3 test_description
='test http auth header and credential helper interop'
6 .
"$TEST_DIRECTORY"/lib-httpd.sh
9 if ! test_have_prereq CGIPASSAUTH
11 skip_all
="no CGIPassAuth support"
16 test_expect_success
'setup_credential_helper' '
17 mkdir "$TRASH_DIRECTORY/bin" &&
18 PATH=$PATH:"$TRASH_DIRECTORY/bin" &&
21 CREDENTIAL_HELPER="$TRASH_DIRECTORY/bin/git-credential-test-helper" &&
22 write_script "$CREDENTIAL_HELPER" <<-\EOF
24 teefile=$cmd-query.cred
25 catfile=$cmd-reply.cred
26 sed -n -e "/^$/q" -e "p" >>$teefile
27 if test "$cmd" = "get"
34 set_credential_reply
() {
35 cat >"$TRASH_DIRECTORY/$1-reply.cred"
38 expect_credential_query
() {
39 cat >"$TRASH_DIRECTORY/$1-expect.cred" &&
40 test_cmp
"$TRASH_DIRECTORY/$1-expect.cred" \
41 "$TRASH_DIRECTORY/$1-query.cred"
46 rm -f "$HTTPD_ROOT_PATH"/custom-auth.valid \
47 "$HTTPD_ROOT_PATH"/custom-auth.challenge
50 test_expect_success
'setup repository' '
52 git init --bare "$HTTPD_DOCUMENT_ROOT_PATH/repo.git" &&
53 git push --mirror "$HTTPD_DOCUMENT_ROOT_PATH/repo.git"
56 test_expect_success
'access using basic auth' '
57 test_when_finished "per_test_cleanup" &&
59 set_credential_reply get <<-EOF &&
61 password=secret-passwd
64 # Basic base64(alice:secret-passwd)
65 cat >"$HTTPD_ROOT_PATH/custom-auth.valid" <<-EOF &&
66 Basic YWxpY2U6c2VjcmV0LXBhc3N3ZA==
69 cat >"$HTTPD_ROOT_PATH/custom-auth.challenge" <<-EOF &&
70 WWW-Authenticate: Basic realm="example.com"
73 test_config_global credential.helper test-helper &&
74 git ls-remote "$HTTPD_URL/custom_auth/repo.git" &&
76 expect_credential_query get <<-EOF &&
80 wwwauth[]=Basic realm="example.com"
83 expect_credential_query store <<-EOF
87 password=secret-passwd
91 test_expect_success
'access using basic auth via authtype' '
92 test_when_finished "per_test_cleanup" &&
94 set_credential_reply get <<-EOF &&
97 credential=YWxpY2U6c2VjcmV0LXBhc3N3ZA==
100 # Basic base64(alice:secret-passwd)
101 cat >"$HTTPD_ROOT_PATH/custom-auth.valid" <<-EOF &&
102 Basic YWxpY2U6c2VjcmV0LXBhc3N3ZA==
105 cat >"$HTTPD_ROOT_PATH/custom-auth.challenge" <<-EOF &&
106 WWW-Authenticate: Basic realm="example.com"
109 test_config_global credential.helper test-helper &&
110 GIT_CURL_VERBOSE=1 git ls-remote "$HTTPD_URL/custom_auth/repo.git" &&
112 expect_credential_query get <<-EOF &&
113 capability[]=authtype
116 wwwauth[]=Basic realm="example.com"
119 expect_credential_query store <<-EOF
120 capability[]=authtype
122 credential=YWxpY2U6c2VjcmV0LXBhc3N3ZA==
128 test_expect_success
'access using basic auth invalid credentials' '
129 test_when_finished "per_test_cleanup" &&
131 set_credential_reply get <<-EOF &&
133 password=wrong-passwd
136 # Basic base64(alice:secret-passwd)
137 cat >"$HTTPD_ROOT_PATH/custom-auth.valid" <<-EOF &&
138 Basic YWxpY2U6c2VjcmV0LXBhc3N3ZA==
141 cat >"$HTTPD_ROOT_PATH/custom-auth.challenge" <<-EOF &&
142 WWW-Authenticate: Basic realm="example.com"
145 test_config_global credential.helper test-helper &&
146 test_must_fail git ls-remote "$HTTPD_URL/custom_auth/repo.git" &&
148 expect_credential_query get <<-EOF &&
149 capability[]=authtype
152 wwwauth[]=Basic realm="example.com"
155 expect_credential_query erase <<-EOF
159 password=wrong-passwd
160 wwwauth[]=Basic realm="example.com"
164 test_expect_success
'access using basic auth with extra challenges' '
165 test_when_finished "per_test_cleanup" &&
