3 test_description='basic credential helper tests'
5 . "$TEST_DIRECTORY"/lib-credential.sh
7 test_expect_success 'setup helper scripts' '
9 whoami=$(echo $0 | sed s/.*git-credential-//)
10 echo >&2 "$whoami: $*"
13 while read key value; do
14 echo >&2 "$whoami: $key=$value"
20 write_script git-credential-useless <<-\EOF &&
25 write_script git-credential-quit <<-\EOF &&
30 write_script git-credential-verbatim <<-\EOF &&
34 test -z "$user" || echo username=$user
35 test -z "$pass" || echo password=$pass
41 test_expect_success 'credential_fill invokes helper' '
42 check fill "verbatim foo bar" <<-\EOF
52 verbatim: protocol=http
53 verbatim: host=example.com
57 test_expect_success 'credential_fill invokes multiple helpers' '
58 check fill useless "verbatim foo bar" <<-\EOF
68 useless: protocol=http
69 useless: host=example.com
71 verbatim: protocol=http
72 verbatim: host=example.com
76 test_expect_success 'credential_fill stops when we get a full response' '
77 check fill "verbatim one two" "verbatim three four" <<-\EOF
87 verbatim: protocol=http
88 verbatim: host=example.com
92 test_expect_success 'credential_fill continues through partial response' '
93 check fill "verbatim one \"\"" "verbatim two three" <<-\EOF
103 verbatim: protocol=http
104 verbatim: host=example.com
106 verbatim: protocol=http
107 verbatim: host=example.com
108 verbatim: username=one
112 test_expect_success 'credential_fill passes along metadata' '
113 check fill "verbatim one two" <<-\EOF
125 verbatim: protocol=ftp
126 verbatim: host=example.com
127 verbatim: path=foo.git
131 test_expect_success 'credential_approve calls all helpers' '
132 check approve useless "verbatim one two" <<-\EOF
140 useless: protocol=http
141 useless: host=example.com
142 useless: username=foo
143 useless: password=bar
145 verbatim: protocol=http
146 verbatim: host=example.com
147 verbatim: username=foo
148 verbatim: password=bar
152 test_expect_success 'do not bother storing password-less credential' '
153 check approve useless <<-\EOF
163 test_expect_success 'credential_reject calls all helpers' '
164 check reject useless "verbatim one two" <<-\EOF
172 useless: protocol=http
173 useless: host=example.com
174 useless: username=foo
175 useless: password=bar
177 verbatim: protocol=http
178 verbatim: host=example.com
179 verbatim: username=foo
180 verbatim: password=bar
184 test_expect_success 'usernames can be preserved' '
185 check fill "verbatim \"\" three" <<-\EOF
196 verbatim: protocol=http
197 verbatim: host=example.com
198 verbatim: username=one
202 test_expect_success 'usernames can be overridden' '
203 check fill "verbatim two three" <<-\EOF
214 verbatim: protocol=http
215 verbatim: host=example.com
216 verbatim: username=one
220 test_expect_success 'do not bother completing already-full credential' '
221 check fill "verbatim three four" <<-\EOF
235 # We can't test the basic terminal password prompt here because
236 # getpass() tries too hard to find the real terminal. But if our
237 # askpass helper is run, we know the internal getpass is working.
238 test_expect_success 'empty helper list falls back to internal getpass' '
245 username=askpass-username
246 password=askpass-password
248 askpass: Username for '\''http://example.com'\'':
249 askpass: Password for '\''http://askpass-username@example.com'\'':
253 test_expect_success 'internal getpass does not ask for known username' '
262 password=askpass-password
264 askpass: Password for '\''http://foo@example.com'\'':
268 test_expect_success 'git-credential respects core.askPass' '
269 write_script alternate-askpass <<-\EOF &&
270 echo >&2 "alternate askpass invoked"
273 test_config core.askpass "$PWD/alternate-askpass" &&
275 # unset GIT_ASKPASS set by lib-credential.sh which would
276 # override our config, but do so in a subshell so that we do
277 # not interfere with other tests
278 sane_unset GIT_ASKPASS &&
285 username=alternate-value
286 password=alternate-value
288 alternate askpass invoked
289 alternate askpass invoked
299 test_expect_success 'respect configured credentials' '
300 test_config credential.helper "$HELPER" &&
313 test_expect_success 'match configured credential' '
314 test_config credential.https://example.com.helper "$HELPER" &&
328 test_expect_success 'do not match configured credential' '
329 test_config credential.https://foo.helper "$HELPER" &&
336 username=askpass-username
337 password=askpass-password
339 askpass: Username for '\''https://bar'\'':
340 askpass: Password for '\''https://askpass-username@bar'\'':
344 test_expect_success 'match multiple configured helpers' '
345 test_config credential.helper "verbatim \"\" \"\"" &&
346 test_config credential.https://example.com.helper "$HELPER" &&
358 verbatim: protocol=https
359 verbatim: host=example.com
363 test_expect_success 'match multiple configured helpers with URLs' '
364 test_config credential.https://example.com/repo.git.helper "verbatim \"\" \"\"" &&
365 test_config credential.https://example.com.helper "$HELPER" &&
377 verbatim: protocol=https
378 verbatim: host=example.com
382 test_expect_success 'match percent-encoded values' '
383 test_config credential.https://example.com/%2566.git.helper "$HELPER" &&
385 url=https://example.com/%2566.git
395 test_expect_success 'match percent-encoded UTF-8 values in path' '
396 test_config credential.https://example.com.useHttpPath true &&
397 test_config credential.https://example.com/perĂº.git.helper "$HELPER" &&
399 url=https://example.com/per%C3%BA.git
410 test_expect_success 'match percent-encoded values in username' '
