]> git.ipfire.org Git - thirdparty/git.git/blob - t/t5550-http-fetch-dumb.sh
projects / thirdparty / git.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
blame.c: replace instance of !oidcmp for oideq
[thirdparty/git.git] / t / t5550-http-fetch-dumb.sh
1 #!/bin/sh
2
3 test_description='test dumb fetching over http via static file'
4 . ./test-lib.sh
5 . "$TEST_DIRECTORY"/lib-httpd.sh
6 start_httpd
7
8 test_expect_success 'setup repository' '
9 git config push.default matching &&
10 echo content1 >file &&
11 git add file &&
12 git commit -m one &&
13 echo content2 >file &&
14 git add file &&
15 git commit -m two
16 '
17
18 test_expect_success 'create http-accessible bare repository with loose objects' '
19 cp -R .git "$HTTPD_DOCUMENT_ROOT_PATH/repo.git" &&
20 (cd "$HTTPD_DOCUMENT_ROOT_PATH/repo.git" &&
21 git config core.bare true &&
22 mkdir -p hooks &&
23 write_script "hooks/post-update" <<-\EOF &&
24 exec git update-server-info
25 EOF
26 hooks/post-update
27 ) &&
28 git remote add public "$HTTPD_DOCUMENT_ROOT_PATH/repo.git" &&
29 git push public master:master
30 '
31
32 test_expect_success 'clone http repository' '
33 git clone $HTTPD_URL/dumb/repo.git clone-tmpl &&
34 cp -R clone-tmpl clone &&
35 test_cmp file clone/file
36 '
37
38 test_expect_success 'list refs from outside any repository' '
39 cat >expect <<-EOF &&
40 $(git rev-parse master) HEAD
41 $(git rev-parse master) refs/heads/master
42 EOF
43 nongit git ls-remote "$HTTPD_URL/dumb/repo.git" >actual &&
44 test_cmp expect actual
45 '
46
47 test_expect_success 'create password-protected repository' '
48 mkdir -p "$HTTPD_DOCUMENT_ROOT_PATH/auth/dumb/" &&
49 cp -Rf "$HTTPD_DOCUMENT_ROOT_PATH/repo.git" \
50 "$HTTPD_DOCUMENT_ROOT_PATH/auth/dumb/repo.git"
51 '
52
53 setup_askpass_helper
54
55 test_expect_success 'cloning password-protected repository can fail' '
56 set_askpass wrong &&
57 test_must_fail git clone "$HTTPD_URL/auth/dumb/repo.git" clone-auth-fail &&
58 expect_askpass both wrong
59 '
60
61 test_expect_success 'http auth can use user/pass in URL' '
62 set_askpass wrong &&
63 git clone "$HTTPD_URL_USER_PASS/auth/dumb/repo.git" clone-auth-none &&
64 expect_askpass none
65 '
66
67 test_expect_success 'http auth can use just user in URL' '
68 set_askpass wrong pass@host &&
69 git clone "$HTTPD_URL_USER/auth/dumb/repo.git" clone-auth-pass &&
70 expect_askpass pass user@host
71 '
72
73 test_expect_success 'http auth can request both user and pass' '
74 set_askpass user@host pass@host &&
75 git clone "$HTTPD_URL/auth/dumb/repo.git" clone-auth-both &&
76 expect_askpass both user@host
77 '
78
79 test_expect_success 'http auth respects credential helper config' '
80 test_config_global credential.helper "!f() {
81 cat >/dev/null
82 echo username=user@host
83 echo password=pass@host
84 }; f" &&
85 set_askpass wrong &&
86 git clone "$HTTPD_URL/auth/dumb/repo.git" clone-auth-helper &&
87 expect_askpass none
88 '
89
90 test_expect_success 'http auth can get username from config' '
91 test_config_global "credential.$HTTPD_URL.username" user@host &&
92 set_askpass wrong pass@host &&
93 git clone "$HTTPD_URL/auth/dumb/repo.git" clone-auth-user &&
94 expect_askpass pass user@host
95 '
96
97 test_expect_success 'configured username does not override URL' '
98 test_config_global "credential.$HTTPD_URL.username" wrong &&
