summaryrefslogtreecommitdiff
path: root/t
diff options
context:
space:
mode:
authorLibravatar Junio C Hamano <gitster@pobox.com>2012-09-07 11:09:49 -0700
committerLibravatar Junio C Hamano <gitster@pobox.com>2012-09-07 11:09:50 -0700
commite6dd70e9bfef40d545cb0f452f082bde562e8785 (patch)
tree6ca29bfd8d3a36bfae9508c8756ff81e3a78b224 /t
parentMerge branch 'jc/maint-doc-checkout-b-always-takes-branch-name' (diff)
parenthttp: prompt for credentials on failed POST (diff)
downloadtgif-e6dd70e9bfef40d545cb0f452f082bde562e8785.tar.xz
Merge branch 'jk/maint-http-half-auth-push'
Pushing to smart HTTP server with recent Git fails without having the username in the URL to force authentication, if the server is configured to allow GET anonymously, while requiring authentication for POST. * jk/maint-http-half-auth-push: http: prompt for credentials on failed POST http: factor out http error code handling t: test http access to "half-auth" repositories t: test basic smart-http authentication t/lib-httpd: recognize */smart/* repos as smart-http t/lib-httpd: only route auth/dumb to dumb repos t5550: factor out http auth setup t5550: put auth-required repo in auth/dumb
Diffstat (limited to 't')
-rw-r--r--t/lib-httpd.sh39
-rw-r--r--t/lib-httpd/apache.conf25
-rwxr-xr-xt/t5540-http-push.sh17
-rwxr-xr-xt/t5541-http-push.sh26
-rwxr-xr-xt/t5550-http-fetch.sh75
-rwxr-xr-xt/t5551-http-fetch.sh20
6 files changed, 127 insertions, 75 deletions
diff --git a/t/lib-httpd.sh b/t/lib-httpd.sh
index d773542680..02f442bfad 100644
--- a/t/lib-httpd.sh
+++ b/t/lib-httpd.sh
@@ -167,3 +167,42 @@ test_http_push_nonff() {
test_i18ngrep "Updates were rejected because" output
'
}
+
+setup_askpass_helper() {
+ test_expect_success 'setup askpass helper' '
+ write_script "$TRASH_DIRECTORY/askpass" <<-\EOF &&
+ echo >>"$TRASH_DIRECTORY/askpass-query" "askpass: $*" &&
+ cat "$TRASH_DIRECTORY/askpass-response"
+ EOF
+ GIT_ASKPASS="$TRASH_DIRECTORY/askpass" &&
+ export GIT_ASKPASS &&
+ export TRASH_DIRECTORY
+ '
+}
+
+set_askpass() {
+ >"$TRASH_DIRECTORY/askpass-query" &&
+ echo "$*" >"$TRASH_DIRECTORY/askpass-response"
+}
+
+expect_askpass() {
+ dest=$HTTPD_DEST
+ {
+ case "$1" in
+ none)
+ ;;
+ pass)
+ echo "askpass: Password for 'http://$2@$dest': "
+ ;;
+ both)
+ echo "askpass: Username for 'http://$dest': "
+ echo "askpass: Password for 'http://$2@$dest': "
+ ;;
+ *)
+ false
+ ;;
+ esac
+ } >"$TRASH_DIRECTORY/askpass-expect" &&
+ test_cmp "$TRASH_DIRECTORY/askpass-expect" \
+ "$TRASH_DIRECTORY/askpass-query"
+}
diff --git a/t/lib-httpd/apache.conf b/t/lib-httpd/apache.conf
index 36b1596a10..49d5d877ce 100644
--- a/t/lib-httpd/apache.conf
+++ b/t/lib-httpd/apache.conf
@@ -46,24 +46,22 @@ PassEnv GIT_VALGRIND
PassEnv GIT_VALGRIND_OPTIONS
Alias /dumb/ www/
-Alias /auth/ www/auth/
+Alias /auth/dumb/ www/auth/dumb/
-<Location /smart/>
+<LocationMatch /smart/>
SetEnv GIT_EXEC_PATH ${GIT_EXEC_PATH}
