
	protocol=http
	host=example.com
	username=one
	password=three
	--
	verbatim: get
	verbatim: protocol=http
	verbatim: host=example.com
	verbatim: username=one
	EOF
'

test_expect_success 'usernames can be overridden' '
	check fill "verbatim two three" <<-\EOF
	protocol=http
	host=example.com
	username=one
	--
	protocol=http
	host=example.com
	username=two
	password=three
	--
	verbatim: get
	verbatim: protocol=http
	verbatim: host=example.com
	verbatim: username=one
	EOF
'

test_expect_success 'do not bother completing already-full credential' '
	check fill "verbatim three four" <<-\EOF
	protocol=http
	host=example.com
	username=one
	password=two
	--
	protocol=http
	host=example.com
	username=one
	password=two
	--
	EOF
'

# We can't test the basic terminal password prompt here because
# getpass() tries too hard to find the real terminal. But if our
# askpass helper is run, we know the internal getpass is working.
test_expect_success 'empty helper list falls back to internal getpass' '
	check fill <<-\EOF
	protocol=http
	host=example.com
	--
	protocol=http
	host=example.com
	username=askpass-username
	password=askpass-password
	--
	askpass: Username for '\''http://example.com'\'':
	askpass: Password for '\''http://askpass-username@example.com'\'':
	EOF
'

test_expect_success 'internal getpass does not ask for known username' '
	check fill <<-\EOF
	protocol=http
	host=example.com
	username=foo
	--
	protocol=http
	host=example.com
	username=foo
	password=askpass-password
	--
	askpass: Password for '\''http://foo@example.com'\'':
	EOF
'

HELPER="!f() {
		cat >/dev/null
		echo username=foo
		echo password=bar
	}; f"
test_expect_success 'respect configured credentials' '
	test_config credential.helper "$HELPER" &&
	check fill <<-\EOF
	protocol=http
	host=example.com
	--
	protocol=http
	host=example.com
	username=foo
	password=bar
	--
	EOF
'

test_expect_success 'match configured credential' '
	test_config credential.https://example.com.helper "$HELPER" &&
	check fill <<-\EOF
	protocol=https
	host=example.com
	path=repo.git
	--
	protocol=https
	host=example.com
	username=foo
	password=bar
	--
	EOF
'

test_expect_success 'do not match configured credential' '
	test_config credential.https://foo.helper "$HELPER" &&
	check fill <<-\EOF
	protocol=https
	host=bar
	--
	protocol=https
	host=bar
	username=askpass-username
	password=askpass-password
	--
	askpass: Username for '\''https://bar'\'':
	askpass: Password for '\''https://askpass-username@bar'\'':
	EOF
'

test_expect_success 'match multiple configured helpers' '
	test_config credential.helper "verbatim \"\" \"\"" &&
	test_config credential.https://example.com.helper "$HELPER" &&
	check fill <<-\EOF
	protocol=https
	host=example.com
	path=repo.git
	--
	protocol=https
	host=example.com
	username=foo
	password=bar
	--
	verbatim: get
	verbatim: protocol=https
	verbatim: host=example.com
	EOF
'

test_expect_success 'match multiple configured helpers with URLs' '
	test_config credential.https://example.com/repo.git.helper "verbatim \"\" \"\"" &&
	test_config credential.https://example.com.helper "$HELPER" &&
	check fill <<-\EOF
	protocol=https
	host=example.com
	path=repo.git
	--
	protocol=https
	host=example.com
	username=foo
	password=bar
	--
	verbatim: get
	verbatim: protocol=https
	verbatim: host=example.com
	EOF
'

test_expect_success 'match percent-encoded values' '
	test_config credential.https://example.com/%2566.git.helper "$HELPER" &&
	check fill <<-\EOF
	url=https://example.com/%2566.git
	--
	protocol=https
	host=example.com
	username=foo
	password=bar
	--
	EOF
'

test_expect_success 'match percent-encoded UTF-8 values in path' '
	test_config credential.https://example.com.useHttpPath true &&
	test_config credential.https://example.com/perú.git.helper "$HELPER" &&
	check fill <<-\EOF
	url=https://example.com/per%C3%BA.git
	--
	protocol=https
	host=example.com
	path=perú.git
	username=foo
	password=bar
	--
	EOF
'

test_expect_success 'match percent-encoded values in username' '
	test_config credential.https://user%2fname@example.com/foo/bar.git.helper "$HELPER" &&
	check fill <<-\EOF
	url=https://user%2fname@example.com/foo/bar.git
	--
	protocol=https
	host=example.com
	username=foo
	password=bar
	--
	EOF
'