99 set_askpass wrong pass@host &&
100 git clone "$HTTPD_URL_USER/auth/dumb/repo.git" clone-auth-user2 &&
101 expect_askpass pass user@host
102 '
103
104 test_expect_success 'set up repo with http submodules' '
105 git init super &&
106 set_askpass user@host pass@host &&
107 (
108 cd super &&
109 git submodule add "$HTTPD_URL/auth/dumb/repo.git" sub &&
110 git commit -m "add submodule"
111 )
112 '
113
114 test_expect_success 'cmdline credential config passes to submodule via clone' '
115 set_askpass wrong pass@host &&
116 test_must_fail git clone --recursive super super-clone &&
117 rm -rf super-clone &&
118
119 set_askpass wrong pass@host &&
120 git -c "credential.$HTTPD_URL.username=user@host" \
121 clone --recursive super super-clone &&
122 expect_askpass pass user@host
123 '
124
125 test_expect_success 'cmdline credential config passes submodule via fetch' '
126 set_askpass wrong pass@host &&
127 test_must_fail git -C super-clone fetch --recurse-submodules &&
128
129 set_askpass wrong pass@host &&
130 git -C super-clone \
131 -c "credential.$HTTPD_URL.username=user@host" \
132 fetch --recurse-submodules &&
133 expect_askpass pass user@host
134 '
135
136 test_expect_success 'cmdline credential config passes submodule update' '
137 # advance the submodule HEAD so that a fetch is required
138 git commit --allow-empty -m foo &&
139 git push "$HTTPD_DOCUMENT_ROOT_PATH/auth/dumb/repo.git" HEAD &&
140 sha1=$(git rev-parse HEAD) &&
141 git -C super-clone update-index --cacheinfo 160000,$sha1,sub &&
142
143 set_askpass wrong pass@host &&
144 test_must_fail git -C super-clone submodule update &&
145
146 set_askpass wrong pass@host &&
147 git -C super-clone \
148 -c "credential.$HTTPD_URL.username=user@host" \
149 submodule update &&
150 expect_askpass pass user@host
151 '
152
153 test_expect_success 'fetch changes via http' '
154 echo content >>file &&
155 git commit -a -m two &&
156 git push public &&
157 (cd clone && git pull) &&
158 test_cmp file clone/file
159 '
160
161 test_expect_success 'fetch changes via manual http-fetch' '
162 cp -R clone-tmpl clone2 &&
163
164 HEAD=$(git rev-parse --verify HEAD) &&
165 (cd clone2 &&
166 git http-fetch -a -w heads/master-new $HEAD $(git config remote.origin.url) &&
167 git checkout master-new &&
168 test $HEAD = $(git rev-parse --verify HEAD)) &&
169 test_cmp file clone2/file
170 '
171
172 test_expect_success 'manual http-fetch without -a works just as well' '
173 cp -R clone-tmpl clone3 &&
174
175 HEAD=$(git rev-parse --verify HEAD) &&
176 (cd clone3 &&
177 git http-fetch -w heads/master-new $HEAD $(git config remote.origin.url) &&
178 git checkout master-new &&
179 test $HEAD = $(git rev-parse --verify HEAD)) &&
180 test_cmp file clone3/file
181 '
182
183 test_expect_success 'http remote detects correct HEAD' '
184 git push public master:other &&
185 (cd clone &&
186 git remote set-head origin -d &&
187 git remote set-head origin -a &&
188 git symbolic-ref refs/remotes/origin/HEAD > output &&
189 echo refs/remotes/origin/master > expect &&
190 test_cmp expect output
191 )
192 '
193
194 test_expect_success 'fetch packed objects' '
195 cp -R "$HTTPD_DOCUMENT_ROOT_PATH"/repo.git "$HTTPD_DOCUMENT_ROOT_PATH"/repo_pack.git &&
196 (cd "$HTTPD_DOCUMENT_ROOT_PATH"/repo_pack.git &&
