t7600: use test_write_lines()
[git] / t / t0300-credentials.sh
1 #!/bin/sh
2
3 test_description='basic credential helper tests'
4 . ./test-lib.sh
5 . "$TEST_DIRECTORY"/lib-credential.sh
6
7 test_expect_success 'setup helper scripts' '
8         cat >dump <<-\EOF &&
9         whoami=$(echo $0 | sed s/.*git-credential-//)
10         echo >&2 "$whoami: $*"
11         OIFS=$IFS
12         IFS==
13         while read key value; do
14                 echo >&2 "$whoami: $key=$value"
15                 eval "$key=$value"
16         done
17         IFS=$OIFS
18         EOF
19
20         write_script git-credential-useless <<-\EOF &&
21         . ./dump
22         exit 0
23         EOF
24
25         write_script git-credential-verbatim <<-\EOF &&
26         user=$1; shift
27         pass=$1; shift
28         . ./dump
29         test -z "$user" || echo username=$user
30         test -z "$pass" || echo password=$pass
31         EOF
32
33         PATH="$PWD:$PATH"
34 '
35
36 test_expect_success 'credential_fill invokes helper' '
37         check fill "verbatim foo bar" <<-\EOF
38         --
39         username=foo
40         password=bar
41         --
42         verbatim: get
43         EOF
44 '
45
46 test_expect_success 'credential_fill invokes multiple helpers' '
47         check fill useless "verbatim foo bar" <<-\EOF
48         --
49         username=foo
50         password=bar
51         --
52         useless: get
53         verbatim: get
54         EOF
55 '
56
57 test_expect_success 'credential_fill stops when we get a full response' '
58         check fill "verbatim one two" "verbatim three four" <<-\EOF
59         --
60         username=one
61         password=two
62         --
63         verbatim: get
64         EOF
65 '
66
67 test_expect_success 'credential_fill continues through partial response' '
68         check fill "verbatim one \"\"" "verbatim two three" <<-\EOF
69         --
70         username=two
71         password=three
72         --
73         verbatim: get
74         verbatim: get
75         verbatim: username=one
76         EOF
77 '
78
79 test_expect_success 'credential_fill passes along metadata' '
80         check fill "verbatim one two" <<-\EOF
81         protocol=ftp
82         host=example.com
83         path=foo.git
84         --
85         protocol=ftp
86         host=example.com
87         path=foo.git
88         username=one
89         password=two
90         --
91         verbatim: get
92         verbatim: protocol=ftp
93         verbatim: host=example.com
94         verbatim: path=foo.git
95         EOF
96 '
97
98 test_expect_success 'credential_approve calls all helpers' '
99         check approve useless "verbatim one two" <<-\EOF
100         username=foo
101         password=bar
102         --
103         --
104         useless: store
105         useless: username=foo
106         useless: password=bar
107         verbatim: store
108         verbatim: username=foo
109         verbatim: password=bar
110         EOF
111 '
112
113 test_expect_success 'do not bother storing password-less credential' '
114         check approve useless <<-\EOF
115         username=foo
116         --
117         --
118         EOF
119 '
120
121
122 test_expect_success 'credential_reject calls all helpers' '
123         check reject useless "verbatim one two" <<-\EOF
124         username=foo
125         password=bar
126         --
127         --
128         useless: erase
129         useless: username=foo
130         useless: password=bar
131         verbatim: erase
132         verbatim: username=foo
133         verbatim: password=bar
134         EOF
135 '
136
137 test_expect_success 'usernames can be preserved' '
138         check fill "verbatim \"\" three" <<-\EOF
139         username=one
140         --
141         username=one
142         password=three
143         --
144         verbatim: get
145         verbatim: username=one
146         EOF
147 '
148
149 test_expect_success 'usernames can be overridden' '
150         check fill "verbatim two three" <<-\EOF
151         username=one
152         --
153         username=two
154         password=three
155         --
156         verbatim: get
157         verbatim: username=one
158         EOF
159 '
160
161 test_expect_success 'do not bother completing already-full credential' '
162         check fill "verbatim three four" <<-\EOF
163         username=one
164         password=two
165         --
166         username=one
167         password=two
168         --
169         EOF
170 '
171
172 # We can't test the basic terminal password prompt here because
173 # getpass() tries too hard to find the real terminal. But if our
174 # askpass helper is run, we know the internal getpass is working.
