t/t5563-simple-http-auth.sh

   1 #!/bin/sh
   2
   3 test_description='test http auth header and credential helper interop'
   4
   5 . ./test-lib.sh
   6 . "$TEST_DIRECTORY"/lib-httpd.sh
   7
   8 enable_cgipassauth
   9 if ! test_have_prereq CGIPASSAUTH
  10 then
  11         skip_all="no CGIPassAuth support"
  12         test_done
  13 fi
  14 start_httpd
  15
  16 test_expect_success 'setup_credential_helper' '
  17         mkdir "$TRASH_DIRECTORY/bin" &&
  18         PATH=$PATH:"$TRASH_DIRECTORY/bin" &&
  19         export PATH &&
  20
  21         CREDENTIAL_HELPER="$TRASH_DIRECTORY/bin/git-credential-test-helper" &&
  22         write_script "$CREDENTIAL_HELPER" <<-\EOF
  23         cmd=$1
  24         teefile=$cmd-query.cred
  25         catfile=$cmd-reply.cred
  26         sed -n -e "/^$/q" -e "p" >>$teefile
  27         if test "$cmd" = "get"
  28         then
  29                 cat $catfile
  30         fi
  31         EOF
  32 '
  33
  34 set_credential_reply () {
  35         cat >"$TRASH_DIRECTORY/$1-reply.cred"
  36 }
  37
  38 expect_credential_query () {
  39         cat >"$TRASH_DIRECTORY/$1-expect.cred" &&
  40         test_cmp "$TRASH_DIRECTORY/$1-expect.cred" \
  41                  "$TRASH_DIRECTORY/$1-query.cred"
  42 }
  43
  44 per_test_cleanup () {
  45         rm -f *.cred &&
  46         rm -f "$HTTPD_ROOT_PATH"/custom-auth.valid \
  47               "$HTTPD_ROOT_PATH"/custom-auth.challenge
  48 }
  49
  50 test_expect_success 'setup repository' '
  51         test_commit foo &&
  52         git init --bare "$HTTPD_DOCUMENT_ROOT_PATH/repo.git" &&
  53         git push --mirror "$HTTPD_DOCUMENT_ROOT_PATH/repo.git"
  54 '
  55
  56 test_expect_success 'access using basic auth' '
  57         test_when_finished "per_test_cleanup" &&
  58
  59         set_credential_reply get <<-EOF &&
  60         username=alice
  61         password=secret-passwd
  62         EOF
  63
  64         # Basic base64(alice:secret-passwd)
  65         cat >"$HTTPD_ROOT_PATH/custom-auth.valid" <<-EOF &&
  66         Basic YWxpY2U6c2VjcmV0LXBhc3N3ZA==
  67         EOF
  68
  69         cat >"$HTTPD_ROOT_PATH/custom-auth.challenge" <<-EOF &&
  70         WWW-Authenticate: Basic realm="example.com"
  71         EOF
  72
  73         test_config_global credential.helper test-helper &&
  74         git ls-remote "$HTTPD_URL/custom_auth/repo.git" &&
  75
  76         expect_credential_query get <<-EOF &&
  77         protocol=http
  78         host=$HTTPD_DEST
  79         wwwauth[]=Basic realm="example.com"
  80         EOF
  81
  82         expect_credential_query store <<-EOF
  83         protocol=http
  84         host=$HTTPD_DEST
  85         username=alice
  86         password=secret-passwd
  87         EOF
  88 '
  89
  90 test_expect_success 'access using basic auth invalid credentials' '
  91         test_when_finished "per_test_cleanup" &&
  92
  93         set_credential_reply get <<-EOF &&
  94         username=baduser
  95         password=wrong-passwd
  96         EOF
  97
  98         # Basic base64(alice:secret-passwd)
  99         cat >"$HTTPD_ROOT_PATH/custom-auth.valid" <<-EOF &&
 100         Basic YWxpY2U6c2VjcmV0LXBhc3N3ZA==
 101         EOF
 102
 103         cat >"$HTTPD_ROOT_PATH/custom-auth.challenge" <<-EOF &&
 104         WWW-Authenticate: Basic realm="example.com"
 105         EOF
 106
 107         test_config_global credential.helper test-helper &&
 108         test_must_fail git ls-remote "$HTTPD_URL/custom_auth/repo.git" &&
 109
 110         expect_credential_query get <<-EOF &&
 111         protocol=http
 112         host=$HTTPD_DEST
 113         wwwauth[]=Basic realm="example.com"
