1 # Shell library for testing credential handling including helpers. See t0302
2 # for an example of testing a specific helper.
4 # Try a set of credential helpers; the expected stdin,
5 # stdout and stderr should be provided on stdin,
12 credential_opts
="$credential_opts -c credential.helper='$arg'"
15 read_chunk
>expect-stdout
&&
16 read_chunk
>expect-stderr
&&
17 if ! eval "git $credential_opts credential $credential_cmd <stdin >stdout 2>stderr"; then
18 echo "git credential failed with code $?" &&
22 test_cmp expect-stdout stdout
&&
23 test_cmp expect-stderr stderr
35 # Clear any residual data from previous tests. We only
36 # need this when testing third-party helpers which read and
37 # write outside of our trash-directory sandbox.
39 # Don't bother checking for success here, as it is
40 # outside the scope of tests and represents a best effort to
41 # clean up after ourselves.
43 reject
$1 https example.com store-user
44 reject
$1 https example.com user1
45 reject
$1 https example.com user2
46 reject
$1 https example.com user-expiry
47 reject
$1 https example.com user-expiry-overwrite
48 reject
$1 https example.com user4
49 reject
$1 http path.tld user
50 reject
$1 https timeout.tld user
51 reject
$1 https sso.tld
59 ) | git
-c credential.helper
=$1 credential reject
65 test_expect_success
"helper ($HELPER) has no existing data" '
66 check fill $HELPER <<-\EOF
72 username=askpass-username
73 password=askpass-password
75 askpass: Username for '\''https://example.com'\'':
76 askpass: Password for '\''https://askpass-username@example.com'\'':
80 test_expect_success
"helper ($HELPER) stores password" '
81 check approve $HELPER <<-\EOF
89 test_expect_success
"helper ($HELPER) can retrieve password" '
90 check fill $HELPER <<-\EOF
102 test_expect_success
"helper ($HELPER) requires matching protocol" '
103 check fill $HELPER <<-\EOF
109 username=askpass-username
110 password=askpass-password
112 askpass: Username for '\''http://example.com'\'':
113 askpass: Password for '\''http://askpass-username@example.com'\'':
117 test_expect_success
"helper ($HELPER) requires matching host" '
118 check fill $HELPER <<-\EOF
124 username=askpass-username
125 password=askpass-password
127 askpass: Username for '\''https://other.tld'\'':
128 askpass: Password for '\''https://askpass-username@other.tld'\'':
132 test_expect_success
"helper ($HELPER) requires matching username" '
133 check fill $HELPER <<-\EOF
141 password=askpass-password
143 askpass: Password for '\''https://other@example.com'\'':
147 test_expect_success
"helper ($HELPER) requires matching path" '
148 test_config credential.usehttppath true &&
149 check approve $HELPER <<-\EOF &&
156 check fill $HELPER <<-\EOF
164 username=askpass-username
165 password=askpass-password
167 askpass: Username for '\''http://path.tld/bar.git'\'':
168 askpass: Password for '\''http://askpass-username@path.tld/bar.git'\'':
172 test_expect_success
"helper ($HELPER) can forget host" '
173 check reject $HELPER <<-\EOF &&
177 check fill $HELPER <<-\EOF
183 username=askpass-username
184 password=askpass-password
186 askpass: Username for '\''https://example.com'\'':
187 askpass: Password for '\''https://askpass-username@example.com'\'':
191 test_expect_success
"helper ($HELPER) can store multiple users" '
192 check approve $HELPER <<-\EOF &&
198 check approve $HELPER <<-\EOF &&
204 check fill $HELPER <<-\EOF &&
214 check fill $HELPER <<-\EOF
226 test_expect_success
"helper ($HELPER) can forget user" '
227 check reject $HELPER <<-\EOF &&
232 check fill $HELPER <<-\EOF
240 password=askpass-password
242 askpass: Password for '\''https://user1@example.com'\'':
246 test_expect_success
"helper ($HELPER) remembers other user" '
247 check fill $HELPER <<-\EOF
259 test_expect_success
"helper ($HELPER) can store empty username" '
260 check approve $HELPER <<-\EOF &&
266 check fill $HELPER <<-\EOF
277 : ${GIT_TEST_LONG_CRED_BUFFER:=1024}
278 # 23 bytes accounts for "wwwauth[]=basic realm=" plus NUL
279 LONG_VALUE_LEN
=$
((GIT_TEST_LONG_CRED_BUFFER
- 23))
280 LONG_VALUE
=$
(perl
-e 'print "a" x shift' $LONG_VALUE_LEN)
282 test_expect_success
"helper ($HELPER) not confused by long header" '
283 check approve $HELPER <<-\EOF &&
285 host=victim.example.com
287 password=to-be-stolen
290 check fill $HELPER <<-EOF
292 host=badguy.example.com
293 wwwauth[]=basic realm=${LONG_VALUE}host=victim.example.com
296 host=badguy.example.com
297 username=askpass-username
298 password=askpass-password
299 wwwauth[]=basic realm=${LONG_VALUE}host=victim.example.com
301 askpass: Username for '\''https://badguy.example.com'\'':
302 askpass: Password for '\''https://askpass-username@badguy.example.com'\'':
307 helper_test_timeout
() {
310 test_expect_success
"helper ($HELPER) times out" '
311 check approve "$HELPER" <<-\EOF &&
318 check fill "$HELPER" <<-\EOF
324 username=askpass-username
325 password=askpass-password
327 askpass: Username for '\''https://timeout.tld'\'':
328 askpass: Password for '\''https://askpass-username@timeout.tld'\'':
333 helper_test_password_expiry_utc
() {
336 test_expect_success
"helper ($HELPER) stores password_expiry_utc" '
337 check approve $HELPER <<-\EOF
342 password_expiry_utc=9999999999
346 test_expect_success
"helper ($HELPER) gets password_expiry_utc" '
347 check fill $HELPER <<-\EOF
356 password_expiry_utc=9999999999
361 test_expect_success
"helper ($HELPER) overwrites when password_expiry_utc changes" '
362 check approve $HELPER <<-\EOF &&
365 username=user-expiry-overwrite
367 password_expiry_utc=9999999998
369 check approve $HELPER <<-\EOF &&
372 username=user-expiry-overwrite
374 password_expiry_utc=9999999999
376 check fill $HELPER <<-\EOF &&
379 username=user-expiry-overwrite
383 username=user-expiry-overwrite
385 password_expiry_utc=9999999999
387 check reject $HELPER <<-\EOF &&
390 username=user-expiry-overwrite
393 check fill $HELPER <<-\EOF
396 username=user-expiry-overwrite
400 username=user-expiry-overwrite
401 password=askpass-password
403 askpass: Password for '\''https://user-expiry-overwrite@example.com'\'':
408 helper_test_oauth_refresh_token
() {
411 test_expect_success
"helper ($HELPER) stores oauth_refresh_token" '
412 check approve $HELPER <<-\EOF
417 oauth_refresh_token=xyzzy
421 test_expect_success
"helper ($HELPER) gets oauth_refresh_token" '
422 check fill $HELPER <<-\EOF
431 oauth_refresh_token=xyzzy
437 write_script askpass
<<\EOF
439 what
=$
(echo $1 | cut
-d" " -f1 |
tr A-Z a-z |
tr -cd a-z
)
442 GIT_ASKPASS
="$PWD/askpass"