3 test_description
='test http auth header and credential helper interop'
6 .
"$TEST_DIRECTORY"/lib-httpd.sh
9 if ! test_have_prereq CGIPASSAUTH
11 skip_all
="no CGIPassAuth support"
16 test_expect_success
'setup_credential_helper' '
17 mkdir "$TRASH_DIRECTORY/bin" &&
18 PATH=$PATH:"$TRASH_DIRECTORY/bin" &&
21 CREDENTIAL_HELPER="$TRASH_DIRECTORY/bin/git-credential-test-helper" &&
22 write_script "$CREDENTIAL_HELPER" <<-\EOF
24 teefile=$cmd-query-temp.cred
25 catfile=$cmd-reply.cred
26 sed -n -e "/^$/q" -e "p" >>$teefile
27 state=$(sed -ne "s/^state\[\]=helper://p" "$teefile")
30 mv "$teefile" "$cmd-query.cred"
32 mv "$teefile" "$cmd-query-$state.cred"
33 catfile="$cmd-reply-$state.cred"
35 if test "$cmd" = "get"
42 set_credential_reply
() {
43 local suffix
="$(test -n "$2" && echo "-$2")"
44 cat >"$TRASH_DIRECTORY/$1-reply$suffix.cred"
47 expect_credential_query
() {
48 local suffix
="$(test -n "$2" && echo "-$2")"
49 cat >"$TRASH_DIRECTORY/$1-expect$suffix.cred" &&
50 test_cmp
"$TRASH_DIRECTORY/$1-expect$suffix.cred" \
51 "$TRASH_DIRECTORY/$1-query$suffix.cred"
56 rm -f "$HTTPD_ROOT_PATH"/custom-auth.valid \
57 "$HTTPD_ROOT_PATH"/custom-auth.challenge
60 test_expect_success
'setup repository' '
62 git init --bare "$HTTPD_DOCUMENT_ROOT_PATH/repo.git" &&
63 git push --mirror "$HTTPD_DOCUMENT_ROOT_PATH/repo.git"
66 test_expect_success
'access using basic auth' '
67 test_when_finished "per_test_cleanup" &&
69 set_credential_reply get <<-EOF &&
71 password=secret-passwd
74 # Basic base64(alice:secret-passwd)
75 cat >"$HTTPD_ROOT_PATH/custom-auth.valid" <<-EOF &&
76 id=1 creds=Basic YWxpY2U6c2VjcmV0LXBhc3N3ZA==
79 cat >"$HTTPD_ROOT_PATH/custom-auth.challenge" <<-EOF &&
81 id=default response=WWW-Authenticate: Basic realm="example.com"
84 test_config_global credential.helper test-helper &&
85 git ls-remote "$HTTPD_URL/custom_auth/repo.git" &&
87 expect_credential_query get <<-EOF &&
92 wwwauth[]=Basic realm="example.com"
95 expect_credential_query store <<-EOF
99 password=secret-passwd
103 test_expect_success
'access using basic auth via authtype' '
104 test_when_finished "per_test_cleanup" &&
106 set_credential_reply get <<-EOF &&
107 capability[]=authtype
109 credential=YWxpY2U6c2VjcmV0LXBhc3N3ZA==
112 # Basic base64(alice:secret-passwd)
113 cat >"$HTTPD_ROOT_PATH/custom-auth.valid" <<-EOF &&
114 id=1 creds=Basic YWxpY2U6c2VjcmV0LXBhc3N3ZA==
117 cat >"$HTTPD_ROOT_PATH/custom-auth.challenge" <<-EOF &&
119 id=default response=WWW-Authenticate: Basic realm="example.com"
122 test_config_global credential.helper test-helper &&
123 GIT_CURL_VERBOSE=1 git ls-remote "$HTTPD_URL/custom_auth/repo.git" &&
125 expect_credential_query get <<-EOF &&
126 capability[]=authtype
130 wwwauth[]=Basic realm="example.com"
133 expect_credential_query store <<-EOF
134 capability[]=authtype
136 credential=YWxpY2U6c2VjcmV0LXBhc3N3ZA==
142 test_expect_success
'access using basic auth invalid credentials' '
143 test_when_finished "per_test_cleanup" &&
145 set_credential_reply get <<-EOF &&
147 password=wrong-passwd
150 # Basic base64(alice:secret-passwd)
