search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
http: add support for authtype and credential
[git/gitster.git] / t / t5563-simple-http-auth.sh
blobb3ed0d9fc20736a1e49d3834d138c4373e2c125a
1 #!/bin/sh
2
3 test_description='test http auth header and credential helper interop'
4
5 . ./test-lib.sh
6 . "$TEST_DIRECTORY"/lib-httpd.sh
7
8 enable_cgipassauth
9 if ! test_have_prereq CGIPASSAUTH
10 then
11 skip_all="no CGIPassAuth support"
12 test_done
13 fi
14 start_httpd
15
16 test_expect_success 'setup_credential_helper' '
17 mkdir "$TRASH_DIRECTORY/bin" &&
18 PATH=$PATH:"$TRASH_DIRECTORY/bin" &&
19 export PATH &&
20
21 CREDENTIAL_HELPER="$TRASH_DIRECTORY/bin/git-credential-test-helper" &&
22 write_script "$CREDENTIAL_HELPER" <<-\EOF
23 cmd=$1
24 teefile=$cmd-query.cred
25 catfile=$cmd-reply.cred
26 sed -n -e "/^$/q" -e "p" >>$teefile
27 if test "$cmd" = "get"
28 then
29 cat $catfile
30 fi
31 EOF
32 '
33
34 set_credential_reply () {
35 cat >"$TRASH_DIRECTORY/$1-reply.cred"
36 }
37
38 expect_credential_query () {
39 cat >"$TRASH_DIRECTORY/$1-expect.cred" &&
40 test_cmp "$TRASH_DIRECTORY/$1-expect.cred" \
41 "$TRASH_DIRECTORY/$1-query.cred"
42 }
43
44 per_test_cleanup () {
45 rm -f *.cred &&
46 rm -f "$HTTPD_ROOT_PATH"/custom-auth.valid \
47 "$HTTPD_ROOT_PATH"/custom-auth.challenge
48 }
49
50 test_expect_success 'setup repository' '
51 test_commit foo &&
52 git init --bare "$HTTPD_DOCUMENT_ROOT_PATH/repo.git" &&
53 git push --mirror "$HTTPD_DOCUMENT_ROOT_PATH/repo.git"
54 '
55
56 test_expect_success 'access using basic auth' '
57 test_when_finished "per_test_cleanup" &&
58
59 set_credential_reply get <<-EOF &&
60 username=alice
61 password=secret-passwd
62 EOF
63
64 # Basic base64(alice:secret-passwd)
65 cat >"$HTTPD_ROOT_PATH/custom-auth.valid" <<-EOF &&
66 Basic YWxpY2U6c2VjcmV0LXBhc3N3ZA==
67 EOF
68
69 cat >"$HTTPD_ROOT_PATH/custom-auth.challenge" <<-EOF &&
70 WWW-Authenticate: Basic realm="example.com"
71 EOF
72
73 test_config_global credential.helper test-helper &&
74 git ls-remote "$HTTPD_URL/custom_auth/repo.git" &&
75
76 expect_credential_query get <<-EOF &&
77 capability[]=authtype
78 protocol=http
79 host=$HTTPD_DEST
80 wwwauth[]=Basic realm="example.com"
81 EOF
82
83 expect_credential_query store <<-EOF
84 protocol=http
85 host=$HTTPD_DEST
86 username=alice
87 password=secret-passwd
88 EOF
89 '
90
91 test_expect_success 'access using basic auth via authtype' '
92 test_when_finished "per_test_cleanup" &&
93
94 set_credential_reply get <<-EOF &&
95 capability[]=authtype
96 authtype=Basic
97 credential=YWxpY2U6c2VjcmV0LXBhc3N3ZA==
98 EOF
99
100 # Basic base64(alice:secret-passwd)
101 cat >"$HTTPD_ROOT_PATH/custom-auth.valid" <<-EOF &&
102 Basic YWxpY2U6c2VjcmV0LXBhc3N3ZA==
103 EOF
104
105 cat >"$HTTPD_ROOT_PATH/custom-auth.challenge" <<-EOF &&
106 WWW-Authenticate: Basic realm="example.com"
107 EOF
108
109 test_config_global credential.helper test-helper &&
110 GIT_CURL_VERBOSE=1 git ls-remote "$HTTPD_URL/custom_auth/repo.git" &&
111
112 expect_credential_query get <<-EOF &&
113 capability[]=authtype
114 protocol=http
115 host=$HTTPD_DEST
116 wwwauth[]=Basic realm="example.com"
117 EOF
118
119 expect_credential_query store <<-EOF
120 capability[]=authtype
121 authtype=Basic
122 credential=YWxpY2U6c2VjcmV0LXBhc3N3ZA==
123 protocol=http
124 host=$HTTPD_DEST
125 EOF
126 '
127
128 test_expect_success 'access using basic auth invalid credentials' '
129 test_when_finished "per_test_cleanup" &&
130
131 set_credential_reply get <<-EOF &&
132 username=baduser
133 password=wrong-passwd
