From 0521710a8b9321751ca8768c3f7ea8895901e5c3 Mon Sep 17 00:00:00 2001 From: Jeff King Date: Tue, 13 Dec 2011 15:17:04 -0500 Subject: t5540: test DAV push with authentication We don't currently test this case at all, and instead just test the DAV mechanism over an unauthenticated push. That isn't very realistic, as most people will want to authenticate pushes. Two of the tests expect_failure as they reveal bugs: 1. Pushing without a username in the URL fails to ask for credentials when we get an HTTP 401. This has always been the case, but it would be nice if it worked like smart-http. 2. Pushing with a username fails to ask for the password since 986bbc0 (http: don't always prompt for password, 2011-11-04). This is a severe regression in v1.7.8, as authenticated push-over-DAV is now totally unusable unless you have credentials in your .netrc. Signed-off-by: Jeff King Signed-off-by: Junio C Hamano --- t/lib-httpd/apache.conf | 3 +++ t/t5540-http-push.sh | 34 ++++++++++++++++++++++++++++++++++ 2 files changed, 37 insertions(+) diff --git a/t/lib-httpd/apache.conf b/t/lib-httpd/apache.conf index 0a4cdfa93e..3c12b05d60 100644 --- a/t/lib-httpd/apache.conf +++ b/t/lib-httpd/apache.conf @@ -92,6 +92,9 @@ SSLEngine On Dav on + + Dav on + diff --git a/t/t5540-http-push.sh b/t/t5540-http-push.sh index 64767d8705..3300227796 100755 --- a/t/t5540-http-push.sh +++ b/t/t5540-http-push.sh @@ -40,6 +40,22 @@ test_expect_success 'setup remote repository' ' mv test_repo.git "$HTTPD_DOCUMENT_ROOT_PATH" ' +test_expect_success 'create password-protected repository' ' + mkdir -p "$HTTPD_DOCUMENT_ROOT_PATH/auth/dumb" && + cp -Rf "$HTTPD_DOCUMENT_ROOT_PATH/test_repo.git" \ + "$HTTPD_DOCUMENT_ROOT_PATH/auth/dumb/test_repo.git" +' + +test_expect_success 'setup askpass helper' ' + cat >askpass <<-\EOF && + #!/bin/sh + echo user@host + EOF + chmod +x askpass && + GIT_ASKPASS="$PWD/askpass" && + export GIT_ASKPASS +' + test_expect_success 'clone remote repository' ' cd "$ROOT_PATH" && git clone $HTTPD_URL/dumb/test_repo.git test_repo_clone @@ -144,6 +160,24 @@ test_expect_success 'PUT and MOVE sends object to URLs with SHA-1 hash suffix' ' test_http_push_nonff "$HTTPD_DOCUMENT_ROOT_PATH"/test_repo.git \ "$ROOT_PATH"/test_repo_clone master +test_expect_failure 'push to password-protected repository (user in URL)' ' + test_commit pw-user && + git push "$HTTPD_URL_USER/auth/dumb/test_repo.git" HEAD && + git rev-parse --verify HEAD >expect && + git --git-dir="$HTTPD_DOCUMENT_ROOT_PATH/auth/dumb/test_repo.git" \ + rev-parse --verify HEAD >actual && + test_cmp expect actual +' + +test_expect_failure 'push to password-protected repository (no user in URL)' ' + test_commit pw-nouser && + git push "$HTTPD_URL/auth/dumb/test_repo.git" HEAD && + git rev-parse --verify HEAD >expect && + git --git-dir="$HTTPD_DOCUMENT_ROOT_PATH/auth/dumb/test_repo.git" \ + rev-parse --verify HEAD >actual && + test_cmp expect actual +' + stop_httpd test_done -- cgit v1.2.3 From a4ddbc33d7906f0e10c68c140a9a1003d9715a77 Mon Sep 17 00:00:00 2001 From: Jeff King Date: Tue, 13 Dec 2011 19:11:56 -0500 Subject: http-push: enable "proactive auth" Before commit 986bbc08, git was proactive about asking for http passwords. It assumed that if you had a username in your URL, you would also want a password, and asked for it before making any http requests. However, this could interfere with the use of .netrc (see 986bbc08 for details). And it was also unnecessary, since the http fetching code had learned to recognize an HTTP 401 and prompt the user then. Furthermore, the proactive prompt could interfere with the usage of .netrc (see 986bbc08 for details). Unfortunately, the