SetEnv GIT_HTTP_EXPORT_ALL
-</Location>
-<Location /smart_noexport/>
+</LocationMatch>
+<LocationMatch /smart_noexport/>
SetEnv GIT_EXEC_PATH ${GIT_EXEC_PATH}
-</Location>
-<Location /smart_custom_env/>
+</LocationMatch>
+<LocationMatch /smart_custom_env/>
SetEnv GIT_EXEC_PATH ${GIT_EXEC_PATH}
SetEnv GIT_HTTP_EXPORT_ALL
SetEnv GIT_COMMITTER_NAME "Custom User"
SetEnv GIT_COMMITTER_EMAIL custom@example.com
-</Location>
-ScriptAlias /smart/ ${GIT_EXEC_PATH}/git-http-backend/
-ScriptAlias /smart_noexport/ ${GIT_EXEC_PATH}/git-http-backend/
-ScriptAlias /smart_custom_env/ ${GIT_EXEC_PATH}/git-http-backend/
+</LocationMatch>
+ScriptAliasMatch /smart_*[^/]*/(.*) ${GIT_EXEC_PATH}/git-http-backend/$1
<Directory ${GIT_EXEC_PATH}>
Options FollowSymlinks
</Directory>
@@ -94,6 +92,13 @@ SSLEngine On
Require valid-user
</Location>
+<LocationMatch "^/auth-push/.*/git-receive-pack$">
+ AuthType Basic
+ AuthName "git-auth"
+ AuthUserFile passwd
+ Require valid-user
+</LocationMatch>
+
<IfDefine DAV>
LoadModule dav_module modules/mod_dav.so
LoadModule dav_fs_module modules/mod_dav_fs.so
diff --git a/t/t5540-http-push.sh b/t/t5540-http-push.sh
index 1eea647656..f141f2d1da 100755
--- a/t/t5540-http-push.sh
+++ b/t/t5540-http-push.sh
@@ -46,15 +46,7 @@ test_expect_success 'create password-protected repository' '
"$HTTPD_DOCUMENT_ROOT_PATH/auth/dumb/test_repo.git"
'
-test_expect_success 'setup askpass helper' '
- cat >askpass <<-\EOF &&
- #!/bin/sh
- echo user@host
- EOF
- chmod +x askpass &&
- GIT_ASKPASS="$PWD/askpass" &&
- export GIT_ASKPASS
-'
+setup_askpass_helper
test_expect_success 'clone remote repository' '
cd "$ROOT_PATH" &&
@@ -162,6 +154,7 @@ test_http_push_nonff "$HTTPD_DOCUMENT_ROOT_PATH"/test_repo.git \
test_expect_success 'push to password-protected repository (user in URL)' '
test_commit pw-user &&
+ set_askpass user@host &&
git push "$HTTPD_URL_USER/auth/dumb/test_repo.git" HEAD &&
git rev-parse --verify HEAD >expect &&
git --git-dir="$HTTPD_DOCUMENT_ROOT_PATH/auth/dumb/test_repo.git" \
@@ -169,9 +162,15 @@ test_expect_success 'push to password-protected repository (user in URL)' '
test_cmp expect actual
'
+test_expect_failure 'user was prompted only once for password' '
+ expect_askpass pass user@host
+'
+
test_expect_failure 'push to password-protected repository (no user in URL)' '
test_commit pw-nouser &&
+ set_askpass user@host &&
git push "$HTTPD_URL/auth/dumb/test_repo.git" HEAD &&
+ expect_askpass both user@host
git rev-parse --verify HEAD >expect &&
git --git-dir="$HTTPD_DOCUMENT_ROOT_PATH/auth/dumb/test_repo.git" \
rev-parse --verify HEAD >actual &&
diff --git a/t/t5541-http-push.sh b/t/t5541-http-push.sh
index 624633aced..4b4b4a604f 100755
--- a/t/t5541-http-push.sh
+++ b/t/t5541-http-push.sh
@@ -36,6 +36,8 @@ test_expect_success 'setup remote repository' '
mv test_repo.git "$HTTPD_DOCUMENT_ROOT_PATH"
'
+setup_askpass_helper
+