 114         EOF
 115
 116         expect_credential_query erase <<-EOF
 117         protocol=http
 118         host=$HTTPD_DEST
 119         username=baduser
 120         password=wrong-passwd
 121         wwwauth[]=Basic realm="example.com"
 122         EOF
 123 '
 124
 125 test_expect_success 'access using basic auth with extra challenges' '
 126         test_when_finished "per_test_cleanup" &&
 127
 128         set_credential_reply get <<-EOF &&
 129         username=alice
 130         password=secret-passwd
 131         EOF
 132
 133         # Basic base64(alice:secret-passwd)
 134         cat >"$HTTPD_ROOT_PATH/custom-auth.valid" <<-EOF &&
 135         Basic YWxpY2U6c2VjcmV0LXBhc3N3ZA==
 136         EOF
 137
 138         cat >"$HTTPD_ROOT_PATH/custom-auth.challenge" <<-EOF &&
 139         WWW-Authenticate: FooBar param1="value1" param2="value2"
 140         WWW-Authenticate: Bearer authorize_uri="id.example.com" p=1 q=0
 141         WWW-Authenticate: Basic realm="example.com"
 142         EOF
 143
 144         test_config_global credential.helper test-helper &&
 145         git ls-remote "$HTTPD_URL/custom_auth/repo.git" &&
 146
 147         expect_credential_query get <<-EOF &&
 148         protocol=http
 149         host=$HTTPD_DEST
 150         wwwauth[]=FooBar param1="value1" param2="value2"
 151         wwwauth[]=Bearer authorize_uri="id.example.com" p=1 q=0
 152         wwwauth[]=Basic realm="example.com"
 153         EOF
 154
 155         expect_credential_query store <<-EOF
 156         protocol=http
 157         host=$HTTPD_DEST
 158         username=alice
 159         password=secret-passwd
 160         EOF
 161 '
 162
 163 test_expect_success 'access using basic auth mixed-case wwwauth header name' '
 164         test_when_finished "per_test_cleanup" &&
 165
 166         set_credential_reply get <<-EOF &&
 167         username=alice
 168         password=secret-passwd
 169         EOF
 170
 171         # Basic base64(alice:secret-passwd)
 172         cat >"$HTTPD_ROOT_PATH/custom-auth.valid" <<-EOF &&
 173         Basic YWxpY2U6c2VjcmV0LXBhc3N3ZA==
 174         EOF
 175
 176         cat >"$HTTPD_ROOT_PATH/custom-auth.challenge" <<-EOF &&
 177         www-authenticate: foobar param1="value1" param2="value2"
 178         WWW-AUTHENTICATE: BEARER authorize_uri="id.example.com" p=1 q=0
 179         WwW-aUtHeNtIcAtE: baSiC realm="example.com"
 180         EOF
 181
 182         test_config_global credential.helper test-helper &&
 183         git ls-remote "$HTTPD_URL/custom_auth/repo.git" &&
 184
 185         expect_credential_query get <<-EOF &&
 186         protocol=http
 187         host=$HTTPD_DEST
 188         wwwauth[]=foobar param1="value1" param2="value2"
 189         wwwauth[]=BEARER authorize_uri="id.example.com" p=1 q=0
 190         wwwauth[]=baSiC realm="example.com"
 191         EOF
 192
 193         expect_credential_query store <<-EOF
 194         protocol=http
 195         host=$HTTPD_DEST
 196         username=alice
 197         password=secret-passwd
 198         EOF
 199 '
 200
 201 test_expect_success 'access using basic auth with wwwauth header continuations' '
 202         test_when_finished "per_test_cleanup" &&
 203
 204         set_credential_reply get <<-EOF &&
 205         username=alice
 206         password=secret-passwd
 207         EOF
 208
 209         # Basic base64(alice:secret-passwd)
 210         cat >"$HTTPD_ROOT_PATH/custom-auth.valid" <<-EOF &&
 211         Basic YWxpY2U6c2VjcmV0LXBhc3N3ZA==
 212         EOF
 213
 214         # Note that leading and trailing whitespace is important to correctly
 215         # simulate a continuation/folded header.
