diff options
| -rw-r--r-- | Documentation/RelNotes/2.32.0.txt | 5 | ||||
| -rw-r--r-- | http.c | 15 | ||||
| -rwxr-xr-x | t/t5551-http-fetch-smart.sh | 41 |
3 files changed, 48 insertions, 13 deletions
diff --git a/Documentation/RelNotes/2.32.0.txt b/Documentation/RelNotes/2.32.0.txt index 22f8859b40..ed590a7b56 100644 --- a/Documentation/RelNotes/2.32.0.txt +++ b/Documentation/RelNotes/2.32.0.txt @@ -47,11 +47,6 @@ UI, Workflows & Features tweak both the message and the contents, and only the message, respectively. - * When accessing a server with a URL like https://user:pass@site/, we - did not to fall back to the basic authentication with the - credential material embedded in the URL after the "Negotiate" - authentication failed. Now we do. - * "git send-email" learned to honor the core.hooksPath configuration. * "git format-patch -v<n>" learned to allow a reroll count that is @@ -1650,18 +1650,17 @@ static int handle_curl_result(struct slot_results *results) } else if (missing_target(results)) return HTTP_MISSING_TARGET; else if (results->http_code == 401) { -#ifdef LIBCURL_CAN_HANDLE_AUTH_ANY - http_auth_methods &= ~CURLAUTH_GSSNEGOTIATE; - if (results->auth_avail) { - http_auth_methods &= results->auth_avail; - http_auth_methods_restricted = 1; - return HTTP_REAUTH; - } -#endif if (http_auth.username && http_auth.password) { credential_reject(&http_auth); return HTTP_NOAUTH; } else { +#ifdef LIBCURL_CAN_HANDLE_AUTH_ANY + http_auth_methods &= ~CURLAUTH_GSSNEGOTIATE; + if (results->auth_avail) { + http_auth_methods &= results->auth_avail; + http_auth_methods_restricted = 1; + } +#endif return HTTP_REAUTH; } } else { diff --git a/t/t5551-http-fetch-smart.sh b/t/t5551-http-fetch-smart.sh index 984dba22af..4f87d90c5b 100755 --- a/t/t5551-http-fetch-smart.sh +++ b/t/t5551-http-fetch-smart.sh @@ -517,4 +517,45 @@ test_expect_success 'server-side error detected' ' test_i18ngrep "server-side error" actual ' +test_expect_success 'http auth remembers successful credentials' ' + rm -f .git-credentials && + test_config credential.helper store && + + # the first request prompts the user... + set_askpass user@host pass@host && + git ls-remote "$HTTPD_URL/auth/smart/repo.git" >/dev/null && + expect_askpass both user@host && + + # ...and the second one uses the stored value rather than + # prompting the user. + set_askpass bogus-user bogus-pass && + git ls-remote "$HTTPD_URL/auth/smart/repo.git" >/dev/null && + expect_askpass none +' + +test_expect_success 'http auth forgets bogus credentials' ' + # seed credential store with bogus values. In real life, + # this would probably come from a password which worked + # for a previous request. + rm -f .git-credentials && + test_config credential.helper store && + { + echo "url=$HTTPD_URL" && + echo "username=bogus" && + echo "password=bogus" + } | git credential approve && + + # we expect this to use the bogus values and fail, never even + # prompting the user... + set_askpass user@host pass@host && + test_must_fail git ls-remote "$HTTPD_URL/auth/smart/repo.git" >/dev/null && + expect_askpass none && + + # ...but now we should have forgotten the bad value, causing + # us to prompt the user again. + set_askpass user@host pass@host && + git ls-remote "$HTTPD_URL/auth/smart/repo.git" >/dev/null && + expect_askpass both user@host +' + test_done |