167 set_credential_reply get <<-EOF &&
169 password=secret-passwd
172 # Basic base64(alice:secret-passwd)
173 cat >"$HTTPD_ROOT_PATH/custom-auth.valid" <<-EOF &&
174 Basic YWxpY2U6c2VjcmV0LXBhc3N3ZA==
177 cat >"$HTTPD_ROOT_PATH/custom-auth.challenge" <<-EOF &&
178 WWW-Authenticate: FooBar param1="value1" param2="value2"
179 WWW-Authenticate: Bearer authorize_uri="id.example.com" p=1 q=0
180 WWW-Authenticate: Basic realm="example.com"
183 test_config_global credential.helper test-helper &&
184 git ls-remote "$HTTPD_URL/custom_auth/repo.git" &&
186 expect_credential_query get <<-EOF &&
187 capability[]=authtype
190 wwwauth[]=FooBar param1="value1" param2="value2"
191 wwwauth[]=Bearer authorize_uri="id.example.com" p=1 q=0
192 wwwauth[]=Basic realm="example.com"
195 expect_credential_query store <<-EOF
199 password=secret-passwd
203 test_expect_success
'access using basic auth mixed-case wwwauth header name' '
204 test_when_finished "per_test_cleanup" &&
206 set_credential_reply get <<-EOF &&
208 password=secret-passwd
211 # Basic base64(alice:secret-passwd)
212 cat >"$HTTPD_ROOT_PATH/custom-auth.valid" <<-EOF &&
213 Basic YWxpY2U6c2VjcmV0LXBhc3N3ZA==
216 cat >"$HTTPD_ROOT_PATH/custom-auth.challenge" <<-EOF &&
217 www-authenticate: foobar param1="value1" param2="value2"
218 WWW-AUTHENTICATE: BEARER authorize_uri="id.example.com" p=1 q=0
219 WwW-aUtHeNtIcAtE: baSiC realm="example.com"
222 test_config_global credential.helper test-helper &&
223 git ls-remote "$HTTPD_URL/custom_auth/repo.git" &&
225 expect_credential_query get <<-EOF &&
226 capability[]=authtype
229 wwwauth[]=foobar param1="value1" param2="value2"
230 wwwauth[]=BEARER authorize_uri="id.example.com" p=1 q=0
231 wwwauth[]=baSiC realm="example.com"
234 expect_credential_query store <<-EOF
238 password=secret-passwd
242 test_expect_success
'access using basic auth with wwwauth header continuations' '
243 test_when_finished "per_test_cleanup" &&
245 set_credential_reply get <<-EOF &&
247 password=secret-passwd
250 # Basic base64(alice:secret-passwd)
251 cat >"$HTTPD_ROOT_PATH/custom-auth.valid" <<-EOF &&
252 Basic YWxpY2U6c2VjcmV0LXBhc3N3ZA==
255 # Note that leading and trailing whitespace is important to correctly
256 # simulate a continuation/folded header.
257 cat >"$HTTPD_ROOT_PATH/custom-auth.challenge" <<-EOF &&
258 WWW-Authenticate: FooBar param1="value1"
260 WWW-Authenticate: Bearer authorize_uri="id.example.com"
263 WWW-Authenticate: Basic realm="example.com"
266 test_config_global credential.helper test-helper &&
267 git ls-remote "$HTTPD_URL/custom_auth/repo.git" &&
269 expect_credential_query get <<-EOF &&
270 capability[]=authtype
273 wwwauth[]=FooBar param1="value1" param2="value2"
274 wwwauth[]=Bearer authorize_uri="id.example.com" p=1 q=0
275 wwwauth[]=Basic realm="example.com"
278 expect_credential_query store <<-EOF
282 password=secret-passwd
286 test_expect_success
'access using basic auth with wwwauth header empty continuations' '
287 test_when_finished "per_test_cleanup" &&
289 set_credential_reply get <<-EOF &&
291 password=secret-passwd
294 # Basic base64(alice:secret-passwd)
295 cat >"$HTTPD_ROOT_PATH/custom-auth.valid" <<-EOF &&
296 Basic YWxpY2U6c2VjcmV0LXBhc3N3ZA==
299 CHALLENGE="$HTTPD_ROOT_PATH/custom-auth.challenge" &&
301 # Note that leading and trailing whitespace is important to correctly
302 # simulate a continuation/folded header.