test_expect_success 'fetch with multiple path components' '
	test_unconfig credential.helper &&
	test_config credential.https://example.com/foo/repo.git.helper "verbatim foo bar" &&
	check fill <<-\EOF
	url=https://example.com/foo/repo.git
	--
	protocol=https
	host=example.com
	username=foo
	password=bar
	--
	verbatim: get
	verbatim: protocol=https
	verbatim: host=example.com
	EOF
'

test_expect_success 'pull username from config' '
	test_config credential.https://example.com.username foo &&
	check fill <<-\EOF
	protocol=https
	host=example.com
	--
	protocol=https
	host=example.com
	username=foo
	password=askpass-password
	--
	askpass: Password for '\''https://foo@example.com'\'':
	EOF
'

test_expect_success 'honors username from URL over helper (URL)' '
	test_config credential.https://example.com.username bob &&
	test_config credential.https://example.com.helper "verbatim \"\" bar" &&
	check fill <<-\EOF
	url=https://alice@example.com
	--
	protocol=https
	host=example.com
	username=alice
	password=bar
	--
	verbatim: get
	verbatim: protocol=https
	verbatim: host=example.com
	verbatim: username=alice
	EOF
'

test_expect_success 'honors username from URL over helper (components)' '
	test_config credential.https://example.com.username bob &&
	test_config credential.https://example.com.helper "verbatim \"\" bar" &&
	check fill <<-\EOF
	protocol=https
	host=example.com
	username=alice
	--
	protocol=https
	host=example.com
	username=alice
	password=bar
	--
	verbatim: get
	verbatim: protocol=https
	verbatim: host=example.com
	verbatim: username=alice
	EOF
'

test_expect_success 'last matching username wins' '
	test_config credential.https://example.com/path.git.username bob &&
	test_config credential.https://example.com.username alice &&
	test_config credential.https://example.com.helper "verbatim \"\" bar" &&
	check fill <<-\EOF
	url=https://example.com/path.git
	--
	protocol=https
	host=example.com
	username=alice
	password=bar
	--
	verbatim: get
	verbatim: protocol=https
	verbatim: host=example.com
	verbatim: username=alice
	EOF
'

test_expect_success 'http paths can be part of context' '
	check fill "verbatim foo bar" <<-\EOF &&
	protocol=https
	host=example.com
	path=foo.git
	--
	protocol=https
	host=example.com
	username=foo
	password=bar
	--
	verbatim: get
	verbatim: protocol=https
	verbatim: host=example.com
	EOF
	test_config credential.https://example.com.useHttpPath true &&
	check fill "verbatim foo bar" <<-\EOF
	protocol=https
	host=example.com
	path=foo.git
	--
	protocol=https
	host=example.com
	path=foo.git
	username=foo
	password=bar
	--
	verbatim: get
	verbatim: protocol=https
	verbatim: host=example.com
	verbatim: path=foo.git
	EOF
'

test_expect_success 'context uses urlmatch' '
	test_config "credential.https://*.org.useHttpPath" true &&
	check fill "verbatim foo bar" <<-\EOF
	protocol=https
	host=example.org
	path=foo.git
	--
	protocol=https
	host=example.org
	path=foo.git
	username=foo
	password=bar
	--
	verbatim: get
	verbatim: protocol=https
	verbatim: host=example.org
	verbatim: path=foo.git
	EOF
'

test_expect_success 'helpers can abort the process' '
	test_must_fail git \
		-c credential.helper=quit \
		-c credential.helper="verbatim foo bar" \
		credential fill >stdout 2>stderr <<-\EOF &&
	protocol=http
	host=example.com
	EOF
	test_must_be_empty stdout &&
	cat >expect <<-\EOF &&
	quit: get
	quit: protocol=http
	quit: host=example.com
	fatal: credential helper '\''quit'\'' told us to quit
	EOF
	test_i18ncmp expect stderr
'

test_expect_success 'empty helper spec resets helper list' '
	test_config credential.helper "verbatim file file" &&
	check fill "" "verbatim cmdline cmdline" <<-\EOF
	protocol=http
	host=example.com
	--
	protocol=http
	host=example.com
	username=cmdline
	password=cmdline
	--
	verbatim: get
	verbatim: protocol=http
	verbatim: host=example.com
	EOF
'