151 cat >"$HTTPD_ROOT_PATH/custom-auth.valid" <<-EOF &&
152 id=1 creds=Basic YWxpY2U6c2VjcmV0LXBhc3N3ZA==
155 cat >"$HTTPD_ROOT_PATH/custom-auth.challenge" <<-EOF &&
157 id=default response=WWW-Authenticate: Basic realm="example.com"
160 test_config_global credential.helper test-helper &&
161 test_must_fail git ls-remote "$HTTPD_URL/custom_auth/repo.git" &&
163 expect_credential_query get <<-EOF &&
164 capability[]=authtype
168 wwwauth[]=Basic realm="example.com"
171 expect_credential_query erase <<-EOF
175 password=wrong-passwd
176 wwwauth[]=Basic realm="example.com"
180 test_expect_success
'access using basic auth with extra challenges' '
181 test_when_finished "per_test_cleanup" &&
183 set_credential_reply get <<-EOF &&
185 password=secret-passwd
188 # Basic base64(alice:secret-passwd)
189 cat >"$HTTPD_ROOT_PATH/custom-auth.valid" <<-EOF &&
190 id=1 creds=Basic YWxpY2U6c2VjcmV0LXBhc3N3ZA==
193 cat >"$HTTPD_ROOT_PATH/custom-auth.challenge" <<-EOF &&
195 id=default response=WWW-Authenticate: FooBar param1="value1" param2="value2"
196 id=default response=WWW-Authenticate: Bearer authorize_uri="id.example.com" p=1 q=0
197 id=default response=WWW-Authenticate: Basic realm="example.com"
200 test_config_global credential.helper test-helper &&
201 git ls-remote "$HTTPD_URL/custom_auth/repo.git" &&
203 expect_credential_query get <<-EOF &&
204 capability[]=authtype
208 wwwauth[]=FooBar param1="value1" param2="value2"
209 wwwauth[]=Bearer authorize_uri="id.example.com" p=1 q=0
210 wwwauth[]=Basic realm="example.com"
213 expect_credential_query store <<-EOF
217 password=secret-passwd
221 test_expect_success
'access using basic auth mixed-case wwwauth header name' '
222 test_when_finished "per_test_cleanup" &&
224 set_credential_reply get <<-EOF &&
226 password=secret-passwd
229 # Basic base64(alice:secret-passwd)
230 cat >"$HTTPD_ROOT_PATH/custom-auth.valid" <<-EOF &&
231 id=1 creds=Basic YWxpY2U6c2VjcmV0LXBhc3N3ZA==
234 cat >"$HTTPD_ROOT_PATH/custom-auth.challenge" <<-EOF &&
236 id=default response=www-authenticate: foobar param1="value1" param2="value2"
237 id=default response=WWW-AUTHENTICATE: BEARER authorize_uri="id.example.com" p=1 q=0
238 id=default response=WwW-aUtHeNtIcAtE: baSiC realm="example.com"
241 test_config_global credential.helper test-helper &&
242 git ls-remote "$HTTPD_URL/custom_auth/repo.git" &&
244 expect_credential_query get <<-EOF &&
245 capability[]=authtype
249 wwwauth[]=foobar param1="value1" param2="value2"
250 wwwauth[]=BEARER authorize_uri="id.example.com" p=1 q=0
251 wwwauth[]=baSiC realm="example.com"
254 expect_credential_query store <<-EOF
258 password=secret-passwd
262 test_expect_success
'access using basic auth with wwwauth header continuations' '
263 test_when_finished "per_test_cleanup" &&
265 set_credential_reply get <<-EOF &&
267 password=secret-passwd
270 # Basic base64(alice:secret-passwd)
271 cat >"$HTTPD_ROOT_PATH/custom-auth.valid" <<-EOF &&
272 id=1 creds=Basic YWxpY2U6c2VjcmV0LXBhc3N3ZA==
275 # Note that leading and trailing whitespace is important to correctly
276 # simulate a continuation/folded header.