197 git --bare repack -a -d
198 ) &&
199 git clone $HTTPD_URL/dumb/repo_pack.git
200 '
201
202 test_expect_success 'fetch notices corrupt pack' '
203 cp -R "$HTTPD_DOCUMENT_ROOT_PATH"/repo_pack.git "$HTTPD_DOCUMENT_ROOT_PATH"/repo_bad1.git &&
204 (cd "$HTTPD_DOCUMENT_ROOT_PATH"/repo_bad1.git &&
205 p=$(ls objects/pack/pack-*.pack) &&
206 chmod u+w $p &&
207 printf %0256d 0 | dd of=$p bs=256 count=1 seek=1 conv=notrunc
208 ) &&
209 mkdir repo_bad1.git &&
210 (cd repo_bad1.git &&
211 git --bare init &&
212 test_must_fail git --bare fetch $HTTPD_URL/dumb/repo_bad1.git &&
213 test 0 = $(ls objects/pack/pack-*.pack | wc -l)
214 )
215 '
216
217 test_expect_success 'fetch notices corrupt idx' '
218 cp -R "$HTTPD_DOCUMENT_ROOT_PATH"/repo_pack.git "$HTTPD_DOCUMENT_ROOT_PATH"/repo_bad2.git &&
219 (cd "$HTTPD_DOCUMENT_ROOT_PATH"/repo_bad2.git &&
220 p=$(ls objects/pack/pack-*.idx) &&
221 chmod u+w $p &&
222 printf %0256d 0 | dd of=$p bs=256 count=1 seek=1 conv=notrunc
223 ) &&
224 mkdir repo_bad2.git &&
225 (cd repo_bad2.git &&
226 git --bare init &&
227 test_must_fail git --bare fetch $HTTPD_URL/dumb/repo_bad2.git &&
228 test 0 = $(ls objects/pack | wc -l)
229 )
230 '
231
232 test_expect_success 'fetch can handle previously-fetched .idx files' '
233 git checkout --orphan branch1 &&
234 echo base >file &&
235 git add file &&
236 git commit -m base &&
237 git --bare init "$HTTPD_DOCUMENT_ROOT_PATH"/repo_packed_branches.git &&
238 git push "$HTTPD_DOCUMENT_ROOT_PATH"/repo_packed_branches.git branch1 &&
239 git --git-dir="$HTTPD_DOCUMENT_ROOT_PATH"/repo_packed_branches.git repack -d &&
240 git checkout -b branch2 branch1 &&
241 echo b2 >>file &&
242 git commit -a -m b2 &&
243 git push "$HTTPD_DOCUMENT_ROOT_PATH"/repo_packed_branches.git branch2 &&
244 git --git-dir="$HTTPD_DOCUMENT_ROOT_PATH"/repo_packed_branches.git repack -d &&
245 git --bare init clone_packed_branches.git &&
246 git --git-dir=clone_packed_branches.git fetch "$HTTPD_URL"/dumb/repo_packed_branches.git branch1:branch1 &&
247 git --git-dir=clone_packed_branches.git fetch "$HTTPD_URL"/dumb/repo_packed_branches.git branch2:branch2
248 '
249
250 test_expect_success 'did not use upload-pack service' '
251 ! grep "/git-upload-pack" "$HTTPD_ROOT_PATH/access.log"
252 '
253
254 test_expect_success 'git client shows text/plain errors' '
255 test_must_fail git clone "$HTTPD_URL/error/text" 2>stderr &&
256 grep "this is the error message" stderr
257 '
258
259 test_expect_success 'git client does not show html errors' '
260 test_must_fail git clone "$HTTPD_URL/error/html" 2>stderr &&
261 ! grep "this is the error message" stderr
262 '
263
264 test_expect_success 'git client shows text/plain with a charset' '
265 test_must_fail git clone "$HTTPD_URL/error/charset" 2>stderr &&
266 grep "this is the error message" stderr
267 '
268
269 test_expect_success 'http error messages are reencoded' '
270 test_must_fail git clone "$HTTPD_URL/error/utf16" 2>stderr &&
271 grep "this is the error message" stderr
272 '
273
274 test_expect_success 'reencoding is robust to whitespace oddities' '
275 test_must_fail git clone "$HTTPD_URL/error/odd-spacing" 2>stderr &&
276 grep "this is the error message" stderr
277 '
278
279 check_language () {
280 case "$2" in
281 '')
282 >expect
283 ;;
284 ?*)