175 test_expect_success 'empty helper list falls back to internal getpass' '
176         check fill <<-\EOF
177         --
178         username=askpass-username
179         password=askpass-password
180         --
181         askpass: Username:
182         askpass: Password:
183         EOF
184 '
185
186 test_expect_success 'internal getpass does not ask for known username' '
187         check fill <<-\EOF
188         username=foo
189         --
190         username=foo
191         password=askpass-password
192         --
193         askpass: Password:
194         EOF
195 '
196
197 HELPER="!f() {
198                 cat >/dev/null
199                 echo username=foo
200                 echo password=bar
201         }; f"
202 test_expect_success 'respect configured credentials' '
203         test_config credential.helper "$HELPER" &&
204         check fill <<-\EOF
205         --
206         username=foo
207         password=bar
208         --
209         EOF
210 '
211
212 test_expect_success 'match configured credential' '
213         test_config credential.https://example.com.helper "$HELPER" &&
214         check fill <<-\EOF
215         protocol=https
216         host=example.com
217         path=repo.git
218         --
219         protocol=https
220         host=example.com
221         username=foo
222         password=bar
223         --
224         EOF
225 '
226
227 test_expect_success 'do not match configured credential' '
228         test_config credential.https://foo.helper "$HELPER" &&
229         check fill <<-\EOF
230         protocol=https
231         host=bar
232         --
233         protocol=https
234         host=bar
235         username=askpass-username
236         password=askpass-password
237         --
238         askpass: Username for '\''https://bar'\'':
239         askpass: Password for '\''https://askpass-username@bar'\'':
240         EOF
241 '
242
243 test_expect_success 'match multiple configured helpers' '
244         test_config credential.helper "verbatim \"\" \"\"" &&
245         test_config credential.https://example.com.helper "$HELPER" &&
246         check fill <<-\EOF
247         protocol=https
248         host=example.com
249         path=repo.git
250         --
251         protocol=https
252         host=example.com
253         username=foo
254         password=bar
255         --
256         verbatim: get
257         verbatim: protocol=https
258         verbatim: host=example.com
259         EOF
260 '
261
262 test_expect_success 'match multiple configured helpers with URLs' '
263         test_config credential.https://example.com/repo.git.helper "verbatim \"\" \"\"" &&
264         test_config credential.https://example.com.helper "$HELPER" &&
265         check fill <<-\EOF
266         protocol=https
267         host=example.com
268         path=repo.git
269         --
270         protocol=https
271         host=example.com
272         username=foo
273         password=bar
274         --
275         verbatim: get
276         verbatim: protocol=https
277         verbatim: host=example.com
278         EOF
279 '
280
281 test_expect_success 'match percent-encoded values' '
282         test_config credential.https://example.com/%2566.git.helper "$HELPER" &&
283         check fill <<-\EOF
284         url=https://example.com/%2566.git
285         --
286         protocol=https
287         host=example.com
288         username=foo
289         password=bar
290         --
291         EOF
292 '
293
294 test_expect_success 'pull username from config' '
295         test_config credential.https://example.com.username foo &&
296         check fill <<-\EOF
297         protocol=https
298         host=example.com
299         --
300         protocol=https
301         host=example.com
302         username=foo
303         password=askpass-password
304         --
305         askpass: Password for '\''https://foo@example.com'\'':
306         EOF
307 '
308
309 test_expect_success 'honors username from URL over helper (URL)' '
310         test_config credential.https://example.com.username bob &&
311         test_config credential.https://example.com.helper "verbatim \"\" bar" &&
312         check fill <<-\EOF
313         url=https://alice@example.com
314         --
315         protocol=https
316         host=example.com
317         username=alice
318         password=bar
319         --
320         verbatim: get
321         verbatim: protocol=https
322         verbatim: host=example.com
323         verbatim: username=alice
324         EOF
325 '
326
327 test_expect_success 'honors username from URL over helper (components)' '
328         test_config credential.https://example.com.username bob &&
329         test_config credential.https://example.com.helper "verbatim \"\" bar" &&
330         check fill <<-\EOF
331         protocol=https
332         host=example.com
333         username=alice
334         --
335         protocol=https
336         host=example.com
337         username=alice
338         password=bar
339         --
340         verbatim: get
341         verbatim: protocol=https
342         verbatim: host=example.com
343         verbatim: username=alice
344         EOF
345 '
346
347 test_expect_success 'last matching username wins' '
348         test_config credential.https://example.com/path.git.username bob &&
349         test_config credential.https://example.com.username alice &&
350         test_config credential.https://example.com.helper "verbatim \"\" bar" &&
351         check fill <<-\EOF
352         url=https://example.com/path.git
353         --
354         protocol=https
355         host=example.com
356         username=alice
357         password=bar
358         --
359         verbatim: get
360         verbatim: protocol=https
361         verbatim: host=example.com
362         verbatim: username=alice
363         EOF
364 '
365
366 test_expect_success 'http paths can be part of context' '
367         check fill "verbatim foo bar" <<-\EOF &&
368         protocol=https
369         host=example.com
370         path=foo.git
371         --
372         protocol=https
373         host=example.com
374         username=foo
375         password=bar
376         --
377         verbatim: get
378         verbatim: protocol=https
379         verbatim: host=example.com
380         EOF
381         test_config credential.https://example.com.useHttpPath true &&
382         check fill "verbatim foo bar" <<-\EOF
383         protocol=https
384         host=example.com
385         path=foo.git
386         --
387         protocol=https
388         host=example.com
389         path=foo.git
390         username=foo
391         password=bar
392         --
393         verbatim: get
394         verbatim: protocol=https
395         verbatim: host=example.com
396         verbatim: path=foo.git
397         EOF
398 '
399
400 test_expect_success 'context uses urlmatch' '
401         test_config "credential.https://*.org.useHttpPath" true &&
402         check fill "verbatim foo bar" <<-\EOF
403         protocol=https
404         host=example.org
405         path=foo.git
406         --
407         protocol=https
408         host=example.org
409         path=foo.git
410         username=foo
411         password=bar
412         --
413         verbatim: get
414         verbatim: protocol=https
415         verbatim: host=example.org
416         verbatim: path=foo.git
417         EOF
418 '
419
420 test_expect_success 'helpers can abort the process' '
421         test_must_fail git \
422                 -c credential.helper="!f() { echo quit=1; }; f" \
423                 -c credential.helper="verbatim foo bar" \
424                 credential fill >stdout &&
425         test_must_be_empty stdout
426 '
427
428 test_expect_success 'empty helper spec resets helper list' '
429         test_config credential.helper "verbatim file file" &&
430         check fill "" "verbatim cmdline cmdline" <<-\EOF
431         --
432         username=cmdline
433         password=cmdline
434         --
435         verbatim: get
436         EOF
437 '
438
439 test_done