303 printf "WWW-Authenticate: FooBar param1=\"value1\"\r\n" >"$CHALLENGE" &&
304 printf " \r\n" >>"$CHALLENGE" &&
305 printf " param2=\"value2\"\r\n" >>"$CHALLENGE" &&
306 printf "WWW-Authenticate: Bearer authorize_uri=\"id.example.com\"\r\n" >>"$CHALLENGE" &&
307 printf " p=1\r\n" >>"$CHALLENGE" &&
308 printf " \r\n" >>"$CHALLENGE" &&
309 printf " q=0\r\n" >>"$CHALLENGE" &&
310 printf "WWW-Authenticate: Basic realm=\"example.com\"\r\n" >>"$CHALLENGE" &&
312 test_config_global credential.helper test-helper &&
313 git ls-remote "$HTTPD_URL/custom_auth/repo.git" &&
315 expect_credential_query get <<-EOF &&
316 capability[]=authtype
319 wwwauth[]=FooBar param1="value1" param2="value2"
320 wwwauth[]=Bearer authorize_uri="id.example.com" p=1 q=0
321 wwwauth[]=Basic realm="example.com"
324 expect_credential_query store <<-EOF
328 password=secret-passwd
332 test_expect_success
'access using basic auth with wwwauth header mixed line-endings' '
333 test_when_finished "per_test_cleanup" &&
335 set_credential_reply get <<-EOF &&
337 password=secret-passwd
340 # Basic base64(alice:secret-passwd)
341 cat >"$HTTPD_ROOT_PATH/custom-auth.valid" <<-EOF &&
342 Basic YWxpY2U6c2VjcmV0LXBhc3N3ZA==
345 CHALLENGE="$HTTPD_ROOT_PATH/custom-auth.challenge" &&
347 # Note that leading and trailing whitespace is important to correctly
348 # simulate a continuation/folded header.
349 printf "WWW-Authenticate: FooBar param1=\"value1\"\r\n" >"$CHALLENGE" &&
350 printf " \r\n" >>"$CHALLENGE" &&
351 printf "\tparam2=\"value2\"\r\n" >>"$CHALLENGE" &&
352 printf "WWW-Authenticate: Basic realm=\"example.com\"" >>"$CHALLENGE" &&
354 test_config_global credential.helper test-helper &&
355 git ls-remote "$HTTPD_URL/custom_auth/repo.git" &&
357 expect_credential_query get <<-EOF &&
358 capability[]=authtype
361 wwwauth[]=FooBar param1="value1" param2="value2"
362 wwwauth[]=Basic realm="example.com"
365 expect_credential_query store <<-EOF
369 password=secret-passwd
373 test_expect_success
'access using bearer auth' '
374 test_when_finished "per_test_cleanup" &&
376 set_credential_reply get <<-EOF &&
377 capability[]=authtype
379 credential=YS1naXQtdG9rZW4=
382 # Basic base64(a-git-token)
383 cat >"$HTTPD_ROOT_PATH/custom-auth.valid" <<-EOF &&
384 Bearer YS1naXQtdG9rZW4=
387 CHALLENGE="$HTTPD_ROOT_PATH/custom-auth.challenge" &&
389 cat >"$HTTPD_ROOT_PATH/custom-auth.challenge" <<-EOF &&
390 WWW-Authenticate: FooBar param1="value1" param2="value2"
391 WWW-Authenticate: Bearer authorize_uri="id.example.com" p=1 q=0
392 WWW-Authenticate: Basic realm="example.com"
395 test_config_global credential.helper test-helper &&
396 git ls-remote "$HTTPD_URL/custom_auth/repo.git" &&
398 expect_credential_query get <<-EOF &&
399 capability[]=authtype
402 wwwauth[]=FooBar param1="value1" param2="value2"
403 wwwauth[]=Bearer authorize_uri="id.example.com" p=1 q=0
404 wwwauth[]=Basic realm="example.com"
407 expect_credential_query store <<-EOF
408 capability[]=authtype
410 credential=YS1naXQtdG9rZW4=
416 test_expect_success
'access using bearer auth with invalid credentials' '
417 test_when_finished "per_test_cleanup" &&
419 set_credential_reply get <<-EOF &&
420 capability[]=authtype
422 credential=incorrect-token
425 # Basic base64(a-git-token)
426 cat >"$HTTPD_ROOT_PATH/custom-auth.valid" <<-EOF &&
427 Bearer YS1naXQtdG9rZW4=
430 CHALLENGE="$HTTPD_ROOT_PATH/custom-auth.challenge" &&
432 cat >"$HTTPD_ROOT_PATH/custom-auth.challenge" <<-EOF &&
433 WWW-Authenticate: FooBar param1="value1" param2="value2"
434 WWW-Authenticate: Bearer authorize_uri="id.example.com" p=1 q=0
435 WWW-Authenticate: Basic realm="example.com"
438 test_config_global credential.helper test-helper &&
439 test_must_fail git ls-remote "$HTTPD_URL/custom_auth/repo.git" &&
441 expect_credential_query get <<-EOF &&
442 capability[]=authtype
445 wwwauth[]=FooBar param1="value1" param2="value2"
446 wwwauth[]=Bearer authorize_uri="id.example.com" p=1 q=0
447 wwwauth[]=Basic realm="example.com"
450 expect_credential_query erase <<-EOF
451 capability[]=authtype
453 credential=incorrect-token
456 wwwauth[]=FooBar param1="value1" param2="value2"
457 wwwauth[]=Bearer authorize_uri="id.example.com" p=1 q=0
458 wwwauth[]=Basic realm="example.com"