http push-over-DAV code never learned to recognize HTTP 401, and so was broken by this change. This patch does a quick fix of re-enabling the "proactive auth" strategy only for http-push, leaving the dumb http fetch and smart-http as-is. Signed-off-by: Jeff King Signed-off-by: Junio C Hamano --- http-fetch.c | 2 +- http-push.c | 2 +- http.c | 8 +++++++- http.h | 3 ++- remote-curl.c | 2 +- t/t5540-http-push.sh | 2 +- 6 files changed, 13 insertions(+), 6 deletions(-) diff --git a/http-fetch.c b/http-fetch.c index 69299b7bd2..94d47cbb28 100644 --- a/http-fetch.c +++ b/http-fetch.c @@ -67,7 +67,7 @@ int main(int argc, const char **argv) git_config(git_default_config, NULL); - http_init(NULL, url); + http_init(NULL, url, 0); walker = get_http_walker(url); walker->get_tree = get_tree; walker->get_history = get_history; diff --git a/http-push.c b/http-push.c index edd553b7f6..cdfdd4f791 100644 --- a/http-push.c +++ b/http-push.c @@ -1820,7 +1820,7 @@ int main(int argc, char **argv) memset(remote_dir_exists, -1, 256); - http_init(NULL, repo->url); + http_init(NULL, repo->url, 1); #ifdef USE_CURL_MULTI is_running_queue = 0; diff --git a/http.c b/http.c index e6c75976e8..7e454f7787 100644 --- a/http.c +++ b/http.c @@ -43,6 +43,7 @@ static int curl_ftp_no_epsv; static const char *curl_http_proxy; static const char *curl_cookie_file; static char *user_name, *user_pass, *description; +static int http_proactive_auth; static const char *user_agent; #if LIBCURL_VERSION_NUM >= 0x071700 @@ -279,6 +280,9 @@ static CURL *get_curl_handle(void) curl_easy_setopt(result, CURLOPT_HTTPAUTH, CURLAUTH_ANY); #endif + if (http_proactive_auth) + init_curl_http_auth(result); + if (ssl_cert != NULL) curl_easy_setopt(result, CURLOPT_SSLCERT, ssl_cert); if (has_cert_password()) @@ -367,7 +371,7 @@ static void set_from_env(const char **var, const char *envname) *var = val; } -void http_init(struct remote *remote, const char *url) +void http_init(struct remote *remote, const char *url, int proactive_auth) { char *low_speed_limit; char *low_speed_time; @@ -378,6 +382,8 @@ void http_init(struct remote *remote, const char *url) curl_global_init(CURL_GLOBAL_ALL); + http_proactive_auth = proactive_auth; + if (remote && remote->http_proxy) curl_http_proxy = xstrdup(remote->http_proxy); diff --git a/http.h b/http.h index 3c332a98e9..51f6ba73ba 100644 --- a/http.h +++ b/http.h @@ -86,7 +86,8 @@ extern void add_fill_function(void *data, int (*fill)(void *)); extern void step_active_slots(void); #endif -extern void http_init(struct remote *remote, const char *url); +extern void http_init(struct remote *remote, const char *url, + int proactive_auth); extern void http_cleanup(void); extern int data_received; diff --git a/remote-curl.c b/remote-curl.c index 0e720ee8bb..0757b19a80 100644 --- a/remote-curl.c +++ b/remote-curl.c @@ -859,7 +859,7 @@ int main(int argc, const char **argv) url = strbuf_detach(&buf, NULL); - http_init(remote, url); + http_init(remote, url, 0); do { if (strbuf_getline(&buf, stdin, '\n') == EOF) { diff --git a/t/t5540-http-push.sh b/t/t5540-http-push.sh index 3300227796..1eea647656 100755 --- a/t/t5540-http-push.sh +++ b/t/t5540-http-push.sh @@ -160,7 +160,7 @@ test_expect_success 'PUT and MOVE sends object to URLs with SHA-1 hash suffix' ' test_http_push_nonff "$HTTPD_DOCUMENT_ROOT_PATH"/test_repo.git \ "$ROOT_PATH"/test_repo_clone master -test_expect_failure 'push to password-protected repository (user in URL)' ' +test_expect_success 'push to password-protected repository (user in URL)' ' test_commit pw-user && git push "$HTTPD_URL_USER/auth/dumb/test_repo.git" HEAD && git rev-parse --verify HEAD >expect && -- cgit v1.2.3