134 EOF
135
136 # Basic base64(alice:secret-passwd)
137 cat >"$HTTPD_ROOT_PATH/custom-auth.valid" <<-EOF &&
138 Basic YWxpY2U6c2VjcmV0LXBhc3N3ZA==
139 EOF
140
141 cat >"$HTTPD_ROOT_PATH/custom-auth.challenge" <<-EOF &&
142 WWW-Authenticate: Basic realm="example.com"
143 EOF
144
145 test_config_global credential.helper test-helper &&
146 test_must_fail git ls-remote "$HTTPD_URL/custom_auth/repo.git" &&
147
148 expect_credential_query get <<-EOF &&
149 capability[]=authtype
150 protocol=http
151 host=$HTTPD_DEST
152 wwwauth[]=Basic realm="example.com"
153 EOF
154
155 expect_credential_query erase <<-EOF
156 protocol=http
157 host=$HTTPD_DEST
158 username=baduser
159 password=wrong-passwd
160 wwwauth[]=Basic realm="example.com"
161 EOF
162 '
163
164 test_expect_success 'access using basic auth with extra challenges' '
165 test_when_finished "per_test_cleanup" &&
166
167 set_credential_reply get <<-EOF &&
168 username=alice
169 password=secret-passwd
170 EOF
171
172 # Basic base64(alice:secret-passwd)
173 cat >"$HTTPD_ROOT_PATH/custom-auth.valid" <<-EOF &&
174 Basic YWxpY2U6c2VjcmV0LXBhc3N3ZA==
175 EOF
176
177 cat >"$HTTPD_ROOT_PATH/custom-auth.challenge" <<-EOF &&
178 WWW-Authenticate: FooBar param1="value1" param2="value2"
179 WWW-Authenticate: Bearer authorize_uri="id.example.com" p=1 q=0
180 WWW-Authenticate: Basic realm="example.com"
181 EOF
182
183 test_config_global credential.helper test-helper &&
184 git ls-remote "$HTTPD_URL/custom_auth/repo.git" &&
185
186 expect_credential_query get <<-EOF &&
187 capability[]=authtype
188 protocol=http
189 host=$HTTPD_DEST
190 wwwauth[]=FooBar param1="value1" param2="value2"
191 wwwauth[]=Bearer authorize_uri="id.example.com" p=1 q=0
192 wwwauth[]=Basic realm="example.com"
193 EOF
194
195 expect_credential_query store <<-EOF
196 protocol=http
197 host=$HTTPD_DEST
198 username=alice
199 password=secret-passwd
200 EOF
201 '
202
203 test_expect_success 'access using basic auth mixed-case wwwauth header name' '
204 test_when_finished "per_test_cleanup" &&
205
206 set_credential_reply get <<-EOF &&
207 username=alice
208 password=secret-passwd
209 EOF
210
211 # Basic base64(alice:secret-passwd)
212 cat >"$HTTPD_ROOT_PATH/custom-auth.valid" <<-EOF &&
213 Basic YWxpY2U6c2VjcmV0LXBhc3N3ZA==
214 EOF
215
216 cat >"$HTTPD_ROOT_PATH/custom-auth.challenge" <<-EOF &&
217 www-authenticate: foobar param1="value1" param2="value2"
218 WWW-AUTHENTICATE: BEARER authorize_uri="id.example.com" p=1 q=0
219 WwW-aUtHeNtIcAtE: baSiC realm="example.com"
220 EOF
221
222 test_config_global credential.helper test-helper &&
223 git ls-remote "$HTTPD_URL/custom_auth/repo.git" &&
224
225 expect_credential_query get <<-EOF &&
226 capability[]=authtype
227 protocol=http
228 host=$HTTPD_DEST
229 wwwauth[]=foobar param1="value1" param2="value2"
230 wwwauth[]=BEARER authorize_uri="id.example.com" p=1 q=0
231 wwwauth[]=baSiC realm="example.com"
232 EOF
233
234 expect_credential_query store <<-EOF
235 protocol=http
236 host=$HTTPD_DEST
237 username=alice
238 password=secret-passwd
239 EOF
240 '
241
242 test_expect_success 'access using basic auth with wwwauth header continuations' '
243 test_when_finished "per_test_cleanup" &&
244
245 set_credential_reply get <<-EOF &&
246 username=alice
247 password=secret-passwd
248 EOF
249
250 # Basic base64(alice:secret-passwd)
251 cat >"$HTTPD_ROOT_PATH/custom-auth.valid" <<-EOF &&
252 Basic YWxpY2U6c2VjcmV0LXBhc3N3ZA==
253 EOF
254
255 # Note that leading and trailing whitespace is important to correctly
256 # simulate a continuation/folded header.