test_expect_success 'url parser rejects embedded newlines' '
	test_must_fail git credential fill 2>stderr <<-\EOF &&
	url=https://one.example.com?%0ahost=two.example.com/
	EOF
	cat >expect <<-\EOF &&
	warning: url contains a newline in its path component: https://one.example.com?%0ahost=two.example.com/
	fatal: credential url cannot be parsed: https://one.example.com?%0ahost=two.example.com/
	EOF
	test_i18ncmp expect stderr
'

test_expect_success 'host-less URLs are parsed as empty host' '
	check fill "verbatim foo bar" <<-\EOF
	url=cert:///path/to/cert.pem
	--
	protocol=cert
	host=
	path=path/to/cert.pem
	username=foo
	password=bar
	--
	verbatim: get
	verbatim: protocol=cert
	verbatim: host=
	verbatim: path=path/to/cert.pem
	EOF
'

test_expect_success 'credential system refuses to work with missing host' '
	test_must_fail git credential fill 2>stderr <<-\EOF &&
	protocol=http
	EOF
	cat >expect <<-\EOF &&
	fatal: refusing to work with credential missing host field
	EOF
	test_i18ncmp expect stderr
'

test_expect_success 'credential system refuses to work with missing protocol' '
	test_must_fail git credential fill 2>stderr <<-\EOF &&
	host=example.com
	EOF
	cat >expect <<-\EOF &&
	fatal: refusing to work with credential missing protocol field
	EOF
	test_i18ncmp expect stderr
'

# usage: check_host_and_path <url> <expected-host> <expected-path>
check_host_and_path () {
	# we always parse the path component, but we need this to make sure it
	# is passed to the helper
	test_config credential.useHTTPPath true &&
	check fill "verbatim user pass" <<-EOF
	url=$1
	--
	protocol=https
	host=$2
	path=$3
	username=user
	password=pass
	--
	verbatim: get
	verbatim: protocol=https
	verbatim: host=$2
	verbatim: path=$3
	EOF
}

test_expect_success 'url parser handles bare query marker' '
	check_host_and_path https://example.com?foo.git example.com ?foo.git
'

test_expect_success 'url parser handles bare fragment marker' '
	check_host_and_path https://example.com#foo.git example.com "#foo.git"
'

test_expect_success 'url parser not confused by encoded markers' '
	check_host_and_path https://example.com%23%3f%2f/foo.git \
		"example.com#?/" foo.git
'

test_expect_success 'credential config with partial URLs' '
	echo "echo password=yep" | write_script git-credential-yep &&
	test_write_lines url=https://user@example.com/repo.git >stdin &&
	for partial in \
		example.com \
		user@example.com \
		https:// \
		https://example.com \
		https://example.com/ \
		https://user@example.com \
		https://user@example.com/ \
		https://example.com/repo.git \
		https://user@example.com/repo.git \
		/repo.git
	do
		git -c credential.$partial.helper=yep \
			credential fill <stdin >stdout &&
		grep yep stdout ||
		return 1
	done &&

	for partial in \
		dont.use.this \
		http:// \
		/repo
	do
		git -c credential.$partial.helper=yep \
			credential fill <stdin >stdout &&
		! grep yep stdout ||
		return 1
	done &&

	git -c credential.$partial.helper=yep \
		-c credential.with%0anewline.username=uh-oh \
		credential fill <stdin >stdout 2>stderr &&
	test_i18ngrep "skipping credential lookup for key" stderr
'

