From 726800a8b3bf3702490a79f0205e33b2a0dbbb64 Mon Sep 17 00:00:00 2001 From: Jeff King Date: Mon, 27 Aug 2012 09:23:37 -0400 Subject: t5550: put auth-required repo in auth/dumb In most of our tests, we put repos to be accessed by dumb protocols in /dumb, and repos to be accessed by smart protocols in /smart. In our test apache setup, the whole /auth hierarchy requires authentication. However, we don't bother to split it by smart and dumb here because we are not currently testing smart-http authentication at all. That will change in future patches, so let's be explicit that we are interested in testing dumb access here. This also happens to match what t5540 does for the push tests. Signed-off-by: Jeff King Signed-off-by: Junio C Hamano --- t/t5550-http-fetch.sh | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) (limited to 't') diff --git a/t/t5550-http-fetch.sh b/t/t5550-http-fetch.sh index b06f817af3..5ad21233e1 100755 --- a/t/t5550-http-fetch.sh +++ b/t/t5550-http-fetch.sh @@ -41,9 +41,9 @@ test_expect_success 'clone http repository' ' ' test_expect_success 'create password-protected repository' ' - mkdir "$HTTPD_DOCUMENT_ROOT_PATH/auth/" && + mkdir -p "$HTTPD_DOCUMENT_ROOT_PATH/auth/dumb/" && cp -Rf "$HTTPD_DOCUMENT_ROOT_PATH/repo.git" \ - "$HTTPD_DOCUMENT_ROOT_PATH/auth/repo.git" + "$HTTPD_DOCUMENT_ROOT_PATH/auth/dumb/repo.git" ' test_expect_success 'setup askpass helpers' ' @@ -81,28 +81,28 @@ expect_askpass() { test_expect_success 'cloning password-protected repository can fail' ' >askpass-query && echo wrong >askpass-response && - test_must_fail git clone "$HTTPD_URL/auth/repo.git" clone-auth-fail && + test_must_fail git clone "$HTTPD_URL/auth/dumb/repo.git" clone-auth-fail && expect_askpass both wrong ' test_expect_success 'http auth can use user/pass in URL' ' >askpass-query && echo wrong >askpass-response && - git clone "$HTTPD_URL_USER_PASS/auth/repo.git" clone-auth-none && + git clone "$HTTPD_URL_USER_PASS/auth/dumb/repo.git" clone-auth-none && expect_askpass none ' test_expect_success 'http auth can use just user in URL' ' >askpass-query && echo user@host >askpass-response && - git clone "$HTTPD_URL_USER/auth/repo.git" clone-auth-pass && + git clone "$HTTPD_URL_USER/auth/dumb/repo.git" clone-auth-pass && expect_askpass pass user@host ' test_expect_success 'http auth can request both user and pass' ' >askpass-query && echo user@host >askpass-response && - git clone "$HTTPD_URL/auth/repo.git" clone-auth-both && + git clone "$HTTPD_URL/auth/dumb/repo.git" clone-auth-both && expect_askpass both user@host ' @@ -114,7 +114,7 @@ test_expect_success 'http auth respects credential helper config' ' }; f" && >askpass-query && echo wrong >askpass-response && - git clone "$HTTPD_URL/auth/repo.git" clone-auth-helper && + git clone "$HTTPD_URL/auth/dumb/repo.git" clone-auth-helper && expect_askpass none ' @@ -122,7 +122,7 @@ test_expect_success 'http auth can get username from config' ' test_config_global "credential.$HTTPD_URL.username" user@host && >askpass-query && echo user@host >askpass-response && - git clone "$HTTPD_URL/auth/repo.git" clone-auth-user && + git clone "$HTTPD_URL/auth/dumb/repo.git" clone-auth-user && expect_askpass pass user@host ' @@ -130,7 +130,7 @@ test_expect_success 'configured username does not override URL' ' test_config_global "credential.