cat >exp <<EOF
GET /smart/test_repo.git/info/refs?service=git-upload-pack HTTP/1.1 200
POST /smart/test_repo.git/git-upload-pack HTTP/1.1 200
@@ -269,5 +271,29 @@ test_expect_success 'http push respects GIT_COMMITTER_* in reflog' '
test_cmp expect actual
'
+test_expect_success 'push over smart http with auth' '
+ cd "$ROOT_PATH/test_repo_clone" &&
+ echo push-auth-test >expect &&
+ test_commit push-auth-test &&
+ set_askpass user@host &&
+ git push "$HTTPD_URL"/auth/smart/test_repo.git &&
+ git --git-dir="$HTTPD_DOCUMENT_ROOT_PATH/test_repo.git" \
+ log -1 --format=%s >actual &&
+ expect_askpass both user@host &&
+ test_cmp expect actual
+'
+
+test_expect_success 'push to auth-only-for-push repo' '
+ cd "$ROOT_PATH/test_repo_clone" &&
+ echo push-half-auth >expect &&
+ test_commit push-half-auth &&
+ set_askpass user@host &&
+ git push "$HTTPD_URL"/auth-push/smart/test_repo.git &&
+ git --git-dir="$HTTPD_DOCUMENT_ROOT_PATH/test_repo.git" \
+ log -1 --format=%s >actual &&
+ expect_askpass both user@host &&
+ test_cmp expect actual
+'
+
stop_httpd
test_done
diff --git a/t/t5550-http-fetch.sh b/t/t5550-http-fetch.sh
index b06f817af3..16ef0419e9 100755
--- a/t/t5550-http-fetch.sh
+++ b/t/t5550-http-fetch.sh
@@ -41,68 +41,34 @@ test_expect_success 'clone http repository' '
'
test_expect_success 'create password-protected repository' '
- mkdir "$HTTPD_DOCUMENT_ROOT_PATH/auth/" &&
+ mkdir -p "$HTTPD_DOCUMENT_ROOT_PATH/auth/dumb/" &&
cp -Rf "$HTTPD_DOCUMENT_ROOT_PATH/repo.git" \
- "$HTTPD_DOCUMENT_ROOT_PATH/auth/repo.git"
-'
-
-test_expect_success 'setup askpass helpers' '
- cat >askpass <<-EOF &&
- #!/bin/sh
- echo >>"$PWD/askpass-query" "askpass: \$*" &&
- cat "$PWD/askpass-response"
- EOF
- chmod +x askpass &&
- GIT_ASKPASS="$PWD/askpass" &&
- export GIT_ASKPASS
-'
-
-expect_askpass() {
- dest=$HTTPD_DEST
- {
- case "$1" in
- none)
- ;;
- pass)
- echo "askpass: Password for 'http://$2@$dest': "
- ;;
- both)
- echo "askpass: Username for 'http://$dest': "
- echo "askpass: Password for 'http://$2@$dest': "
- ;;
- *)
- false
- ;;
- esac
- } >askpass-expect &&
- test_cmp askpass-expect askpass-query
-}
+ "$HTTPD_DOCUMENT_ROOT_PATH/auth/dumb/repo.git"
+'
+
+setup_askpass_helper
test_expect_success 'cloning password-protected repository can fail' '
- >askpass-query &&
- echo wrong >askpass-response &&
- test_must_fail git clone "$HTTPD_URL/auth/repo.git" clone-auth-fail &&
+ set_askpass wrong &&
+ test_must_fail git clone "$HTTPD_URL/auth/dumb/repo.git" clone-auth-fail &&
expect_askpass both wrong
'
test_expect_success 'http auth can use user/pass in URL' '
- >askpass-query &&
- echo wrong >askpass-response &&
- git clone "$HTTPD_URL_USER_PASS/auth/repo.git" clone-auth-none &&
+ set_askpass wrong &&
+ git clone "$HTTPD_URL_USER_PASS/auth/dumb/repo.git" clone-auth-none &&
expect_askpass none
'
test_expect_success 'http auth can use just user in URL' '