test_done
Commit	Line	Data
abca927d JK	1	#!/bin/sh
	2
	3	test_description='basic credential helper tests'
	4	. ./test-lib.sh
	5	. "$TEST_DIRECTORY"/lib-credential.sh
	6
	7	test_expect_success 'setup helper scripts' '
	8	cat >dump <<-\EOF &&
dd64267f	9	whoami=$(echo $0 \| sed s/.*git-credential-//)
abca927d	10	echo >&2 "$whoami: $*"
78ed1d2d MG	11	OIFS=$IFS
	12	IFS==
	13	while read key value; do
abca927d JK	14	echo >&2 "$whoami: $key=$value"
	15	eval "$key=$value"
	16	done
78ed1d2d	17	IFS=$OIFS
abca927d JK	18	EOF
abca927d JK	19
3d9f5b67	20	write_script git-credential-useless <<-\EOF &&
abca927d JK	21	. ./dump
	22	exit 0
	23	EOF
abca927d	24
a88dbd2f JK	25	write_script git-credential-quit <<-\EOF &&
	26	. ./dump
	27	echo quit=1
	28	EOF
	29
3d9f5b67	30	write_script git-credential-verbatim <<-\EOF &&
abca927d JK	31	user=$1; shift
	32	pass=$1; shift
	33	. ./dump
	34	test -z "$user" \|\| echo username=$user
	35	test -z "$pass" \|\| echo password=$pass
	36	EOF
abca927d JK	37
	38	PATH="$PWD:$PATH"
	39	'
	40
	41	test_expect_success 'credential_fill invokes helper' '
	42	check fill "verbatim foo bar" <<-\EOF
73aafe9b JK	43	protocol=http
73aafe9b JK	44	host=example.com
abca927d	45	--
73aafe9b JK	46	protocol=http
73aafe9b JK	47	host=example.com
abca927d JK	48	username=foo
	49	password=bar
	50	--
	51	verbatim: get
73aafe9b JK	52	verbatim: protocol=http
73aafe9b JK	53	verbatim: host=example.com
abca927d JK	54	EOF
	55	'
	56
	57	test_expect_success 'credential_fill invokes multiple helpers' '
	58	check fill useless "verbatim foo bar" <<-\EOF
73aafe9b JK	59	protocol=http
73aafe9b JK	60	host=example.com
abca927d	61	--
73aafe9b JK	62	protocol=http
73aafe9b JK	63	host=example.com
abca927d JK	64	username=foo
	65	password=bar
	66	--
	67	useless: get
73aafe9b JK	68	useless: protocol=http
73aafe9b JK	69	useless: host=example.com
abca927d	70	verbatim: get
73aafe9b JK	71	verbatim: protocol=http
73aafe9b JK	72	verbatim: host=example.com
abca927d JK	73	EOF
	74	'
	75
	76	test_expect_success 'credential_fill stops when we get a full response' '
	77	check fill "verbatim one two" "verbatim three four" <<-\EOF
73aafe9b JK	78	protocol=http
73aafe9b JK	79	host=example.com
abca927d	80	--
73aafe9b JK	81	protocol=http
73aafe9b JK	82	host=example.com
abca927d JK	83	username=one
	84	password=two
	85	--
	86	verbatim: get
73aafe9b JK	87	verbatim: protocol=http
73aafe9b JK	88	verbatim: host=example.com
abca927d JK	89	EOF
	90	'
	91
	92	test_expect_success 'credential_fill continues through partial response' '
	93	check fill "verbatim one \"\"" "verbatim two three" <<-\EOF
73aafe9b JK	94	protocol=http
73aafe9b JK	95	host=example.com
abca927d	96	--
73aafe9b JK	97	protocol=http
73aafe9b JK	98	host=example.com
abca927d JK	99	username=two
	100	password=three
	101	--
	102	verbatim: get
73aafe9b JK	103	verbatim: protocol=http
73aafe9b JK	104	verbatim: host=example.com
abca927d	105	verbatim: get
73aafe9b JK	106	verbatim: protocol=http
73aafe9b JK	107	verbatim: host=example.com
abca927d JK	108	verbatim: username=one
	109	EOF
	110	'
	111
	112	test_expect_success 'credential_fill passes along metadata' '
	113	check fill "verbatim one two" <<-\EOF
	114	protocol=ftp
	115	host=example.com
	116	path=foo.git
	117	--
2d6dc182 MM	118	protocol=ftp
	119	host=example.com
	120	path=foo.git
abca927d JK	121	username=one
	122	password=two
	123	--
	124	verbatim: get
	125	verbatim: protocol=ftp
	126	verbatim: host=example.com
	127	verbatim: path=foo.git
	128	EOF
	129	'
	130
	131	test_expect_success 'credential_approve calls all helpers' '
	132	check approve useless "verbatim one two" <<-\EOF
73aafe9b JK	133	protocol=http
73aafe9b JK	134	host=example.com
abca927d JK	135	username=foo
	136	password=bar
	137	--
	138	--
	139	useless: store
73aafe9b JK	140	useless: protocol=http
73aafe9b JK	141	useless: host=example.com
abca927d JK	142	useless: username=foo
	143	useless: password=bar
	144	verbatim: store
73aafe9b JK	145	verbatim: protocol=http