285 echo "=> Send header: Accept-Language: $1" >expect
286 ;;
287 esac &&
288 GIT_TRACE_CURL=true \
289 LANGUAGE=$2 \
290 git ls-remote "$HTTPD_URL/dumb/repo.git" >output 2>&1 &&
291 tr -d '\015' <output |
292 sort -u |
293 sed -ne '/^=> Send header: Accept-Language:/ p' >actual &&
294 test_cmp expect actual
295 }
296
297 test_expect_success 'git client sends Accept-Language based on LANGUAGE' '
298 check_language "ko-KR, *;q=0.9" ko_KR.UTF-8'
299
300 test_expect_success 'git client sends Accept-Language correctly with unordinary LANGUAGE' '
301 check_language "ko-KR, *;q=0.9" "ko_KR:" &&
302 check_language "ko-KR, en-US;q=0.9, *;q=0.8" "ko_KR::en_US" &&
303 check_language "ko-KR, *;q=0.9" ":::ko_KR" &&
304 check_language "ko-KR, en-US;q=0.9, *;q=0.8" "ko_KR!!:en_US" &&
305 check_language "ko-KR, ja-JP;q=0.9, *;q=0.8" "ko_KR en_US:ja_JP"'
306
307 test_expect_success 'git client sends Accept-Language with many preferred languages' '
308 check_language "ko-KR, en-US;q=0.9, fr-CA;q=0.8, de;q=0.7, sr;q=0.6, \
309 ja;q=0.5, zh;q=0.4, sv;q=0.3, pt;q=0.2, *;q=0.1" \
310 ko_KR.EUC-KR:en_US.UTF-8:fr_CA:de.UTF-8@euro:sr@latin:ja:zh:sv:pt &&
311 check_language "ko-KR, en-US;q=0.99, fr-CA;q=0.98, de;q=0.97, sr;q=0.96, \
312 ja;q=0.95, zh;q=0.94, sv;q=0.93, pt;q=0.92, nb;q=0.91, *;q=0.90" \
313 ko_KR.EUC-KR:en_US.UTF-8:fr_CA:de.UTF-8@euro:sr@latin:ja:zh:sv:pt:nb
314 '
315
316 test_expect_success 'git client does not send an empty Accept-Language' '
317 GIT_TRACE_CURL=true LANGUAGE= git ls-remote "$HTTPD_URL/dumb/repo.git" 2>stderr &&
318 ! grep "^=> Send header: Accept-Language:" stderr
319 '
320
321 test_expect_success 'remote-http complains cleanly about malformed urls' '
322 test_must_fail git remote-http http::/example.com/repo.git 2>stderr &&
323 test_i18ngrep "url has no scheme" stderr
324 '
325
326 # NEEDSWORK: Writing commands to git-remote-curl can race against the latter
327 # erroring out, producing SIGPIPE. Remove "ok=sigpipe" once transport-helper has
328 # learned to handle early remote helper failures more cleanly.
329 test_expect_success 'remote-http complains cleanly about empty scheme' '
330 test_must_fail ok=sigpipe git ls-remote \
331 http::${HTTPD_URL#http}/dumb/repo.git 2>stderr &&
332 test_i18ngrep "url has no scheme" stderr
333 '
334
335 test_expect_success 'redirects can be forbidden/allowed' '
336 test_must_fail git -c http.followRedirects=false \
337 clone $HTTPD_URL/dumb-redir/repo.git dumb-redir &&
338 git -c http.followRedirects=true \
339 clone $HTTPD_URL/dumb-redir/repo.git dumb-redir 2>stderr
340 '
341
342 test_expect_success 'redirects are reported to stderr' '
343 # just look for a snippet of the redirected-to URL
344 test_i18ngrep /dumb/ stderr
345 '
346
347 test_expect_success 'non-initial redirects can be forbidden' '
348 test_must_fail git -c http.followRedirects=initial \
349 clone $HTTPD_URL/redir-objects/repo.git redir-objects &&
350 git -c http.followRedirects=true \
351 clone $HTTPD_URL/redir-objects/repo.git redir-objects
352 '
353
354 test_expect_success 'http.followRedirects defaults to "initial"' '
355 test_must_fail git clone $HTTPD_URL/redir-objects/repo.git default
356 '
357
358 # The goal is for a clone of the "evil" repository, which has no objects
359 # itself, to cause the client to fetch objects from the "victim" repository.