- >askpass-query &&
- echo user@host >askpass-response &&
- git clone "$HTTPD_URL_USER/auth/repo.git" clone-auth-pass &&
+ set_askpass user@host &&
+ git clone "$HTTPD_URL_USER/auth/dumb/repo.git" clone-auth-pass &&
expect_askpass pass user@host
'
test_expect_success 'http auth can request both user and pass' '
- >askpass-query &&
- echo user@host >askpass-response &&
- git clone "$HTTPD_URL/auth/repo.git" clone-auth-both &&
+ set_askpass user@host &&
+ git clone "$HTTPD_URL/auth/dumb/repo.git" clone-auth-both &&
expect_askpass both user@host
'
@@ -112,25 +78,22 @@ test_expect_success 'http auth respects credential helper config' '
echo username=user@host
echo password=user@host
}; f" &&
- >askpass-query &&
- echo wrong >askpass-response &&
- git clone "$HTTPD_URL/auth/repo.git" clone-auth-helper &&
+ set_askpass wrong &&
+ git clone "$HTTPD_URL/auth/dumb/repo.git" clone-auth-helper &&
expect_askpass none
'
test_expect_success 'http auth can get username from config' '
test_config_global "credential.$HTTPD_URL.username" user@host &&
- >askpass-query &&
- echo user@host >askpass-response &&
- git clone "$HTTPD_URL/auth/repo.git" clone-auth-user &&
+ set_askpass user@host &&
+ git clone "$HTTPD_URL/auth/dumb/repo.git" clone-auth-user &&
expect_askpass pass user@host
'
test_expect_success 'configured username does not override URL' '
test_config_global "credential.$HTTPD_URL.username" wrong &&
- >askpass-query &&
- echo user@host >askpass-response &&
- git clone "$HTTPD_URL_USER/auth/repo.git" clone-auth-user2 &&
+ set_askpass user@host &&
+ git clone "$HTTPD_URL_USER/auth/dumb/repo.git" clone-auth-user2 &&
expect_askpass pass user@host
'
diff --git a/t/t5551-http-fetch.sh b/t/t5551-http-fetch.sh
index 91eaf53d1d..2db5c35641 100755
--- a/t/t5551-http-fetch.sh
+++ b/t/t5551-http-fetch.sh
@@ -27,6 +27,8 @@ test_expect_success 'create http-accessible bare repository' '
git push public master:master
'
+setup_askpass_helper
+
cat >exp <<EOF
> GET /smart/repo.git/info/refs?service=git-upload-pack HTTP/1.1
> Accept: */*
@@ -109,6 +111,24 @@ test_expect_success 'follow redirects (302)' '
git clone $HTTPD_URL/smart-redir-temp/repo.git --quiet repo-t
'
+test_expect_success 'clone from password-protected repository' '
+ echo two >expect &&
+ set_askpass user@host &&
+ git clone --bare "$HTTPD_URL/auth/smart/repo.git" smart-auth &&
+ expect_askpass both user@host &&
+ git --git-dir=smart-auth log -1 --format=%s >actual &&
+ test_cmp expect actual
+'
+
+test_expect_success 'clone from auth-only-for-push repository' '
+ echo two >expect &&
+ set_askpass wrong &&
+ git clone --bare "$HTTPD_URL/auth-push/smart/repo.git" smart-noauth &&
+ expect_askpass none &&
+ git --git-dir=smart-noauth log -1 --format=%s >actual &&
+ test_cmp expect actual
+'
+
test -n "$GIT_TEST_LONG" && test_set_prereq EXPENSIVE
test_expect_success EXPENSIVE 'create 50,000 tags in the repo' '