73aafe9b JK	146	verbatim: host=example.com
abca927d JK	147	verbatim: username=foo
	148	verbatim: password=bar
	149	EOF
	150	'
	151
	152	test_expect_success 'do not bother storing password-less credential' '
	153	check approve useless <<-\EOF
73aafe9b JK	154	protocol=http
73aafe9b JK	155	host=example.com
abca927d JK	156	username=foo
	157	--
	158	--
	159	EOF
	160	'
	161
	162
	163	test_expect_success 'credential_reject calls all helpers' '
	164	check reject useless "verbatim one two" <<-\EOF
73aafe9b JK	165	protocol=http
73aafe9b JK	166	host=example.com
abca927d JK	167	username=foo
	168	password=bar
	169	--
	170	--
	171	useless: erase
73aafe9b JK	172	useless: protocol=http
73aafe9b JK	173	useless: host=example.com
abca927d JK	174	useless: username=foo
	175	useless: password=bar
	176	verbatim: erase
73aafe9b JK	177	verbatim: protocol=http
73aafe9b JK	178	verbatim: host=example.com
abca927d JK	179	verbatim: username=foo
	180	verbatim: password=bar
	181	EOF
	182	'
	183
	184	test_expect_success 'usernames can be preserved' '
	185	check fill "verbatim \"\" three" <<-\EOF
73aafe9b JK	186	protocol=http
73aafe9b JK	187	host=example.com
abca927d JK	188	username=one
abca927d JK	189	--
73aafe9b JK	190	protocol=http
73aafe9b JK	191	host=example.com
abca927d JK	192	username=one
	193	password=three
	194	--
	195	verbatim: get
73aafe9b JK	196	verbatim: protocol=http
73aafe9b JK	197	verbatim: host=example.com
abca927d JK	198	verbatim: username=one
	199	EOF
	200	'
	201
	202	test_expect_success 'usernames can be overridden' '
	203	check fill "verbatim two three" <<-\EOF
73aafe9b JK	204	protocol=http
73aafe9b JK	205	host=example.com
abca927d JK	206	username=one
abca927d JK	207	--
73aafe9b JK	208	protocol=http
73aafe9b JK	209	host=example.com
abca927d JK	210	username=two
	211	password=three
	212	--
	213	verbatim: get
73aafe9b JK	214	verbatim: protocol=http
73aafe9b JK	215	verbatim: host=example.com
abca927d JK	216	verbatim: username=one
	217	EOF
	218	'
	219
	220	test_expect_success 'do not bother completing already-full credential' '
	221	check fill "verbatim three four" <<-\EOF
73aafe9b JK	222	protocol=http
73aafe9b JK	223	host=example.com
abca927d JK	224	username=one
	225	password=two
	226	--
73aafe9b JK	227	protocol=http
73aafe9b JK	228	host=example.com
abca927d JK	229	username=one
	230	password=two
	231	--
	232	EOF
	233	'
	234
	235	# We can't test the basic terminal password prompt here because
	236	# getpass() tries too hard to find the real terminal. But if our
	237	# askpass helper is run, we know the internal getpass is working.
	238	test_expect_success 'empty helper list falls back to internal getpass' '
	239	check fill <<-\EOF
73aafe9b JK	240	protocol=http
73aafe9b JK	241	host=example.com
abca927d	242	--
73aafe9b JK	243	protocol=http
73aafe9b JK	244	host=example.com
abca927d JK	245	username=askpass-username
	246	password=askpass-password
	247	--
73aafe9b JK	248	askpass: Username for '\''http://example.com'\'':
73aafe9b JK	249	askpass: Password for '\''http://askpass-username@example.com'\'':
abca927d JK	250	EOF
	251	'
	252
	253	test_expect_success 'internal getpass does not ask for known username' '
	254	check fill <<-\EOF
73aafe9b JK	255	protocol=http
73aafe9b JK	256	host=example.com
abca927d JK	257	username=foo
abca927d JK	258	--
73aafe9b JK	259	protocol=http
73aafe9b JK	260	host=example.com
abca927d JK	261	username=foo
	262	password=askpass-password
	263	--
73aafe9b	264	askpass: Password for '\''http://foo@example.com'\'':
abca927d JK	265	EOF
	266	'
	267
11825072 JK	268	HELPER="!f() {
	269	cat >/dev/null
	270	echo username=foo
	271	echo password=bar
	272	}; f"
	273	test_expect_success 'respect configured credentials' '
	274	test_config credential.helper "$HELPER" &&
	275	check fill <<-\EOF
73aafe9b JK	276	protocol=http
73aafe9b JK	277	host=example.com
11825072	278	--
73aafe9b JK	279	protocol=http
73aafe9b JK	280	host=example.com
11825072 JK	281	username=foo