$HTTPD_URL.username" wrong && >askpass-query && echo user@host >askpass-response && - git clone "$HTTPD_URL_USER/auth/repo.git" clone-auth-user2 && + git clone "$HTTPD_URL_USER/auth/dumb/repo.git" clone-auth-user2 && expect_askpass pass user@host ' -- cgit v1.2.3 From e837936c7c08ac5829bc53761ecb57d18d458edd Mon Sep 17 00:00:00 2001 From: Jeff King Date: Mon, 27 Aug 2012 09:24:31 -0400 Subject: t5550: factor out http auth setup The t5550 script sets up a nice askpass helper for simulating user input and checking what git prompted for. Let's make it available to other http scripts by migrating it to lib-httpd. We can use this immediately in t5540 to make our tests more robust (previously, we did not check at all that hitting the password-protected repo actually involved a password). Unfortunately, we end up failing the test because the current code erroneously prompts twice (once for git-remote-http, and then again when the former spawns git-http-push). More importantly, though, it will let us easily add smart-http authentication tests in t5541 and t5551; we currently do not test smart-http authentication at all. As part of making it generic, let's always look for and store auxiliary askpass files at the top-level trash directory; this makes it compatible with t5540, which runs some tests from sub-repositories. We can abstract away the ugliness with a short helper function. Signed-off-by: Jeff King Signed-off-by: Junio C Hamano --- t/lib-httpd.sh | 39 +++++++++++++++++++++++++++++++++++++ t/t5540-http-push.sh | 17 ++++++++--------- t/t5550-http-fetch.sh | 53 ++++++++------------------------------------------- 3 files changed, 55 insertions(+), 54 deletions(-) (limited to 't') diff --git a/t/lib-httpd.sh b/t/lib-httpd.sh index 094d490893..0f31ef9be4 100644 --- a/t/lib-httpd.sh +++ b/t/lib-httpd.sh @@ -163,3 +163,42 @@ test_http_push_nonff() { test_i18ngrep "Updates were rejected because" output ' } + +setup_askpass_helper() { + test_expect_success 'setup askpass helper' ' + write_script "$TRASH_DIRECTORY/askpass" <<-\EOF && + echo >>"$TRASH_DIRECTORY/askpass-query" "askpass: $*" && + cat "$TRASH_DIRECTORY/askpass-response" + EOF + GIT_ASKPASS="$TRASH_DIRECTORY/askpass" && + export GIT_ASKPASS && + export TRASH_DIRECTORY + ' +} + +set_askpass() { + >"$TRASH_DIRECTORY/askpass-query" && + echo "$*" >"$TRASH_DIRECTORY/askpass-response" +} + +expect_askpass() { + dest=$HTTPD_DEST + { + case "$1" in + none) + ;; + pass) + echo "askpass: Password for 'http://$2@$dest': " + ;; + both) + echo "askpass: Username for 'http://$dest': " + echo "askpass: Password for 'http://$2@$dest': " + ;; + *) + false + ;; + esac + } >"$TRASH_DIRECTORY/askpass-expect" && + test_cmp "$TRASH_DIRECTORY/askpass-expect" \ + "$TRASH_DIRECTORY/askpass-query" +} diff --git a/t/t5540-http-push.sh b/t/t5540-http-push.sh index 1eea647656..f141f2d1da 100755 --- a/t/t5540-http-push.sh +++ b/t/t5540-http-push.sh @@ -46,15 +46,7 @@ test_expect_success 'create password-protected repository' ' "$HTTPD_DOCUMENT_ROOT_PATH/auth/dumb/test_repo.git" ' -test_expect_success 'setup askpass helper' ' - cat >askpass <<-\EOF && - #!/bin/sh - echo user@host - EOF - chmod +x askpass && - GIT_ASKPASS="$PWD/askpass" && - export GIT_ASKPASS -' +setup_askpass_helper test_expect_success 'clone remote repository' ' cd "$ROOT_PATH" && @@ -162,6 +154,7 @@ test_http_push_nonff "$HTTPD_DOCUMENT_ROOT_PATH"/test_repo.git \ test_expect_success 'push to password-protected repository (user in URL)' ' test_commit pw-user && + set_askpass user@host && git push "$HTTPD_URL_USER/auth/dumb/test_repo.git" HEAD && git rev-parse --verify HEAD >expect && git --git-dir="$HTTPD_DOCUMENT_ROOT_PATH/auth/dumb/test_repo.git" \ @@ -169,9 +162,15 @@ test_expect_success 'push to password-protected repository (user in URL)' ' test_cmp expect actual ' +test_expect_failure 'user was prompted only once for password' ' + expect_askpass pass user@host +' + test_expect_failure 'push to password-protected repository (no user in URL)' ' test_commit pw-nouser && + set_askpass user@host && git push "$HTTPD_URL/auth/dumb/test_repo.git" HEAD && + expect_askpass both user@host git rev-parse --verify HEAD >expect && git --git-dir="$HTTPD_DOCUMENT_ROOT_PATH/auth/dumb/test_repo.git" \ rev-parse --verify HEAD >actual && diff --git a/t/t5550-http-fetch.sh b/t/t5550-http-fetch.sh index 5ad21233e1..16ef0419e9 100755 --- a/t/t5550-http-fetch.sh +++ b/t/t5550-http-fetch.sh @@ -46,62 +46,28 @@ test_expect_success 'create password-protected repository' ' "$HTTPD_DOCUMENT_ROOT_PATH/auth/dumb/repo.git" ' -test_expect_success 'setup askpass helpers' ' - cat >askpass <<-EOF && - #!/bin/sh - echo >>"$PWD/askpass-query" "askpass: \$*" && - cat "$PWD/askpass-response" - EOF - chmod +x askpass && - GIT_ASKPASS="$PWD/askpass" && - export GIT_ASKPASS -' - -expect_askpass() { - dest=$HTTPD_DEST - { - case "$1" in - none) - ;; - pass) - echo "askpass: Password for 'http://$2@$dest': " - ;; - both) - echo "askpass: Username for 'http://$dest': " - echo "askpass: Password for 'http://$2@$dest': " - ;; - *) - false - ;; - esac - } >askpass-expect && - test_cmp askpass-expect askpass-query -} +setup_askpass_helper test_expect_success 'cloning password-protected repository can fail' ' - >askpass-query && - echo wrong >askpass-response && + set_askpass wrong && test_must_fail git clone "$HTTPD_URL/auth/dumb/repo.git" clone-auth-fail && expect_askpass both wrong ' test_expect_success 'http auth can use user/pass in URL' ' - >askpass-query && - echo wrong >askpass-response && + set_askpass wrong && git clone "$HTTPD_URL_USER_PASS/auth/dumb/repo.git" clone-auth-none && expect_askpass none ' test_expect_success 'http auth can use just user in URL' ' - >askpass-query && - echo user@host >askpass-response && + set_askpass user@host && git clone "$HTTPD_URL_USER/auth/dumb/repo.git" clone-auth-pass && expect_askpass pass user@host ' test_expect_success 'http auth can request both user and pass' ' - >askpass-query && - echo user@host >askpass-response && + set_askpass user@host && git clone "$HTTPD_URL/auth/dumb/repo.git" clone-auth-both && expect_askpass both user@host ' @@ -112,24 +78,21 @@ test_expect_success 'http auth respects credential helper config' ' echo username=user@host echo password=user@host }; f" && - >askpass-query && - echo wrong >askpass-response && + set_askpass wrong && git clone "$HTTPD_URL/auth/dumb/repo.git" clone-auth-helper && expect_askpass none ' test_expect_success 'http auth can get username from config' ' test_config_global "credential.$HTTPD_URL.username" user@host && - >askpass-query && - echo user@host >askpass-response && + set_askpass user@host && git clone "$HTTPD_URL/auth/dumb/repo.git" clone-auth-user && expect_askpass pass user@host ' test_expect_success 'configured username does not override URL' ' test_config_global "credential.$HTTPD_URL.username" wrong && - >askpass-query && - echo user@host >askpass-response && + set_askpass user@host && git clone "$HTTPD_URL_USER/auth/dumb/repo.git" clone-auth-user2 && expect_askpass pass user@host ' -- cgit v1.2.3 From 05b577107dda131d46f93aa9bb7817c80bc30ee9 Mon Sep 17 00:00:00 2001 From: Jeff King Date: Mon, 27 Aug 2012 09:24:42 -0400 Subject: t/lib-httpd: only route auth/dumb to dumb repos Our test apache config points all of auth/ directly to the on-disk repositories via an Alias directive. This works fine because everything authenticated is currently in auth/dumb, which is a subset. However, this would conflict with a ScriptAlias for auth/smart (which will come in future patches), so let's narrow the Alias. Signed-off-by: Jeff King Signed-off-by: Junio C Hamano --- t/lib-httpd/apache.