277 cat >"$HTTPD_ROOT_PATH/custom-auth.challenge" <<-EOF &&
279 id=default response=WWW-Authenticate: FooBar param1="value1"
280 id=default response= param2="value2"
281 id=default response=WWW-Authenticate: Bearer authorize_uri="id.example.com"
282 id=default response= p=1
283 id=default response= q=0
284 id=default response=WWW-Authenticate: Basic realm="example.com"
287 test_config_global credential.helper test-helper &&
288 git ls-remote "$HTTPD_URL/custom_auth/repo.git" &&
290 expect_credential_query get <<-EOF &&
291 capability[]=authtype
295 wwwauth[]=FooBar param1="value1" param2="value2"
296 wwwauth[]=Bearer authorize_uri="id.example.com" p=1 q=0
297 wwwauth[]=Basic realm="example.com"
300 expect_credential_query store <<-EOF
304 password=secret-passwd
308 test_expect_success
'access using basic auth with wwwauth header empty continuations' '
309 test_when_finished "per_test_cleanup" &&
311 set_credential_reply get <<-EOF &&
313 password=secret-passwd
316 # Basic base64(alice:secret-passwd)
317 cat >"$HTTPD_ROOT_PATH/custom-auth.valid" <<-EOF &&
318 id=1 creds=Basic YWxpY2U6c2VjcmV0LXBhc3N3ZA==
321 CHALLENGE="$HTTPD_ROOT_PATH/custom-auth.challenge" &&
323 # Note that leading and trailing whitespace is important to correctly
324 # simulate a continuation/folded header.
325 printf "id=1 status=200\n" >"$CHALLENGE" &&
326 printf "id=default response=WWW-Authenticate: FooBar param1=\"value1\"\r\n" >>"$CHALLENGE" &&
327 printf "id=default response= \r\n" >>"$CHALLENGE" &&
328 printf "id=default response= param2=\"value2\"\r\n" >>"$CHALLENGE" &&
329 printf "id=default response=WWW-Authenticate: Bearer authorize_uri=\"id.example.com\"\r\n" >>"$CHALLENGE" &&
330 printf "id=default response= p=1\r\n" >>"$CHALLENGE" &&
331 printf "id=default response= \r\n" >>"$CHALLENGE" &&
332 printf "id=default response= q=0\r\n" >>"$CHALLENGE" &&
333 printf "id=default response=WWW-Authenticate: Basic realm=\"example.com\"\r\n" >>"$CHALLENGE" &&
335 test_config_global credential.helper test-helper &&
336 git ls-remote "$HTTPD_URL/custom_auth/repo.git" &&
338 expect_credential_query get <<-EOF &&
339 capability[]=authtype
343 wwwauth[]=FooBar param1="value1" param2="value2"
344 wwwauth[]=Bearer authorize_uri="id.example.com" p=1 q=0
345 wwwauth[]=Basic realm="example.com"
348 expect_credential_query store <<-EOF
352 password=secret-passwd
356 test_expect_success
'access using basic auth with wwwauth header mixed line-endings' '
357 test_when_finished "per_test_cleanup" &&
359 set_credential_reply get <<-EOF &&
361 password=secret-passwd
364 # Basic base64(alice:secret-passwd)
365 cat >"$HTTPD_ROOT_PATH/custom-auth.valid" <<-EOF &&
366 id=1 creds=Basic YWxpY2U6c2VjcmV0LXBhc3N3ZA==
369 CHALLENGE="$HTTPD_ROOT_PATH/custom-auth.challenge" &&
371 # Note that leading and trailing whitespace is important to correctly
372 # simulate a continuation/folded header.
373 printf "id=1 status=200\n" >"$CHALLENGE" &&
374 printf "id=default response=WWW-Authenticate: FooBar param1=\"value1\"\r\n" >>"$CHALLENGE" &&
375 printf "id=default response= \r\n" >>"$CHALLENGE" &&
376 printf "id=default response=\tparam2=\"value2\"\r\n" >>"$CHALLENGE" &&
377 printf "id=default response=WWW-Authenticate: Basic realm=\"example.com\"" >>"$CHALLENGE" &&
379 test_config_global credential.helper test-helper &&
380 git ls-remote "$HTTPD_URL/custom_auth/repo.git" &&
382 expect_credential_query get <<-EOF &&
383 capability[]=authtype
387 wwwauth[]=FooBar param1="value1" param2="value2"
388 wwwauth[]=Basic realm="example.com"
391 expect_credential_query store <<-EOF
395 password=secret-passwd
399 test_expect_success
'access using bearer auth' '
400 test_when_finished "per_test_cleanup" &&
402 set_credential_reply get <<-EOF &&
403 capability[]=authtype
405 credential=YS1naXQtdG9rZW4=