	282	password=bar
	283	--
	284	EOF
	285	'
	286
	287	test_expect_success 'match configured credential' '
	288	test_config credential.https://example.com.helper "$HELPER" &&
	289	check fill <<-\EOF
	290	protocol=https
	291	host=example.com
	292	path=repo.git
	293	--
2d6dc182 MM	294	protocol=https
2d6dc182 MM	295	host=example.com
11825072 JK	296	username=foo
	297	password=bar
	298	--
	299	EOF
	300	'
	301
	302	test_expect_success 'do not match configured credential' '
	303	test_config credential.https://foo.helper "$HELPER" &&
	304	check fill <<-\EOF
	305	protocol=https
	306	host=bar
	307	--
2d6dc182 MM	308	protocol=https
2d6dc182 MM	309	host=bar
11825072 JK	310	username=askpass-username
	311	password=askpass-password
	312	--
	313	askpass: Username for '\''https://bar'\'':
	314	askpass: Password for '\''https://askpass-username@bar'\'':
	315	EOF
	316	'
	317
588c70e1	318	test_expect_success 'match multiple configured helpers' '
	319	test_config credential.helper "verbatim \"\" \"\"" &&
	320	test_config credential.https://example.com.helper "$HELPER" &&
	321	check fill <<-\EOF
	322	protocol=https
	323	host=example.com
	324	path=repo.git
	325	--
	326	protocol=https
	327	host=example.com
	328	username=foo
	329	password=bar
	330	--
	331	verbatim: get
	332	verbatim: protocol=https
	333	verbatim: host=example.com
	334	EOF
	335	'
	336
	337	test_expect_success 'match multiple configured helpers with URLs' '
	338	test_config credential.https://example.com/repo.git.helper "verbatim \"\" \"\"" &&
	339	test_config credential.https://example.com.helper "$HELPER" &&
	340	check fill <<-\EOF
	341	protocol=https
	342	host=example.com
	343	path=repo.git
	344	--
	345	protocol=https
	346	host=example.com
	347	username=foo
	348	password=bar
	349	--
	350	verbatim: get
	351	verbatim: protocol=https
	352	verbatim: host=example.com
	353	EOF
	354	'
	355
	356	test_expect_success 'match percent-encoded values' '
	357	test_config credential.https://example.com/%2566.git.helper "$HELPER" &&
	358	check fill <<-\EOF
	359	url=https://example.com/%2566.git
	360	--
	361	protocol=https
	362	host=example.com
	363	username=foo
	364	password=bar
	365	--
	366	EOF
	367	'
	368
b44d0118	369	test_expect_success 'match percent-encoded UTF-8 values in path' '
	370	test_config credential.https://example.com.useHttpPath true &&
	371	test_config credential.https://example.com/perú.git.helper "$HELPER" &&
	372	check fill <<-\EOF
	373	url=https://example.com/per%C3%BA.git
	374	--
	375	protocol=https
	376	host=example.com
	377	path=perú.git
	378	username=foo
	379	password=bar
	380	--
	381	EOF
	382	'
	383
	384	test_expect_success 'match percent-encoded values in username' '
	385	test_config credential.https://user%2fname@example.com/foo/bar.git.helper "$HELPER" &&
	386	check fill <<-\EOF
	387	url=https://user%2fname@example.com/foo/bar.git
	388	--
	389	protocol=https
	390	host=example.com
	391	username=foo
	392	password=bar
	393	--
	394	EOF
	395	'
	396
	397	test_expect_success 'fetch with multiple path components' '
	398	test_unconfig credential.helper &&
	399	test_config credential.https://example.com/foo/repo.git.helper "verbatim foo bar" &&
	400	check fill <<-\EOF
	401	url=https://example.com/foo/repo.git
	402	--
	403	protocol=https
	404	host=example.com
	405	username=foo
	406	password=bar
	407	--
	408	verbatim: get
	409	verbatim: protocol=https
	410	verbatim: host=example.com
	411	EOF
	412	'
	413
d5742425 JK	414	test_expect_success 'pull username from config' '
	415	test_config credential.https://example.com.username foo &&
	416	check fill <<-\EOF
	417	protocol=https
	418	host=example.com
	419	--
2d6dc182 MM	420	protocol=https
2d6dc182 MM	421	host=example.com
d5742425 JK	422	username=foo
	423	password=askpass-password
	424	--
	425	askpass: Password for '\''https://foo@example.com'\'':
	426	EOF
	427	'
	428
588c70e1	429	test_expect_success 'honors username from URL over helper (URL)' '