411 test_config credential.https://user%2fname@example.com/foo/bar.git.helper "$HELPER" &&
413 url=https://user%2fname@example.com/foo/bar.git
423 test_expect_success 'fetch with multiple path components' '
424 test_unconfig credential.helper &&
425 test_config credential.https://example.com/foo/repo.git.helper "verbatim foo bar" &&
427 url=https://example.com/foo/repo.git
435 verbatim: protocol=https
436 verbatim: host=example.com
440 test_expect_success 'pull username from config' '
441 test_config credential.https://example.com.username foo &&
449 password=askpass-password
451 askpass: Password for '\''https://foo@example.com'\'':
455 test_expect_success 'honors username from URL over helper (URL)' '
456 test_config credential.https://example.com.username bob &&
457 test_config credential.https://example.com.helper "verbatim \"\" bar" &&
459 url=https://alice@example.com
467 verbatim: protocol=https
468 verbatim: host=example.com
469 verbatim: username=alice
473 test_expect_success 'honors username from URL over helper (components)' '
474 test_config credential.https://example.com.username bob &&
475 test_config credential.https://example.com.helper "verbatim \"\" bar" &&
487 verbatim: protocol=https
488 verbatim: host=example.com
489 verbatim: username=alice
493 test_expect_success 'last matching username wins' '
494 test_config credential.https://example.com/path.git.username bob &&
495 test_config credential.https://example.com.username alice &&
496 test_config credential.https://example.com.helper "verbatim \"\" bar" &&
498 url=https://example.com/path.git
506 verbatim: protocol=https
507 verbatim: host=example.com
508 verbatim: username=alice
512 test_expect_success 'http paths can be part of context' '
513 check fill "verbatim foo bar" <<-\EOF &&
524 verbatim: protocol=https
525 verbatim: host=example.com
527 test_config credential.https://example.com.useHttpPath true &&
528 check fill "verbatim foo bar" <<-\EOF
540 verbatim: protocol=https
541 verbatim: host=example.com
542 verbatim: path=foo.git
546 test_expect_success 'context uses urlmatch' '
547 test_config "credential.https://*.org.useHttpPath" true &&
548 check fill "verbatim foo bar" <<-\EOF
560 verbatim: protocol=https
561 verbatim: host=example.org
562 verbatim: path=foo.git
566 test_expect_success 'helpers can abort the process' '
568 -c credential.helper=quit \
569 -c credential.helper="verbatim foo bar" \
570 credential fill >stdout 2>stderr <<-\EOF &&
574 test_must_be_empty stdout &&
575 cat >expect <<-\EOF &&
578 quit: host=example.com
579 fatal: credential helper '\''quit'\'' told us to quit
581 test_cmp expect stderr
584 test_expect_success 'empty helper spec resets helper list' '
585 test_config credential.helper "verbatim file file" &&
586 check fill "" "verbatim cmdline cmdline" <<-\EOF
596 verbatim: protocol=http
597 verbatim: host=example.com
601 test_expect_success 'url parser rejects embedded newlines' '
602 test_must_fail git credential fill 2>stderr <<-\EOF &&
603 url=https://one.example.com?%0ahost=two.example.com/
605 cat >expect <<-\EOF &&
606 warning: url contains a newline in its path component: https://one.example.com?%0ahost=two.example.com/
607 fatal: credential url cannot be parsed: https://one.example.com?%0ahost=two.example.com/
609 test_cmp expect stderr
612 test_expect_success 'host-less URLs are parsed as empty host' '
613 check fill "verbatim foo bar" <<-\EOF
614 url=cert:///path/to/cert.pem
618 path=path/to/cert.pem
623 verbatim: protocol=cert
625 verbatim: path=path/to/cert.pem
629 test_expect_success 'credential system refuses to work with missing host' '
630 test_must_fail git credential fill 2>stderr <<-\EOF &&
633 cat >expect <<-\EOF &&
634 fatal: refusing to work with credential missing host field
636 test_cmp expect stderr
639 test_expect_success 'credential system refuses to work with missing protocol' '
640 test_must_fail git credential fill 2>stderr <<-\EOF &&
643 cat >expect <<-\EOF &&
644 fatal: refusing to work with credential missing protocol field
646 test_cmp expect stderr
649 # usage: check_host_and_path <url> <expected-host> <expected-path>
650 check_host_and_path () {
651 # we always parse the path component, but we need this to make sure it
652 # is passed to the helper
653 test_config credential.useHTTPPath true &&
654 check fill "verbatim user pass" <<-EOF
664 verbatim: protocol=https
670 test_expect_success 'url parser handles bare query marker' '
671 check_host_and_path https://example.com?foo.git example.com ?foo.git
674 test_expect_success 'url parser handles bare fragment marker' '
675 check_host_and_path https://example.com#foo.git example.com "#foo.git"
678 test_expect_success 'url parser not confused by encoded markers' '
679 check_host_and_path https://example.com%23%3f%2f/foo.git \
680 "example.com#?/" foo.git
683 test_expect_success 'credential config with partial URLs' '
684 echo "echo password=yep" | write_script git-credential-yep &&
685 test_write_lines url=https://user@example.com/repo.git >stdin &&
690 https://example.com \
691 https://example.com/ \
692 https://user@example.com \
693 https://user@example.com/ \
694 https://example.com/repo.git \
695 https://user@example.com/repo.git \
698 git -c credential.$partial.helper=yep \
699 credential fill <stdin >stdout &&
709 git -c credential.$partial.helper=yep \
710 credential fill <stdin >stdout &&
715 git -c credential.$partial.helper=yep \
716 -c credential.with%0anewline.username=uh-oh \
717 credential fill <stdin >stdout 2>stderr &&
718 test_i18ngrep "skipping credential lookup for key" stderr