 216         cat >"$HTTPD_ROOT_PATH/custom-auth.challenge" <<-EOF &&
 217         WWW-Authenticate: FooBar param1="value1"
 218          param2="value2"
 219         WWW-Authenticate: Bearer authorize_uri="id.example.com"
 220          p=1
 221          q=0
 222         WWW-Authenticate: Basic realm="example.com"
 223         EOF
 224
 225         test_config_global credential.helper test-helper &&
 226         git ls-remote "$HTTPD_URL/custom_auth/repo.git" &&
 227
 228         expect_credential_query get <<-EOF &&
 229         protocol=http
 230         host=$HTTPD_DEST
 231         wwwauth[]=FooBar param1="value1" param2="value2"
 232         wwwauth[]=Bearer authorize_uri="id.example.com" p=1 q=0
 233         wwwauth[]=Basic realm="example.com"
 234         EOF
 235
 236         expect_credential_query store <<-EOF
 237         protocol=http
 238         host=$HTTPD_DEST
 239         username=alice
 240         password=secret-passwd
 241         EOF
 242 '
 243
 244 test_expect_success 'access using basic auth with wwwauth header empty continuations' '
 245         test_when_finished "per_test_cleanup" &&
 246
 247         set_credential_reply get <<-EOF &&
 248         username=alice
 249         password=secret-passwd
 250         EOF
 251
 252         # Basic base64(alice:secret-passwd)
 253         cat >"$HTTPD_ROOT_PATH/custom-auth.valid" <<-EOF &&
 254         Basic YWxpY2U6c2VjcmV0LXBhc3N3ZA==
 255         EOF
 256
 257         CHALLENGE="$HTTPD_ROOT_PATH/custom-auth.challenge" &&
 258
 259         # Note that leading and trailing whitespace is important to correctly
 260         # simulate a continuation/folded header.
 261         printf "WWW-Authenticate: FooBar param1=\"value1\"\r\n" >"$CHALLENGE" &&
 262         printf " \r\n" >>"$CHALLENGE" &&
 263         printf " param2=\"value2\"\r\n" >>"$CHALLENGE" &&
 264         printf "WWW-Authenticate: Bearer authorize_uri=\"id.example.com\"\r\n" >>"$CHALLENGE" &&
 265         printf " p=1\r\n" >>"$CHALLENGE" &&
 266         printf " \r\n" >>"$CHALLENGE" &&
 267         printf " q=0\r\n" >>"$CHALLENGE" &&
 268         printf "WWW-Authenticate: Basic realm=\"example.com\"\r\n" >>"$CHALLENGE" &&
 269
 270         test_config_global credential.helper test-helper &&
 271         git ls-remote "$HTTPD_URL/custom_auth/repo.git" &&
 272
 273         expect_credential_query get <<-EOF &&
 274         protocol=http
 275         host=$HTTPD_DEST
 276         wwwauth[]=FooBar param1="value1" param2="value2"
 277         wwwauth[]=Bearer authorize_uri="id.example.com" p=1 q=0
 278         wwwauth[]=Basic realm="example.com"
 279         EOF
 280
 281         expect_credential_query store <<-EOF
 282         protocol=http
 283         host=$HTTPD_DEST
 284         username=alice
 285         password=secret-passwd
 286         EOF
 287 '
 288
 289 test_expect_success 'access using basic auth with wwwauth header mixed line-endings' '
 290         test_when_finished "per_test_cleanup" &&
 291
 292         set_credential_reply get <<-EOF &&
 293         username=alice
 294         password=secret-passwd
 295         EOF
 296
 297         # Basic base64(alice:secret-passwd)
 298         cat >"$HTTPD_ROOT_PATH/custom-auth.valid" <<-EOF &&
 299         Basic YWxpY2U6c2VjcmV0LXBhc3N3ZA==
 300         EOF
 301
 302         CHALLENGE="$HTTPD_ROOT_PATH/custom-auth.challenge" &&
 303
 304         # Note that leading and trailing whitespace is important to correctly
 305         # simulate a continuation/folded header.
 306         printf "WWW-Authenticate: FooBar param1=\"value1\"\r\n" >"$CHALLENGE" &&
 307         printf " \r\n" >>"$CHALLENGE" &&
 308         printf "\tparam2=\"value2\"\r\n" >>"$CHALLENGE" &&
 309         printf "WWW-Authenticate: Basic realm=\"example.com\"" >>"$CHALLENGE" &&
 310
 311         test_config_global credential.helper test-helper &&
 312         git ls-remote "$HTTPD_URL/custom_auth/repo.git" &&
 313
 314         expect_credential_query get <<-EOF &&
 315         protocol=http
 316         host=$HTTPD_DEST
 317         wwwauth[]=FooBar param1="value1" param2="value2"
 318         wwwauth[]=Basic realm="example.com"
 319         EOF
 320
 321         expect_credential_query store <<-EOF
 322         protocol=http
 323         host=$HTTPD_DEST
 324         username=alice
 325         password=secret-passwd
 326         EOF
 327 '
 328
 329 test_done