360 test_expect_success 'set up evil alternates scheme' '
361 victim=$HTTPD_DOCUMENT_ROOT_PATH/victim.git &&
362 git init --bare "$victim" &&
363 git -C "$victim" --work-tree=. commit --allow-empty -m secret &&
364 git -C "$victim" repack -ad &&
365 git -C "$victim" update-server-info &&
366 sha1=$(git -C "$victim" rev-parse HEAD) &&
367
368 evil=$HTTPD_DOCUMENT_ROOT_PATH/evil.git &&
369 git init --bare "$evil" &&
370 # do this by hand to avoid object existence check
371 printf "%s\\t%s\\n" $sha1 refs/heads/master >"$evil/info/refs"
372 '
373
374 # Here we'll just redirect via HTTP. In a real-world attack these would be on
375 # different servers, but we should reject it either way.
376 test_expect_success 'http-alternates is a non-initial redirect' '
377 echo "$HTTPD_URL/dumb/victim.git/objects" \
378 >"$evil/objects/info/http-alternates" &&
379 test_must_fail git -c http.followRedirects=initial \
380 clone $HTTPD_URL/dumb/evil.git evil-initial &&
381 git -c http.followRedirects=true \
382 clone $HTTPD_URL/dumb/evil.git evil-initial
383 '
384
385 # Curl supports a lot of protocols that we'd prefer not to allow
386 # http-alternates to use, but it's hard to test whether curl has
387 # accessed, say, the SMTP protocol, because we are not running an SMTP server.
388 # But we can check that it does not allow access to file://, which would
389 # otherwise allow this clone to complete.
390 test_expect_success 'http-alternates cannot point at funny protocols' '
391 echo "file://$victim/objects" >"$evil/objects/info/http-alternates" &&
392 test_must_fail git -c http.followRedirects=true \
393 clone "$HTTPD_URL/dumb/evil.git" evil-file
394 '
395
396 test_expect_success 'http-alternates triggers not-from-user protocol check' '
397 echo "$HTTPD_URL/dumb/victim.git/objects" \
398 >"$evil/objects/info/http-alternates" &&
399 test_config_global http.followRedirects true &&
400 test_must_fail git -c protocol.http.allow=user \
401 clone $HTTPD_URL/dumb/evil.git evil-user &&
402 git -c protocol.http.allow=always \
403 clone $HTTPD_URL/dumb/evil.git evil-user
404 '
405
406 test_expect_success 'can redirect through non-"info/refs?service=git-upload-pack" URL' '
407 git clone "$HTTPD_URL/redir-to/dumb/repo.git"
408 '
409
410 test_expect_success 'print HTTP error when any intermediate redirect throws error' '
411 test_must_fail git clone "$HTTPD_URL/redir-to/502" 2> stderr &&
412 test_i18ngrep "unable to access.*/redir-to/502" stderr
413 '
414
415 test_expect_success 'fetching via http alternates works' '
416 parent=$HTTPD_DOCUMENT_ROOT_PATH/alt-parent.git &&
417 git init --bare "$parent" &&
418 git -C "$parent" --work-tree=. commit --allow-empty -m foo &&
419 git -C "$parent" update-server-info &&
420 commit=$(git -C "$parent" rev-parse HEAD) &&
421
422 child=$HTTPD_DOCUMENT_ROOT_PATH/alt-child.git &&
423 git init --bare "$child" &&
424 echo "../../alt-parent.git/objects" >"$child/objects/info/alternates" &&
425 git -C "$child" update-ref HEAD $commit &&
426 git -C "$child" update-server-info &&
427
428 git -c http.followredirects=true clone "$HTTPD_URL/dumb/alt-child.git"
429 '
430
431 test_done
Unnamed repository; edit this file 'description' to name the repository.