t/t5563-simple-http-auth.sh

   1 #!/bin/sh
   2
   3 test_description='test http auth header and credential helper interop'
   4
   5 . ./test-lib.sh
   6 . "$TEST_DIRECTORY"/lib-httpd.sh
   7
   8 start_httpd
   9
  10 test_expect_success 'setup_credential_helper' '
  11         mkdir "$TRASH_DIRECTORY/bin" &&
  12         PATH=$PATH:"$TRASH_DIRECTORY/bin" &&
  13         export PATH &&
  14
  15         CREDENTIAL_HELPER="$TRASH_DIRECTORY/bin/git-credential-test-helper" &&
  16         write_script "$CREDENTIAL_HELPER" <<-\EOF
  17         cmd=$1
  18         teefile=$cmd-query.cred
  19         catfile=$cmd-reply.cred
  20         sed -n -e "/^$/q" -e "p" >>$teefile
  21         if test "$cmd" = "get"
  22         then
  23                 cat $catfile
  24         fi
  25         EOF
  26 '
  27
  28 set_credential_reply () {
  29         cat >"$TRASH_DIRECTORY/$1-reply.cred"
  30 }
  31
  32 expect_credential_query () {
  33         cat >"$TRASH_DIRECTORY/$1-expect.cred" &&
  34         test_cmp "$TRASH_DIRECTORY/$1-expect.cred" \
  35                  "$TRASH_DIRECTORY/$1-query.cred"
  36 }
  37
  38 per_test_cleanup () {
  39         rm -f *.cred &&
  40         rm -f "$HTTPD_ROOT_PATH"/custom-auth.valid \
  41               "$HTTPD_ROOT_PATH"/custom-auth.challenge
  42 }
  43
  44 test_expect_success 'setup repository' '
  45         test_commit foo &&
  46         git init --bare "$HTTPD_DOCUMENT_ROOT_PATH/repo.git" &&
  47         git push --mirror "$HTTPD_DOCUMENT_ROOT_PATH/repo.git"
  48 '
  49
  50 test_expect_success 'access using basic auth' '
  51         test_when_finished "per_test_cleanup" &&
  52
  53         set_credential_reply get <<-EOF &&
  54         username=alice
  55         password=secret-passwd
  56         EOF
  57
  58         # Basic base64(alice:secret-passwd)
  59         cat >"$HTTPD_ROOT_PATH/custom-auth.valid" <<-EOF &&
  60         Basic YWxpY2U6c2VjcmV0LXBhc3N3ZA==
  61         EOF
  62
  63         cat >"$HTTPD_ROOT_PATH/custom-auth.challenge" <<-EOF &&
  64         WWW-Authenticate: Basic realm="example.com"
  65         EOF
  66
  67         test_config_global credential.helper test-helper &&
  68         git ls-remote "$HTTPD_URL/custom_auth/repo.git" &&
  69
  70         expect_credential_query get <<-EOF &&
  71         protocol=http
  72         host=$HTTPD_DEST
  73         wwwauth[]=Basic realm="example.com"
  74         EOF
  75
  76         expect_credential_query store <<-EOF
  77         protocol=http
  78         host=$HTTPD_DEST
  79         username=alice
  80         password=secret-passwd
  81         EOF
  82 '
  83
  84 test_expect_success 'access using basic auth invalid credentials' '
  85         test_when_finished "per_test_cleanup" &&
  86
  87         set_credential_reply get <<-EOF &&
  88         username=baduser
  89         password=wrong-passwd
  90         EOF
  91
  92         # Basic base64(alice:secret-passwd)
  93         cat >"$HTTPD_ROOT_PATH/custom-auth.valid" <<-EOF &&
  94         Basic YWxpY2U6c2VjcmV0LXBhc3N3ZA==
  95         EOF
  96
  97         cat >"$HTTPD_ROOT_PATH/custom-auth.challenge" <<-EOF &&
  98         WWW-Authenticate: Basic realm="example.com"
  99         EOF
 100
 101         test_config_global credential.helper test-helper &&
 102         test_must_fail git ls-remote "$HTTPD_URL/custom_auth/repo.git" &&
 103
 104         expect_credential_query get <<-EOF &&
 105         protocol=http
 106         host=$HTTPD_DEST
 107         wwwauth[]=Basic realm="example.com"
 108         EOF
 109
 110         expect_credential_query erase <<-EOF