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 't') diff --git a/t/lib-httpd/apache.conf b/t/lib-httpd/apache.conf index de3762e247..b183e3513a 100644 --- a/t/lib-httpd/apache.conf +++ b/t/lib-httpd/apache.conf @@ -43,7 +43,7 @@ ErrorLog error.log Alias /dumb/ www/ -Alias /auth/ www/auth/ +Alias /auth/dumb/ www/auth/dumb/ SetEnv GIT_EXEC_PATH ${GIT_EXEC_PATH} -- cgit v1.2.3 From 666aae9aed5a29019d2cd696d4258750c0dc96c7 Mon Sep 17 00:00:00 2001 From: Jeff King Date: Mon, 27 Aug 2012 09:25:21 -0400 Subject: t/lib-httpd: recognize */smart/* repos as smart-http We do not currently test authentication for smart-http repos at all. Part of the infrastructure to do this is recognizing that auth/smart is indeed a smart-http repo. The current apache config recognizes only "^/smart/*" as smart-http. Let's instead treat anything with /smart/ in the URL as smart-http. This is obviously a stupid thing to do for a real production site, but for our test suite we know that our repositories will not have this magic string in the name. Note that we will route /foo/smart/bar.git directly to git-http-backend/bar.git; in other words, everything before the "/smart/" is irrelevant to finding the repo on disk (but may impact apache config, for example by triggering auth checks). Signed-off-by: Jeff King Signed-off-by: Junio C Hamano --- t/lib-httpd/apache.conf | 16 +++++++--------- 1 file changed, 7 insertions(+), 9 deletions(-) (limited to 't') diff --git a/t/lib-httpd/apache.conf b/t/lib-httpd/apache.conf index b183e3513a..616486f9ea 100644 --- a/t/lib-httpd/apache.conf +++ b/t/lib-httpd/apache.conf @@ -45,22 +45,20 @@ ErrorLog error.log Alias /dumb/ www/ Alias /auth/dumb/ www/auth/dumb/ - + SetEnv GIT_EXEC_PATH ${GIT_EXEC_PATH} SetEnv GIT_HTTP_EXPORT_ALL - - + + SetEnv GIT_EXEC_PATH ${GIT_EXEC_PATH} - - + + SetEnv GIT_EXEC_PATH ${GIT_EXEC_PATH} SetEnv GIT_HTTP_EXPORT_ALL SetEnv GIT_COMMITTER_NAME "Custom User" SetEnv GIT_COMMITTER_EMAIL custom@example.com - -ScriptAlias /smart/ ${GIT_EXEC_PATH}/git-http-backend/ -ScriptAlias /smart_noexport/ ${GIT_EXEC_PATH}/git-http-backend/ -ScriptAlias /smart_custom_env/ ${GIT_EXEC_PATH}/git-http-backend/ + +ScriptAliasMatch /smart_*[^/]*/(.*) ${GIT_EXEC_PATH}/git-http-backend/$1 Options None -- cgit v1.2.3 From 6ac2b3aeb9900a8fb0cd3fd9be0bff00eb3a4b5b Mon Sep 17 00:00:00 2001 From: Jeff King Date: Mon, 27 Aug 2012 09:25:36 -0400 Subject: t: test basic smart-http authentication We do not currently test authentication over smart-http at all. In theory, it should work exactly as it does for dumb http (which we do test). It does indeed work for these simple tests, but this patch lays the groundwork for more complex tests in future patches. Signed-off-by: Jeff King Signed-off-by: Junio C Hamano --- t/t5541-http-push.sh | 14 ++++++++++++++ t/t5551-http-fetch.sh | 11 +++++++++++ 2 files changed, 25 insertions(+) (limited to 't') diff --git a/t/t5541-http-push.sh b/t/t5541-http-push.sh index 312e484090..eeb993203f 100755 --- a/t/t5541-http-push.sh +++ b/t/t5541-http-push.sh @@ -36,6 +36,8 @@ test_expect_success 'setup remote repository' ' mv test_repo.git "$HTTPD_DOCUMENT_ROOT_PATH" ' +setup_askpass_helper + cat >exp <expect && + test_commit push-auth-test && + set_askpass user@host && + git push "$HTTPD_URL"/auth/smart/test_repo.git && + git --git-dir="$HTTPD_DOCUMENT_ROOT_PATH/test_repo.git" \ + log -1 --format=%s >actual && + expect_askpass both user@host && + test_cmp expect actual +' + stop_httpd test_done diff --git a/t/t5551-http-fetch.sh b/t/t5551-http-fetch.sh index be6094be77..342d6af861 100755 --- a/t/t5551-http-fetch.sh +++ b/t/t5551-http-fetch.sh @@ -27,6 +27,8 @@ test_expect_success 'create http-accessible bare repository' ' git push public master:master ' +setup_askpass_helper + cat >exp < GET /smart/repo.git/info/refs?service=git-upload-pack HTTP/1.1 > Accept: */* @@ -109,6 +111,15 @@ test_expect_success 'follow redirects (302)' ' git clone $HTTPD_URL/smart-redir-temp/repo.git --quiet repo-t ' +test_expect_success 'clone from password-protected repository' ' + echo two >expect && + set_askpass user@host && + git clone --bare "$HTTPD_URL/auth/smart/repo.git" smart-auth && + expect_askpass both user@host && + git --git-dir=smart-auth log -1 --format=%s >actual && + test_cmp expect actual +' + test -n "$GIT_TEST_LONG" && test_set_prereq EXPENSIVE test_expect_success EXPENSIVE 'create 50,000 tags in the repo' ' -- cgit v1.2.3 From 4c71009da60baee436358e84ff1057cd1c80e776 Mon Sep 17 00:00:00 2001 From: Jeff King Date: Mon, 27 Aug 2012 09:25:53 -0400 Subject: t: test http access to "half-auth" repositories Some sites set up http access to repositories such that fetching is anonymous and unauthenticated, but pushing is authenticated. While there are multiple ways to do this, the technique advertised in the git-http-backend manpage is to block access to locations matching "/git-receive-pack$". Let's emulate that advice in our test setup, which makes it clear that this advice does not actually work. Signed-off-by: Jeff King Signed-off-by: Junio C Hamano --- t/lib-httpd/apache.conf | 7 +++++++ t/t5541-http-push.sh | 12 ++++++++++++ t/t5551-http-fetch.sh | 9 +++++++++ 3 files changed, 28 insertions(+) (limited to 't') diff --git a/t/lib-httpd/apache.conf b/t/lib-httpd/apache.conf index 616486f9ea..ec8618dfde 100644 --- a/t/lib-httpd/apache.conf +++ b/t/lib-httpd/apache.conf @@ -89,6 +89,13 @@ SSLEngine On Require valid-user + + AuthType Basic + AuthName "git-auth" + AuthUserFile passwd + Require valid-user + + LoadModule dav_module modules/mod_dav.so LoadModule dav_fs_module modules/mod_dav_fs.so diff --git a/t/t5541-http-push.sh b/t/t5541-http-push.sh index eeb993203f..9b1cd603c6 100755 --- a/t/t5541-http-push.sh +++ b/t/t5541-http-push.sh @@ -280,5 +280,17 @@ test_expect_success 'push over smart http with auth' ' test_cmp expect actual ' +test_expect_failure 'push to auth-only-for-push repo' ' + cd "$ROOT_PATH/test_repo_clone" && + echo push-half-auth >expect && + test_commit push-half-auth && + set_askpass user@host && + git push "$HTTPD_URL"/auth-push/smart/test_repo.git && + git --git-dir="$HTTPD_DOCUMENT_ROOT_PATH/test_repo.git" \ + log -1 --format=%s >actual && + expect_askpass both user@host && + test_cmp expect actual +' + stop_httpd test_done diff --git a/t/t5551-http-fetch.sh b/t/t5551-http-fetch.sh index 342d6af861..7380f2a2dd 100755 --- a/t/t5551-http-fetch.sh +++ b/t/t5551-http-fetch.sh @@ -120,6 +120,15 @@ test_expect_success 'clone from password-protected repository' ' test_cmp expect actual ' +test_expect_success 'clone from auth-only-for-push repository' ' + echo two >expect && + set_askpass wrong && + git clone --bare "$HTTPD_URL/auth-push/smart/repo.git" smart-noauth && + expect_askpass none && + git --git-dir=smart-noauth