257 cat >"$HTTPD_ROOT_PATH/custom-auth.challenge" <<-EOF &&
258 WWW-Authenticate: FooBar param1="value1"
259 param2="value2"
260 WWW-Authenticate: Bearer authorize_uri="id.example.com"
261 p=1
262 q=0
263 WWW-Authenticate: Basic realm="example.com"
264 EOF
265
266 test_config_global credential.helper test-helper &&
267 git ls-remote "$HTTPD_URL/custom_auth/repo.git" &&
268
269 expect_credential_query get <<-EOF &&
270 capability[]=authtype
271 protocol=http
272 host=$HTTPD_DEST
273 wwwauth[]=FooBar param1="value1" param2="value2"
274 wwwauth[]=Bearer authorize_uri="id.example.com" p=1 q=0
275 wwwauth[]=Basic realm="example.com"
276 EOF
277
278 expect_credential_query store <<-EOF
279 protocol=http
280 host=$HTTPD_DEST
281 username=alice
282 password=secret-passwd
283 EOF
284 '
285
286 test_expect_success 'access using basic auth with wwwauth header empty continuations' '
287 test_when_finished "per_test_cleanup" &&
288
289 set_credential_reply get <<-EOF &&
290 username=alice
291 password=secret-passwd
292 EOF
293
294 # Basic base64(alice:secret-passwd)
295 cat >"$HTTPD_ROOT_PATH/custom-auth.valid" <<-EOF &&
296 Basic YWxpY2U6c2VjcmV0LXBhc3N3ZA==
297 EOF
298
299 CHALLENGE="$HTTPD_ROOT_PATH/custom-auth.challenge" &&
300
301 # Note that leading and trailing whitespace is important to correctly
302 # simulate a continuation/folded header.
303 printf "WWW-Authenticate: FooBar param1=\"value1\"\r\n" >"$CHALLENGE" &&
304 printf " \r\n" >>"$CHALLENGE" &&
305 printf " param2=\"value2\"\r\n" >>"$CHALLENGE" &&
306 printf "WWW-Authenticate: Bearer authorize_uri=\"id.example.com\"\r\n" >>"$CHALLENGE" &&
307 printf " p=1\r\n" >>"$CHALLENGE" &&
308 printf " \r\n" >>"$CHALLENGE" &&
309 printf " q=0\r\n" >>"$CHALLENGE" &&
310 printf "WWW-Authenticate: Basic realm=\"example.com\"\r\n" >>"$CHALLENGE" &&
311
312 test_config_global credential.helper test-helper &&
313 git ls-remote "$HTTPD_URL/custom_auth/repo.git" &&
314
315 expect_credential_query get <<-EOF &&
316 capability[]=authtype
317 protocol=http
318 host=$HTTPD_DEST
319 wwwauth[]=FooBar param1="value1" param2="value2"
320 wwwauth[]=Bearer authorize_uri="id.example.com" p=1 q=0
321 wwwauth[]=Basic realm="example.com"
322 EOF
323
324 expect_credential_query store <<-EOF
325 protocol=http
326 host=$HTTPD_DEST
327 username=alice
328 password=secret-passwd
329 EOF
330 '
331
332 test_expect_success 'access using basic auth with wwwauth header mixed line-endings' '
333 test_when_finished "per_test_cleanup" &&
334
335 set_credential_reply get <<-EOF &&
336 username=alice
337 password=secret-passwd
338 EOF
339
340 # Basic base64(alice:secret-passwd)
341 cat >"$HTTPD_ROOT_PATH/custom-auth.valid" <<-EOF &&
342 Basic YWxpY2U6c2VjcmV0LXBhc3N3ZA==
343 EOF
344
345 CHALLENGE="$HTTPD_ROOT_PATH/custom-auth.challenge" &&
346
347 # Note that leading and trailing whitespace is important to correctly
348 # simulate a continuation/folded header.