408 # Basic base64(a-git-token)
409 cat >"$HTTPD_ROOT_PATH/custom-auth.valid" <<-EOF &&
410 id=1 creds=Bearer YS1naXQtdG9rZW4=
413 CHALLENGE="$HTTPD_ROOT_PATH/custom-auth.challenge" &&
415 cat >"$HTTPD_ROOT_PATH/custom-auth.challenge" <<-EOF &&
417 id=default response=WWW-Authenticate: FooBar param1="value1" param2="value2"
418 id=default response=WWW-Authenticate: Bearer authorize_uri="id.example.com" p=1 q=0
419 id=default response=WWW-Authenticate: Basic realm="example.com"
422 test_config_global credential.helper test-helper &&
423 git ls-remote "$HTTPD_URL/custom_auth/repo.git" &&
425 expect_credential_query get <<-EOF &&
426 capability[]=authtype
430 wwwauth[]=FooBar param1="value1" param2="value2"
431 wwwauth[]=Bearer authorize_uri="id.example.com" p=1 q=0
432 wwwauth[]=Basic realm="example.com"
435 expect_credential_query store <<-EOF
436 capability[]=authtype
438 credential=YS1naXQtdG9rZW4=
444 test_expect_success
'access using bearer auth with invalid credentials' '
445 test_when_finished "per_test_cleanup" &&
447 set_credential_reply get <<-EOF &&
448 capability[]=authtype
450 credential=incorrect-token
453 # Basic base64(a-git-token)
454 cat >"$HTTPD_ROOT_PATH/custom-auth.valid" <<-EOF &&
455 id=1 creds=Bearer YS1naXQtdG9rZW4=
458 CHALLENGE="$HTTPD_ROOT_PATH/custom-auth.challenge" &&
460 cat >"$HTTPD_ROOT_PATH/custom-auth.challenge" <<-EOF &&
462 id=default response=WWW-Authenticate: FooBar param1="value1" param2="value2"
463 id=default response=WWW-Authenticate: Bearer authorize_uri="id.example.com" p=1 q=0
464 id=default response=WWW-Authenticate: Basic realm="example.com"
467 test_config_global credential.helper test-helper &&
468 test_must_fail git ls-remote "$HTTPD_URL/custom_auth/repo.git" &&
470 expect_credential_query get <<-EOF &&
471 capability[]=authtype
475 wwwauth[]=FooBar param1="value1" param2="value2"
476 wwwauth[]=Bearer authorize_uri="id.example.com" p=1 q=0
477 wwwauth[]=Basic realm="example.com"
480 expect_credential_query erase <<-EOF
481 capability[]=authtype
483 credential=incorrect-token
486 wwwauth[]=FooBar param1="value1" param2="value2"
487 wwwauth[]=Bearer authorize_uri="id.example.com" p=1 q=0
488 wwwauth[]=Basic realm="example.com"
492 test_expect_success
'access using three-legged auth' '
493 test_when_finished "per_test_cleanup" &&
495 set_credential_reply get <<-EOF &&
496 capability[]=authtype
499 credential=YS1naXQtdG9rZW4=
500 state[]=helper:foobar
504 set_credential_reply get foobar <<-EOF &&
505 capability[]=authtype
508 credential=YW5vdGhlci10b2tlbg==
509 state[]=helper:bazquux
512 cat >"$HTTPD_ROOT_PATH/custom-auth.valid" <<-EOF &&
513 id=1 creds=Multistage YS1naXQtdG9rZW4=
514 id=2 creds=Multistage YW5vdGhlci10b2tlbg==
517 CHALLENGE="$HTTPD_ROOT_PATH/custom-auth.challenge" &&
519 cat >"$HTTPD_ROOT_PATH/custom-auth.challenge" <<-EOF &&
520 id=1 status=401 response=WWW-Authenticate: Multistage challenge="456"
521 id=1 status=401 response=WWW-Authenticate: Bearer authorize_uri="id.example.com" p=1 q=0
523 id=default response=WWW-Authenticate: Multistage challenge="123"
524 id=default response=WWW-Authenticate: Bearer authorize_uri="id.example.com" p=1 q=0
527 test_config_global credential.helper test-helper &&
528 git ls-remote "$HTTPD_URL/custom_auth/repo.git" &&
530 expect_credential_query get <<-EOF &&
531 capability[]=authtype
535 wwwauth[]=Multistage challenge="123"
536 wwwauth[]=Bearer authorize_uri="id.example.com" p=1 q=0
539 expect_credential_query get foobar <<-EOF &&
540 capability[]=authtype
545 wwwauth[]=Multistage challenge="456"
546 wwwauth[]=Bearer authorize_uri="id.example.com" p=1 q=0
547 state[]=helper:foobar
550 expect_credential_query store bazquux <<-EOF
551 capability[]=authtype
554 credential=YW5vdGhlci10b2tlbg==
557 state[]=helper:bazquux