	430	test_config credential.https://example.com.username bob &&
	431	test_config credential.https://example.com.helper "verbatim \"\" bar" &&
	432	check fill <<-\EOF
	433	url=https://alice@example.com
	434	--
	435	protocol=https
	436	host=example.com
	437	username=alice
	438	password=bar
	439	--
	440	verbatim: get
	441	verbatim: protocol=https
	442	verbatim: host=example.com
	443	verbatim: username=alice
	444	EOF
	445	'
	446
	447	test_expect_success 'honors username from URL over helper (components)' '
	448	test_config credential.https://example.com.username bob &&
	449	test_config credential.https://example.com.helper "verbatim \"\" bar" &&
	450	check fill <<-\EOF
	451	protocol=https
	452	host=example.com
	453	username=alice
	454	--
	455	protocol=https
	456	host=example.com
	457	username=alice
	458	password=bar
	459	--
	460	verbatim: get
	461	verbatim: protocol=https
	462	verbatim: host=example.com
	463	verbatim: username=alice
	464	EOF
	465	'
	466
82eb2498	467	test_expect_success 'last matching username wins' '
588c70e1	468	test_config credential.https://example.com/path.git.username bob &&
	469	test_config credential.https://example.com.username alice &&
	470	test_config credential.https://example.com.helper "verbatim \"\" bar" &&
	471	check fill <<-\EOF
	472	url=https://example.com/path.git
	473	--
	474	protocol=https
	475	host=example.com
	476	username=alice
	477	password=bar
	478	--
	479	verbatim: get
	480	verbatim: protocol=https
	481	verbatim: host=example.com
	482	verbatim: username=alice
	483	EOF
	484	'
	485
a78fbb4f JK	486	test_expect_success 'http paths can be part of context' '
	487	check fill "verbatim foo bar" <<-\EOF &&
	488	protocol=https
	489	host=example.com
	490	path=foo.git
	491	--
2d6dc182 MM	492	protocol=https
2d6dc182 MM	493	host=example.com
a78fbb4f JK	494	username=foo
	495	password=bar
	496	--
	497	verbatim: get
	498	verbatim: protocol=https
	499	verbatim: host=example.com
	500	EOF
	501	test_config credential.https://example.com.useHttpPath true &&
	502	check fill "verbatim foo bar" <<-\EOF
	503	protocol=https
	504	host=example.com
	505	path=foo.git
	506	--
2d6dc182 MM	507	protocol=https
	508	host=example.com
	509	path=foo.git
a78fbb4f JK	510	username=foo
	511	password=bar
	512	--
	513	verbatim: get
	514	verbatim: protocol=https
	515	verbatim: host=example.com
	516	verbatim: path=foo.git
	517	EOF
	518	'
	519
46fd7b39	520	test_expect_success 'context uses urlmatch' '
	521	test_config "credential.https://*.org.useHttpPath" true &&
	522	check fill "verbatim foo bar" <<-\EOF
	523	protocol=https
	524	host=example.org
	525	path=foo.git
	526	--
	527	protocol=https
	528	host=example.org
	529	path=foo.git
	530	username=foo
	531	password=bar
	532	--
	533	verbatim: get
	534	verbatim: protocol=https
	535	verbatim: host=example.org
	536	verbatim: path=foo.git
	537	EOF
	538	'
	539
59b38652 JK	540	test_expect_success 'helpers can abort the process' '
59b38652 JK	541	test_must_fail git \
a88dbd2f	542	-c credential.helper=quit \
59b38652	543	-c credential.helper="verbatim foo bar" \
73aafe9b JK	544	credential fill >stdout 2>stderr <<-\EOF &&
	545	protocol=http
	546	host=example.com
	547	EOF
76b54ee9	548	test_must_be_empty stdout &&
a88dbd2f JK	549	cat >expect <<-\EOF &&
a88dbd2f JK	550	quit: get
73aafe9b JK	551	quit: protocol=http
73aafe9b JK	552	quit: host=example.com
a88dbd2f JK	553	fatal: credential helper '\''quit'\'' told us to quit
	554	EOF
	555	test_i18ncmp expect stderr
59b38652 JK	556	'
59b38652 JK	557
24321375 JK	558	test_expect_success 'empty helper spec resets helper list' '
	559	test_config credential.helper "verbatim file file" &&
	560	check fill "" "verbatim cmdline cmdline" <<-\EOF
73aafe9b JK	561	protocol=http
73aafe9b JK	562	host=example.com
24321375	563	--
73aafe9b JK	564	protocol=http
73aafe9b JK	565	host=example.com
24321375 JK	566	username=cmdline
	567	password=cmdline
	568	--
	569	verbatim: get
73aafe9b JK	570	verbatim: protocol=http