log -1 --format=%s >actual && + test_cmp expect actual +' + test -n "$GIT_TEST_LONG" && test_set_prereq EXPENSIVE test_expect_success EXPENSIVE 'create 50,000 tags in the repo' ' -- cgit v1.2.3 From b81401c1de0e0fec39f8643ce7a794fda083f7a1 Mon Sep 17 00:00:00 2001 From: Jeff King Date: Mon, 27 Aug 2012 09:27:15 -0400 Subject: http: prompt for credentials on failed POST All of the smart-http GET requests go through the http_get_* functions, which will prompt for credentials and retry if we see an HTTP 401. POST requests, however, do not go through any central point. Moreover, it is difficult to retry in the general case; we cannot assume the request body fits in memory or is even seekable, and we don't know how much of it was consumed during the attempt. Most of the time, this is not a big deal; for both fetching and pushing, we make a GET request before doing any POSTs, so typically we figure out the credentials during the first request, then reuse them during the POST. However, some servers may allow a client to get the list of refs from receive-pack without authentication, and then require authentication when the client actually tries to POST the pack. This is not ideal, as the client may do a non-trivial amount of work to generate the pack (e.g., delta-compressing objects). However, for a long time it has been the recommended example configuration in git-http-backend(1) for setting up a repository with anonymous fetch and authenticated push. This setup has always been broken without putting a username into the URL. Prior to commit 986bbc0, it did work with a username in the URL, because git would prompt for credentials before making any requests at all. However, post-986bbc0, it is totally broken. Since it has been advertised in the manpage for some time, we should make sure it works. Unfortunately, it is not as easy as simply calling post_rpc again when it fails, due to the input issue mentioned above. However, we can still make this specific case work by retrying in two specific instances: 1. If the request is large (bigger than LARGE_PACKET_MAX), we will first send a probe request with a single flush packet. Since this request is static, we can freely retry it. 2. If the request is small and we are not using gzip, then we have the whole thing in-core, and we can freely retry. That means we will not retry in some instances, including: 1. If we are using gzip. However, we only do so when calling git-upload-pack, so it does not apply to pushes. 2. If we have a large request, the probe succeeds, but then the real POST wants authentication. This is an extremely unlikely configuration and not worth worrying about. While it might be nice to cover those instances, doing so would be significantly more complex for very little real-world gain. In the long run, we will be much better off when curl learns to internally handle authentication as a callback, and we can cleanly handle all cases that way. Signed-off-by: Jeff King Signed-off-by: Junio C Hamano --- t/t5541-http-push.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 't') diff --git a/t/t5541-http-push.sh b/t/t5541-http-push.sh index 9b1cd603c6..ef6d6b6e4e 100755 --- a/t/t5541-http-push.sh +++ b/t/t5541-http-push.sh @@ -280,7 +280,7 @@ test_expect_success 'push over smart http with auth' ' test_cmp expect actual ' -test_expect_failure 'push to auth-only-for-push repo' ' +test_expect_success 'push to auth-only-for-push repo' ' cd "$ROOT_PATH/test_repo_clone" && echo push-half-auth >expect && test_commit push-half-auth && -- cgit v1.2.3