 111         protocol=http
 112         host=$HTTPD_DEST
 113         username=baduser
 114         password=wrong-passwd
 115         wwwauth[]=Basic realm="example.com"
 116         EOF
 117 '
 118
 119 test_expect_success 'access using basic auth with extra challenges' '
 120         test_when_finished "per_test_cleanup" &&
 121
 122         set_credential_reply get <<-EOF &&
 123         username=alice
 124         password=secret-passwd
 125         EOF
 126
 127         # Basic base64(alice:secret-passwd)
 128         cat >"$HTTPD_ROOT_PATH/custom-auth.valid" <<-EOF &&
 129         Basic YWxpY2U6c2VjcmV0LXBhc3N3ZA==
 130         EOF
 131
 132         cat >"$HTTPD_ROOT_PATH/custom-auth.challenge" <<-EOF &&
 133         WWW-Authenticate: FooBar param1="value1" param2="value2"
 134         WWW-Authenticate: Bearer authorize_uri="id.example.com" p=1 q=0
 135         WWW-Authenticate: Basic realm="example.com"
 136         EOF
 137
 138         test_config_global credential.helper test-helper &&
 139         git ls-remote "$HTTPD_URL/custom_auth/repo.git" &&
 140
 141         expect_credential_query get <<-EOF &&
 142         protocol=http
 143         host=$HTTPD_DEST
 144         wwwauth[]=FooBar param1="value1" param2="value2"
 145         wwwauth[]=Bearer authorize_uri="id.example.com" p=1 q=0
 146         wwwauth[]=Basic realm="example.com"
 147         EOF
 148
 149         expect_credential_query store <<-EOF
 150         protocol=http
 151         host=$HTTPD_DEST
 152         username=alice
 153         password=secret-passwd
 154         EOF
 155 '
 156
 157 test_expect_success 'access using basic auth mixed-case wwwauth header name' '
 158         test_when_finished "per_test_cleanup" &&
 159
 160         set_credential_reply get <<-EOF &&
 161         username=alice
 162         password=secret-passwd
 163         EOF
 164
 165         # Basic base64(alice:secret-passwd)
 166         cat >"$HTTPD_ROOT_PATH/custom-auth.valid" <<-EOF &&
 167         Basic YWxpY2U6c2VjcmV0LXBhc3N3ZA==
 168         EOF
 169
 170         cat >"$HTTPD_ROOT_PATH/custom-auth.challenge" <<-EOF &&
 171         www-authenticate: foobar param1="value1" param2="value2"
 172         WWW-AUTHENTICATE: BEARER authorize_uri="id.example.com" p=1 q=0
 173         WwW-aUtHeNtIcAtE: baSiC realm="example.com"
 174         EOF
 175
 176         test_config_global credential.helper test-helper &&
 177         git ls-remote "$HTTPD_URL/custom_auth/repo.git" &&
 178
 179         expect_credential_query get <<-EOF &&
 180         protocol=http
 181         host=$HTTPD_DEST
 182         wwwauth[]=foobar param1="value1" param2="value2"
 183         wwwauth[]=BEARER authorize_uri="id.example.com" p=1 q=0
 184         wwwauth[]=baSiC realm="example.com"
 185         EOF
 186
 187         expect_credential_query store <<-EOF
 188         protocol=http
 189         host=$HTTPD_DEST
 190         username=alice
 191         password=secret-passwd
 192         EOF
 193 '
 194
 195 test_expect_success 'access using basic auth with wwwauth header continuations' '
 196         test_when_finished "per_test_cleanup" &&
 197
 198         set_credential_reply get <<-EOF &&
 199         username=alice
 200         password=secret-passwd
 201         EOF
 202
 203         # Basic base64(alice:secret-passwd)
 204         cat >"$HTTPD_ROOT_PATH/custom-auth.valid" <<-EOF &&
 205         Basic YWxpY2U6c2VjcmV0LXBhc3N3ZA==
 206         EOF
 207
 208         # Note that leading and trailing whitespace is important to correctly
 209         # simulate a continuation/folded header.