73aafe9b JK	571	verbatim: host=example.com
24321375 JK	572	EOF
	573	'
	574
8ba8ed56 JK	575	test_expect_success 'url parser rejects embedded newlines' '
8ba8ed56 JK	576	test_must_fail git credential fill 2>stderr <<-\EOF &&
9a6bbee8	577	url=https://one.example.com?%0ahost=two.example.com/
8ba8ed56 JK	578	EOF
8ba8ed56 JK	579	cat >expect <<-\EOF &&
a397e9c2	580	warning: url contains a newline in its path component: https://one.example.com?%0ahost=two.example.com/
fe29a9b7	581	fatal: credential url cannot be parsed: https://one.example.com?%0ahost=two.example.com/
9a6bbee8	582	EOF
8ba8ed56	583	test_i18ncmp expect stderr
9a6bbee8 JK	584	'
9a6bbee8 JK	585
24036686 JK	586	test_expect_success 'host-less URLs are parsed as empty host' '
	587	check fill "verbatim foo bar" <<-\EOF
	588	url=cert:///path/to/cert.pem
c716fe4b	589	--
24036686 JK	590	protocol=cert
	591	host=
	592	path=path/to/cert.pem
	593	username=foo
	594	password=bar
c716fe4b	595	--
24036686 JK	596	verbatim: get
	597	verbatim: protocol=cert
	598	verbatim: host=
	599	verbatim: path=path/to/cert.pem
	600	EOF
	601	'
	602
8ba8ed56 JK	603	test_expect_success 'credential system refuses to work with missing host' '
	604	test_must_fail git credential fill 2>stderr <<-\EOF &&
	605	protocol=http
	606	EOF
	607	cat >expect <<-\EOF &&
	608	fatal: refusing to work with credential missing host field
	609	EOF
	610	test_i18ncmp expect stderr
	611	'
	612
	613	test_expect_success 'credential system refuses to work with missing protocol' '
	614	test_must_fail git credential fill 2>stderr <<-\EOF &&
	615	host=example.com
	616	EOF
	617	cat >expect <<-\EOF &&
	618	fatal: refusing to work with credential missing protocol field
9a6bbee8	619	EOF
8ba8ed56	620	test_i18ncmp expect stderr
9a6bbee8 JK	621	'
9a6bbee8 JK	622
4c5971e1 JK	623	# usage: check_host_and_path <url> <expected-host> <expected-path>
	624	check_host_and_path () {
	625	# we always parse the path component, but we need this to make sure it
	626	# is passed to the helper
	627	test_config credential.useHTTPPath true &&
	628	check fill "verbatim user pass" <<-EOF
	629	url=$1
	630	--
	631	protocol=https
	632	host=$2
	633	path=$3
	634	username=user
	635	password=pass
	636	--
	637	verbatim: get
	638	verbatim: protocol=https
	639	verbatim: host=$2
	640	verbatim: path=$3
	641	EOF
	642	}
	643
	644	test_expect_success 'url parser handles bare query marker' '
	645	check_host_and_path https://example.com?foo.git example.com ?foo.git
	646	'
	647
	648	test_expect_success 'url parser handles bare fragment marker' '
	649	check_host_and_path https://example.com#foo.git example.com "#foo.git"
	650	'
	651
	652	test_expect_success 'url parser not confused by encoded markers' '
	653	check_host_and_path https://example.com%23%3f%2f/foo.git \
	654	"example.com#?/" foo.git
	655	'
	656
9a121b0d JS	657	test_expect_success 'credential config with partial URLs' '
	658	echo "echo password=yep" \| write_script git-credential-yep &&
	659	test_write_lines url=https://user@example.com/repo.git >stdin &&
	660	for partial in \
	661	example.com \
	662	user@example.com \
	663	https:// \
	664	https://example.com \
	665	https://example.com/ \
	666	https://user@example.com \
	667	https://user@example.com/ \
	668	https://example.com/repo.git \
	669	https://user@example.com/repo.git \
	670	/repo.git
	671	do
	672	git -c credential.$partial.helper=yep \
	673	credential fill <stdin >stdout &&
	674	grep yep stdout \|\|
	675	return 1
	676	done &&
	677
	678	for partial in \
	679	dont.use.this \
	680	http:// \
	681	/repo
	682	do
	683	git -c credential.$partial.helper=yep \
	684	credential fill <stdin >stdout &&
	685	! grep yep stdout \|\|
	686	return 1
	687	done &&
	688
	689	git -c credential.$partial.helper=yep \
	690	-c credential.with%0anewline.username=uh-oh \
	691	credential fill <stdin >stdout 2>stderr &&
	692	test_i18ngrep "skipping credential lookup for key" stderr
	693	'
	694
abca927d	695	test_done