349 printf "WWW-Authenticate: FooBar param1=\"value1\"\r\n" >"$CHALLENGE" &&
350 printf " \r\n" >>"$CHALLENGE" &&
351 printf "\tparam2=\"value2\"\r\n" >>"$CHALLENGE" &&
352 printf "WWW-Authenticate: Basic realm=\"example.com\"" >>"$CHALLENGE" &&
353
354 test_config_global credential.helper test-helper &&
355 git ls-remote "$HTTPD_URL/custom_auth/repo.git" &&
356
357 expect_credential_query get <<-EOF &&
358 capability[]=authtype
359 protocol=http
360 host=$HTTPD_DEST
361 wwwauth[]=FooBar param1="value1" param2="value2"
362 wwwauth[]=Basic realm="example.com"
363 EOF
364
365 expect_credential_query store <<-EOF
366 protocol=http
367 host=$HTTPD_DEST
368 username=alice
369 password=secret-passwd
370 EOF
371 '
372
373 test_expect_success 'access using bearer auth' '
374 test_when_finished "per_test_cleanup" &&
375
376 set_credential_reply get <<-EOF &&
377 capability[]=authtype
378 authtype=Bearer
379 credential=YS1naXQtdG9rZW4=
380 EOF
381
382 # Basic base64(a-git-token)
383 cat >"$HTTPD_ROOT_PATH/custom-auth.valid" <<-EOF &&
384 Bearer YS1naXQtdG9rZW4=
385 EOF
386
387 CHALLENGE="$HTTPD_ROOT_PATH/custom-auth.challenge" &&
388
389 cat >"$HTTPD_ROOT_PATH/custom-auth.challenge" <<-EOF &&
390 WWW-Authenticate: FooBar param1="value1" param2="value2"
391 WWW-Authenticate: Bearer authorize_uri="id.example.com" p=1 q=0
392 WWW-Authenticate: Basic realm="example.com"
393 EOF
394
395 test_config_global credential.helper test-helper &&
396 git ls-remote "$HTTPD_URL/custom_auth/repo.git" &&
397
398 expect_credential_query get <<-EOF &&
399 capability[]=authtype
400 protocol=http
401 host=$HTTPD_DEST
402 wwwauth[]=FooBar param1="value1" param2="value2"
403 wwwauth[]=Bearer authorize_uri="id.example.com" p=1 q=0
404 wwwauth[]=Basic realm="example.com"
405 EOF
406
407 expect_credential_query store <<-EOF
408 capability[]=authtype
409 authtype=Bearer
410 credential=YS1naXQtdG9rZW4=
411 protocol=http
412 host=$HTTPD_DEST
413 EOF
414 '
415
416 test_expect_success 'access using bearer auth with invalid credentials' '
417 test_when_finished "per_test_cleanup" &&
418
419 set_credential_reply get <<-EOF &&
420 capability[]=authtype
421 authtype=Bearer
422 credential=incorrect-token
423 EOF
424
425 # Basic base64(a-git-token)
426 cat >"$HTTPD_ROOT_PATH/custom-auth.valid" <<-EOF &&
427 Bearer YS1naXQtdG9rZW4=
428 EOF
429
430 CHALLENGE="$HTTPD_ROOT_PATH/custom-auth.challenge" &&
431
432 cat >"$HTTPD_ROOT_PATH/custom-auth.challenge" <<-EOF &&
433 WWW-Authenticate: FooBar param1="value1" param2="value2"
434 WWW-Authenticate: Bearer authorize_uri="id.example.com" p=1 q=0
435 WWW-Authenticate: Basic realm="example.com"
436 EOF
437
438 test_config_global credential.helper test-helper &&
439 test_must_fail git ls-remote "$HTTPD_URL/custom_auth/repo.git" &&
440
441 expect_credential_query get <<-EOF &&
442 capability[]=authtype
443 protocol=http
444 host=$HTTPD_DEST
445 wwwauth[]=FooBar param1="value1" param2="value2"
446 wwwauth[]=Bearer authorize_uri="id.example.com" p=1 q=0
447 wwwauth[]=Basic realm="example.com"
448 EOF
449
450 expect_credential_query erase <<-EOF
451 capability[]=authtype
452 authtype=Bearer
453 credential=incorrect-token
454 protocol=http
455 host=$HTTPD_DEST
456 wwwauth[]=FooBar param1="value1" param2="value2"
457 wwwauth[]=Bearer authorize_uri="id.example.com" p=1 q=0
458 wwwauth[]=Basic realm="example.com"
459 EOF
460 '
461
462 test_done
Mirror of Junio's Git repository with all the branches