From 05b577107dda131d46f93aa9bb7817c80bc30ee9 Mon Sep 17 00:00:00 2001 From: Jeff King Date: Mon, 27 Aug 2012 09:24:42 -0400 Subject: t/lib-httpd: only route auth/dumb to dumb repos Our test apache config points all of auth/ directly to the on-disk repositories via an Alias directive. This works fine because everything authenticated is currently in auth/dumb, which is a subset. However, this would conflict with a ScriptAlias for auth/smart (which will come in future patches), so let's narrow the Alias. Signed-off-by: Jeff King Signed-off-by: Junio C Hamano --- t/lib-httpd/apache.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 't/lib-httpd') diff --git a/t/lib-httpd/apache.conf b/t/lib-httpd/apache.conf index de3762e247..b183e3513a 100644 --- a/t/lib-httpd/apache.conf +++ b/t/lib-httpd/apache.conf @@ -43,7 +43,7 @@ ErrorLog error.log Alias /dumb/ www/ -Alias /auth/ www/auth/ +Alias /auth/dumb/ www/auth/dumb/ SetEnv GIT_EXEC_PATH ${GIT_EXEC_PATH} -- cgit v1.2.3 From 666aae9aed5a29019d2cd696d4258750c0dc96c7 Mon Sep 17 00:00:00 2001 From: Jeff King Date: Mon, 27 Aug 2012 09:25:21 -0400 Subject: t/lib-httpd: recognize */smart/* repos as smart-http We do not currently test authentication for smart-http repos at all. Part of the infrastructure to do this is recognizing that auth/smart is indeed a smart-http repo. The current apache config recognizes only "^/smart/*" as smart-http. Let's instead treat anything with /smart/ in the URL as smart-http. This is obviously a stupid thing to do for a real production site, but for our test suite we know that our repositories will not have this magic string in the name. Note that we will route /foo/smart/bar.git directly to git-http-backend/bar.git; in other words, everything before the "/smart/" is irrelevant to finding the repo on disk (but may impact apache config, for example by triggering auth checks). Signed-off-by: Jeff King Signed-off-by: Junio C Hamano --- t/lib-httpd/apache.conf | 16 +++++++--------- 1 file changed, 7 insertions(+), 9 deletions(-) (limited to 't/lib-httpd') diff --git a/t/lib-httpd/apache.conf b/t/lib-httpd/apache.conf index b183e3513a..616486f9ea 100644 --- a/t/lib-httpd/apache.conf +++ b/t/lib-httpd/apache.conf @@ -45,22 +45,20 @@ ErrorLog error.log Alias /dumb/ www/ Alias /auth/dumb/ www/auth/dumb/ - + SetEnv GIT_EXEC_PATH ${GIT_EXEC_PATH} SetEnv GIT_HTTP_EXPORT_ALL - - + + SetEnv GIT_EXEC_PATH ${GIT_EXEC_PATH} - - + + SetEnv GIT_EXEC_PATH ${GIT_EXEC_PATH} SetEnv GIT_HTTP_EXPORT_ALL SetEnv GIT_COMMITTER_NAME "Custom User" SetEnv GIT_COMMITTER_EMAIL custom@example.com - -ScriptAlias /smart/ ${GIT_EXEC_PATH}/git-http-backend/ -ScriptAlias /smart_noexport/ ${GIT_EXEC_PATH}/git-http-backend/ -ScriptAlias /smart_custom_env/ ${GIT_EXEC_PATH}/git-http-backend/ + +ScriptAliasMatch /smart_*[^/]*/(.*) ${GIT_EXEC_PATH}/git-http-backend/$1 Options None -- cgit v1.2.3 From 4c71009da60baee436358e84ff1057cd1c80e776 Mon Sep 17 00:00:00 2001 From: Jeff King Date: Mon, 27 Aug 2012 09:25:53 -0400 Subject: t: test http access to "half-auth" repositories Some sites set up http access to repositories such that fetching is anonymous and unauthenticated, but pushing is authenticated. While there are multiple ways to do this, the technique advertised in the git-http-backend manpage is to block access to locations matching "/git-receive-pack$". Let's emulate that advice in our test setup, which makes it clear that this advice does not actually work. Signed-off-by: Jeff King Signed-off-by: Junio C Hamano --- t/lib-httpd/apache.conf | 7 +++++++ 1 file changed, 7 insertions(+) (limited to 't/lib-httpd') diff --git a/t/lib-httpd/apache.conf b/t/lib-httpd/apache.conf index 616486f9ea..ec8618dfde 100644 --- a/t/lib-httpd/apache.conf +++ b/t/lib-httpd/apache.conf @@ -89,6 +89,13 @@ SSLEngine On Require valid-user + + AuthType Basic + AuthName "git-auth" + AuthUserFile passwd + Require valid-user + + LoadModule dav_module modules/mod_dav.so LoadModule dav_fs_module modules/mod_dav_fs.so -- cgit v1.2.3