On 2023-02-15 14:15, Junio C Hamano wrote:
> "Matthew John Cheetham via GitGitGadget" <gitgitgadget@xxxxxxxxx>
> writes:
>
>> +if test -n "$HTTP_AUTHORIZATION" && \
>> + grep -qsi "^${HTTP_AUTHORIZATION}\$" "$VALID_CREDS_FILE"
>
> Do we require a regexp match (and worry about metacharacters in
> HTTP_AUTHORIZATION variable), or would we want to use "grep -F -x"
> here to force match with the entire line?
You're right. We don't need a regex match here. Will fix.
>> +then
>> + # Note that although git-http-backend returns a status line, it
>> + # does so using a CGI 'Status' header. Because this script is an
>> + # No Parsed Headers (NPH) script, we must return a real HTTP
>> + # status line.
>> + # This is only a test script, so we don't bother to check for
>> + # the actual status from git-http-backend and always return 200.
>> + echo 'HTTP/1.1 200 OK'
>> + exec "$GIT_EXEC_PATH"/git-http-backend
>> +fi
>
> OK. That's the successful auth case. Otherwise ...
>
>> +echo 'HTTP/1.1 401 Authorization Required'
>> +if test -f "$CHALLENGE_FILE"
>> +then
>> + cat "$CHALLENGE_FILE"
>> +fi
>> +echo
>
> OK. We'll just give a challenge.
>
>> diff --git a/t/t5563-simple-http-auth.sh b/t/t5563-simple-http-auth.sh
>> new file mode 100755
>> index 00000000000..e0682039de7
>> --- /dev/null
>> +++ b/t/t5563-simple-http-auth.sh
>> @@ -0,0 +1,81 @@
>> +#!/bin/sh
>> +
>> +test_description='test http auth header and credential helper interop'
>> +
>> +. ./test-lib.sh
>> +. "$TEST_DIRECTORY"/lib-httpd.sh
>> +
>> +start_httpd
>> +
>> +test_expect_success 'setup_credential_helper' '
>> + mkdir "$TRASH_DIRECTORY/bin" &&
>> + PATH=$PATH:"$TRASH_DIRECTORY/bin" &&
>> + export PATH &&
>> +
>> + CREDENTIAL_HELPER="$TRASH_DIRECTORY/bin/git-credential-test-helper" &&
>> + write_script "$CREDENTIAL_HELPER" <<-\EOF
>> + cmd=$1
>> + teefile=$cmd-query.cred
>> + catfile=$cmd-reply.cred
>> + sed -n -e "/^$/q" -e "p" >>$teefile
>> + if test "$cmd" = "get"
>> + then
>> + cat $catfile
>> + fi
>> + EOF
>> +'
>> +
>> +set_credential_reply() {
>
> Style. Have SP before "()" as well as after.
Will fix.
>> + cat >"$TRASH_DIRECTORY/$1-reply.cred"
>> +}
>> +
>> +expect_credential_query() {
>
> Style. Have SP before "()" as well as after.
Ditto.
>> + cat >"$TRASH_DIRECTORY/$1-expect.cred" &&
>> + test_cmp "$TRASH_DIRECTORY/$1-expect.cred" \
>> + "$TRASH_DIRECTORY/$1-query.cred"
>> +}
>> +
>> +per_test_cleanup () {
>> + rm -f *.cred &&
>> + rm -f "$HTTPD_ROOT_PATH"/custom-auth.*
>> +}
>> +
>> +test_expect_success 'setup repository' '
>> + test_commit foo &&
>> + git init --bare "$HTTPD_DOCUMENT_ROOT_PATH/repo.git" &&
>> + git push --mirror "$HTTPD_DOCUMENT_ROOT_PATH/repo.git"
>> +'
>
> OK.
>
>> +test_expect_success 'access using basic auth' '
>> + test_when_finished "per_test_cleanup" &&
>> +
>> + set_credential_reply get <<-EOF &&
>> + username=alice
>> + password=secret-passwd
>> + EOF
>> +
>> + cat >"$HTTPD_ROOT_PATH/custom-auth.valid" <<-EOF &&
>> + Basic YWxpY2U6c2VjcmV0LXBhc3N3ZA==
>> + EOF
>
> Perhaps we want to note that this matches the "alice:secret-passwd"
> we prepared earlier?
Good point. It's helpful. Will re-introduce.
>> + cat >"$HTTPD_ROOT_PATH/custom-auth.challenge" <<-EOF &&
>> + WWW-Authenticate: Basic realm="example.com"
>> + EOF
>
> OK.
>
>> + test_config_global credential.helper test-helper &&
>> + git ls-remote "$HTTPD_URL/custom_auth/repo.git" &&
>> +
>> + expect_credential_query get <<-EOF &&
>> + protocol=http
>> + host=$HTTPD_DEST
>> + EOF
>> +
>> + expect_credential_query store <<-EOF
>> + protocol=http
>> + host=$HTTPD_DEST
>> + username=alice
>> + password=secret-passwd
>> + EOF
>> +'
>
> OK.
>
>> +test_done
