Merge branch 'jk/path-name-safety-2.6' into jk/path-name-safety-2.7
[git] / t / t0300-credentials.sh
1 #!/bin/sh
2
3 test_description='basic credential helper tests'
4 . ./test-lib.sh
5 . "$TEST_DIRECTORY"/lib-credential.sh
6
7 test_expect_success 'setup helper scripts' '
8         cat >dump <<-\EOF &&
9         whoami=$(echo $0 | sed s/.*git-credential-//)
10         echo >&2 "$whoami: $*"
11         OIFS=$IFS
12         IFS==
13         while read key value; do
14                 echo >&2 "$whoami: $key=$value"
15                 eval "$key=$value"
16         done
17         IFS=$OIFS
18         EOF
19
20         write_script git-credential-useless <<-\EOF &&
21         . ./dump
22         exit 0
23         EOF
24
25         write_script git-credential-verbatim <<-\EOF &&
26         user=$1; shift
27         pass=$1; shift
28         . ./dump
29         test -z "$user" || echo username=$user
30         test -z "$pass" || echo password=$pass
31         EOF
32
33         PATH="$PWD:$PATH"
34 '
35
36 test_expect_success 'credential_fill invokes helper' '
37         check fill "verbatim foo bar" <<-\EOF
38         --
39         username=foo
40         password=bar
41         --
42         verbatim: get
43         EOF
44 '
45
46 test_expect_success 'credential_fill invokes multiple helpers' '
47         check fill useless "verbatim foo bar" <<-\EOF
48         --
49         username=foo
50         password=bar
51         --
52         useless: get
53         verbatim: get
54         EOF
55 '
56
57 test_expect_success 'credential_fill stops when we get a full response' '
58         check fill "verbatim one two" "verbatim three four" <<-\EOF
59         --
60         username=one
61         password=two
62         --
63         verbatim: get
64         EOF
65 '
66
67 test_expect_success 'credential_fill continues through partial response' '
68         check fill "verbatim one \"\"" "verbatim two three" <<-\EOF
69         --
70         username=two
71         password=three
72         --
73         verbatim: get
74         verbatim: get
75         verbatim: username=one
76         EOF
77 '
78
79 test_expect_success 'credential_fill passes along metadata' '
80         check fill "verbatim one two" <<-\EOF
81         protocol=ftp
82         host=example.com
83         path=foo.git
84         --
85         protocol=ftp
86         host=example.com
87         path=foo.git
88         username=one
89         password=two
90         --
91         verbatim: get
92         verbatim: protocol=ftp
93         verbatim: host=example.com
94         verbatim: path=foo.git
95         EOF
96 '
97
98 test_expect_success 'credential_approve calls all helpers' '
99         check approve useless "verbatim one two" <<-\EOF
100         username=foo
101         password=bar
102         --
103         --
104         useless: store
105         useless: username=foo
106         useless: password=bar
107         verbatim: store
108         verbatim: username=foo
109         verbatim: password=bar
110         EOF
111 '
112
113 test_expect_success 'do not bother storing password-less credential' '
114         check approve useless <<-\EOF
115         username=foo
116         --
117         --
118         EOF
119 '
120
121
122 test_expect_success 'credential_reject calls all helpers' '
123         check reject useless "verbatim one two" <<-\EOF
124         username=foo
125         password=bar
126         --
127         --
128         useless: erase
129         useless: username=foo
130         useless: password=bar
131         verbatim: erase
132         verbatim: username=foo
133         verbatim: password=bar
134         EOF
135 '
136
137 test_expect_success 'usernames can be preserved' '
138         check fill "verbatim \"\" three" <<-\EOF
139         username=one
140         --
141         username=one
142         password=three
143         --
144         verbatim: get
145         verbatim: username=one
146         EOF
147 '
148
149 test_expect_success 'usernames can be overridden' '
150         check fill "verbatim two three" <<-\EOF
151         username=one
152         --
153         username=two
154         password=three
155         --
156         verbatim: get
157         verbatim: username=one
158         EOF
159 '
160
161 test_expect_success 'do not bother completing already-full credential' '
162         check fill "verbatim three four" <<-\EOF
163         username=one
164         password=two
165         --
166         username=one
167         password=two
168         --
169         EOF
170 '
171
172 # We can't test the basic terminal password prompt here because
173 # getpass() tries too hard to find the real terminal. But if our
174 # askpass helper is run, we know the internal getpass is working.
175 test_expect_success 'empty helper list falls back to internal getpass' '
176         check fill <<-\EOF
177         --
178         username=askpass-username
179         password=askpass-password
180         --
181         askpass: Username:
182         askpass: Password:
183         EOF
184 '
185
186 test_expect_success 'internal getpass does not ask for known username' '
187         check fill <<-\EOF
188         username=foo
189         --
190         username=foo
191         password=askpass-password
192         --
193         askpass: Password:
194         EOF
195 '
196
197 HELPER="!f() {
198                 cat >/dev/null
199                 echo username=foo
200                 echo password=bar
201         }; f"
202 test_expect_success 'respect configured credentials' '
203         test_config credential.helper "$HELPER" &&
204         check fill <<-\EOF
205         --
206         username=foo
207         password=bar
208         --
209         EOF
210 '
211
212 test_expect_success 'match configured credential' '
213         test_config credential.https://example.com.helper "$HELPER" &&
214         check fill <<-\EOF
215         protocol=https
216         host=example.com
217         path=repo.git
218         --
219         protocol=https
220         host=example.com
221         username=foo
222         password=bar
223         --
224         EOF
225 '
226
227 test_expect_success 'do not match configured credential' '
228         test_config credential.https://foo.helper "$HELPER" &&
229         check fill <<-\EOF
230         protocol=https
231         host=bar
232         --
233         protocol=https
234         host=bar
235         username=askpass-username
236         password=askpass-password
237         --
238         askpass: Username for '\''https://bar'\'':
239         askpass: Password for '\''https://askpass-username@bar'\'':
240         EOF
241 '
242
243 test_expect_success 'pull username from config' '
244         test_config credential.https://example.com.username foo &&
245         check fill <<-\EOF
246         protocol=https
247         host=example.com
248         --
249         protocol=https
250         host=example.com
251         username=foo
252         password=askpass-password
253         --
254         askpass: Password for '\''https://foo@example.com'\'':
255         EOF
256 '
257
258 test_expect_success 'http paths can be part of context' '
259         check fill "verbatim foo bar" <<-\EOF &&
260         protocol=https
261         host=example.com
262         path=foo.git
263         --
264         protocol=https
265         host=example.com
266         username=foo
267         password=bar
268         --
269         verbatim: get
270         verbatim: protocol=https
271         verbatim: host=example.com
272         EOF
273         test_config credential.https://example.com.useHttpPath true &&
274         check fill "verbatim foo bar" <<-\EOF
275         protocol=https
276         host=example.com
277         path=foo.git
278         --
279         protocol=https
280         host=example.com
281         path=foo.git
282         username=foo
283         password=bar
284         --
285         verbatim: get
286         verbatim: protocol=https
287         verbatim: host=example.com
288         verbatim: path=foo.git
289         EOF
290 '
291
292 test_expect_success 'helpers can abort the process' '
293         test_must_fail git \
294                 -c credential.helper="!f() { echo quit=1; }; f" \
295                 -c credential.helper="verbatim foo bar" \
296                 credential fill >stdout &&
297         >expect &&
298         test_cmp expect stdout
299 '
300
301 test_done