 210         cat >"$HTTPD_ROOT_PATH/custom-auth.challenge" <<-EOF &&
 211         WWW-Authenticate: FooBar param1="value1"
 212          param2="value2"
 213         WWW-Authenticate: Bearer authorize_uri="id.example.com"
 214          p=1
 215          q=0
 216         WWW-Authenticate: Basic realm="example.com"
 217         EOF
 218
 219         test_config_global credential.helper test-helper &&
 220         git ls-remote "$HTTPD_URL/custom_auth/repo.git" &&
 221
 222         expect_credential_query get <<-EOF &&
 223         protocol=http
 224         host=$HTTPD_DEST
 225         wwwauth[]=FooBar param1="value1" param2="value2"
 226         wwwauth[]=Bearer authorize_uri="id.example.com" p=1 q=0
 227         wwwauth[]=Basic realm="example.com"
 228         EOF
 229
 230         expect_credential_query store <<-EOF
 231         protocol=http
 232         host=$HTTPD_DEST
 233         username=alice
 234         password=secret-passwd
 235         EOF
 236 '
 237
 238 test_expect_success 'access using basic auth with wwwauth header empty continuations' '
 239         test_when_finished "per_test_cleanup" &&
 240
 241         set_credential_reply get <<-EOF &&
 242         username=alice
 243         password=secret-passwd
 244         EOF
 245
 246         # Basic base64(alice:secret-passwd)
 247         cat >"$HTTPD_ROOT_PATH/custom-auth.valid" <<-EOF &&
 248         Basic YWxpY2U6c2VjcmV0LXBhc3N3ZA==
 249         EOF
 250
 251         CHALLENGE="$HTTPD_ROOT_PATH/custom-auth.challenge" &&
 252
 253         # Note that leading and trailing whitespace is important to correctly
 254         # simulate a continuation/folded header.
 255         printf "">$CHALLENGE &&
 256         printf "WWW-Authenticate: FooBar param1=\"value1\"\r\n" >$CHALLENGE &&
 257         printf " \r\n" >>$CHALLENGE &&
 258         printf " param2=\"value2\"\r\n" >>$CHALLENGE &&
 259         printf "WWW-Authenticate: Bearer authorize_uri=\"id.example.com\"\r\n" >>$CHALLENGE &&
 260         printf " p=1\r\n" >>$CHALLENGE &&
 261         printf " \r\n" >>$CHALLENGE &&
 262         printf " q=0\r\n" >>$CHALLENGE &&
 263         printf "WWW-Authenticate: Basic realm=\"example.com\"\r\n" >>$CHALLENGE &&
 264
 265         test_config_global credential.helper test-helper &&
 266         git ls-remote "$HTTPD_URL/custom_auth/repo.git" &&
 267
 268         expect_credential_query get <<-EOF &&
 269         protocol=http
 270         host=$HTTPD_DEST
 271         wwwauth[]=FooBar param1="value1" param2="value2"
 272         wwwauth[]=Bearer authorize_uri="id.example.com" p=1 q=0
 273         wwwauth[]=Basic realm="example.com"
 274         EOF
 275
 276         expect_credential_query store <<-EOF
 277         protocol=http
 278         host=$HTTPD_DEST
 279         username=alice
 280         password=secret-passwd
 281         EOF
 282 '
 283
 284 test_expect_success 'access using basic auth with wwwauth header mixed line-endings' '
 285         test_when_finished "per_test_cleanup" &&
 286
 287         set_credential_reply get <<-EOF &&
 288         username=alice
 289         password=secret-passwd
 290         EOF
 291
 292         # Basic base64(alice:secret-passwd)
 293         cat >"$HTTPD_ROOT_PATH/custom-auth.valid" <<-EOF &&
 294         Basic YWxpY2U6c2VjcmV0LXBhc3N3ZA==
 295         EOF
 296
 297         CHALLENGE="$HTTPD_ROOT_PATH/custom-auth.challenge" &&
 298
 299         # Note that leading and trailing whitespace is important to correctly
 300         # simulate a continuation/folded header.
 301         printf "">$CHALLENGE &&
 302         printf "WWW-Authenticate: FooBar param1=\"value1\"\r\n" >$CHALLENGE &&
 303         printf " \r\n" >>$CHALLENGE &&
 304         printf "\tparam2=\"value2\"\r\n" >>$CHALLENGE &&
 305         printf "WWW-Authenticate: Basic realm=\"example.com\"" >>$CHALLENGE &&
 306
 307         test_config_global credential.helper test-helper &&
 308         git ls-remote "$HTTPD_URL/custom_auth/repo.git" &&
 309
 310         expect_credential_query get <<-EOF &&
 311         protocol=http
 312         host=$HTTPD_DEST
 313         wwwauth[]=FooBar param1="value1" param2="value2"
 314         wwwauth[]=Basic realm="example.com"
 315         EOF
 316
 317         expect_credential_query store <<-EOF
 318         protocol=http
 319         host=$HTTPD_DEST
 320         username=alice
 321         password=secret-passwd
 322         EOF
 323 '
 324
 325 test_done