1 # Shell library for testing credential handling including helpers. See t0302
2 # for an example of testing a specific helper.
4 # Try a set of credential helpers; the expected stdin,
5 # stdout and stderr should be provided on stdin,
12 credential_opts
="$credential_opts -c credential.helper='$arg'"
15 read_chunk
>expect-stdout
&&
16 read_chunk
>expect-stderr
&&
17 if ! eval "git $credential_opts credential $credential_cmd <stdin >stdout 2>stderr"; then
18 echo "git credential failed with code $?" &&
22 test_cmp expect-stdout stdout
&&
23 test_cmp expect-stderr stderr
35 # Clear any residual data from previous tests. We only
36 # need this when testing third-party helpers which read and
37 # write outside of our trash-directory sandbox.
39 # Don't bother checking for success here, as it is
40 # outside the scope of tests and represents a best effort to
41 # clean up after ourselves.
43 reject
$1 https example.com store-user
44 reject
$1 https example.com user1
45 reject
$1 https example.com user2
46 reject
$1 https example.com user4
47 reject
$1 https example.com user-distinct-pass
48 reject
$1 https example.com user-overwrite
49 reject
$1 https example.com user-erase1
50 reject
$1 https example.com user-erase2
51 reject
$1 http path.tld user
52 reject
$1 https timeout.tld user
53 reject
$1 https sso.tld
61 ) | git
-c credential.helper
=$1 credential reject
67 test_expect_success
"helper ($HELPER) has no existing data" '
68 check fill $HELPER <<-\EOF
74 username=askpass-username
75 password=askpass-password
77 askpass: Username for '\''https://example.com'\'':
78 askpass: Password for '\''https://askpass-username@example.com'\'':
82 test_expect_success
"helper ($HELPER) stores password" '
83 check approve $HELPER <<-\EOF
91 test_expect_success
"helper ($HELPER) can retrieve password" '
92 check fill $HELPER <<-\EOF
104 test_expect_success
"helper ($HELPER) requires matching protocol" '
105 check fill $HELPER <<-\EOF
111 username=askpass-username
112 password=askpass-password
114 askpass: Username for '\''http://example.com'\'':
115 askpass: Password for '\''http://askpass-username@example.com'\'':
119 test_expect_success
"helper ($HELPER) requires matching host" '
120 check fill $HELPER <<-\EOF
126 username=askpass-username
127 password=askpass-password
129 askpass: Username for '\''https://other.tld'\'':
130 askpass: Password for '\''https://askpass-username@other.tld'\'':
134 test_expect_success
"helper ($HELPER) requires matching username" '
135 check fill $HELPER <<-\EOF
143 password=askpass-password
145 askpass: Password for '\''https://other@example.com'\'':
149 test_expect_success
"helper ($HELPER) requires matching path" '
150 test_config credential.usehttppath true &&
151 check approve $HELPER <<-\EOF &&
158 check fill $HELPER <<-\EOF
166 username=askpass-username
167 password=askpass-password
169 askpass: Username for '\''http://path.tld/bar.git'\'':
170 askpass: Password for '\''http://askpass-username@path.tld/bar.git'\'':
174 test_expect_success
"helper ($HELPER) overwrites on store" '
175 check approve $HELPER <<-\EOF &&
178 username=user-overwrite
181 check approve $HELPER <<-\EOF &&
184 username=user-overwrite
187 check fill $HELPER <<-\EOF &&
190 username=user-overwrite
194 username=user-overwrite
197 check reject $HELPER <<-\EOF &&
200 username=user-overwrite
203 check fill $HELPER <<-\EOF
206 username=user-overwrite
210 username=user-overwrite
211 password=askpass-password
213 askpass: Password for '\''https://user-overwrite@example.com'\'':
217 test_expect_success
"helper ($HELPER) can forget host" '
218 check reject $HELPER <<-\EOF &&
222 check fill $HELPER <<-\EOF
228 username=askpass-username
229 password=askpass-password
231 askpass: Username for '\''https://example.com'\'':
232 askpass: Password for '\''https://askpass-username@example.com'\'':
236 test_expect_success
"helper ($HELPER) can store multiple users" '
237 check approve $HELPER <<-\EOF &&
243 check approve $HELPER <<-\EOF &&
249 check fill $HELPER <<-\EOF &&
259 check fill $HELPER <<-\EOF
271 test_expect_success
"helper ($HELPER) does not erase a password distinct from input" '
272 check approve $HELPER <<-\EOF &&
275 username=user-distinct-pass
278 check reject $HELPER <<-\EOF &&
281 username=user-distinct-pass
284 check fill $HELPER <<-\EOF
287 username=user-distinct-pass
291 username=user-distinct-pass
296 test_expect_success
"helper ($HELPER) can forget user" '
297 check reject $HELPER <<-\EOF &&
302 check fill $HELPER <<-\EOF
310 password=askpass-password
312 askpass: Password for '\''https://user1@example.com'\'':
316 test_expect_success
"helper ($HELPER) remembers other user" '
317 check fill $HELPER <<-\EOF
329 test_expect_success
"helper ($HELPER) can store empty username" '
330 check approve $HELPER <<-\EOF &&
336 check fill $HELPER <<-\EOF
347 test_expect_success
"helper ($HELPER) erases all matching credentials" '
348 check approve $HELPER <<-\EOF &&
354 check approve $HELPER <<-\EOF &&
360 check reject $HELPER <<-\EOF &&
364 check fill $HELPER <<-\EOF
370 username=askpass-username
371 password=askpass-password
373 askpass: Username for '\''https://example.com'\'':
374 askpass: Password for '\''https://askpass-username@example.com'\'':
378 : ${GIT_TEST_LONG_CRED_BUFFER:=1024}
379 # 23 bytes accounts for "wwwauth[]=basic realm=" plus NUL
380 LONG_VALUE_LEN
=$
((GIT_TEST_LONG_CRED_BUFFER
- 23))
381 LONG_VALUE
=$
(perl
-e 'print "a" x shift' $LONG_VALUE_LEN)
383 test_expect_success
"helper ($HELPER) not confused by long header" '
384 check approve $HELPER <<-\EOF &&
386 host=victim.example.com
388 password=to-be-stolen
391 check fill $HELPER <<-EOF
393 host=badguy.example.com
394 wwwauth[]=basic realm=${LONG_VALUE}host=victim.example.com
397 host=badguy.example.com
398 username=askpass-username
399 password=askpass-password
400 wwwauth[]=basic realm=${LONG_VALUE}host=victim.example.com
402 askpass: Username for '\''https://badguy.example.com'\'':
403 askpass: Password for '\''https://askpass-username@badguy.example.com'\'':
408 helper_test_timeout
() {
411 test_expect_success
"helper ($HELPER) times out" '
412 check approve "$HELPER" <<-\EOF &&
419 check fill "$HELPER" <<-\EOF
425 username=askpass-username
426 password=askpass-password
428 askpass: Username for '\''https://timeout.tld'\'':
429 askpass: Password for '\''https://askpass-username@timeout.tld'\'':
434 helper_test_oauth_refresh_token
() {
437 test_expect_success
"helper ($HELPER) stores oauth_refresh_token" '
438 check approve $HELPER <<-\EOF
443 oauth_refresh_token=xyzzy
447 test_expect_success
"helper ($HELPER) gets oauth_refresh_token" '
448 check fill $HELPER <<-\EOF
457 oauth_refresh_token=xyzzy
463 write_script askpass
<<\EOF
465 what
=$
(echo $1 | cut
-d" " -f1 |
tr A-Z a-z |
tr -cd a-z
)
468 GIT_ASKPASS
="$PWD/askpass"