t / t0300-credentials.shon commit contrib: add credential helper for OS X Keychain (34961d3)
   1#!/bin/sh
   2
   3test_description='basic credential helper tests'
   4. ./test-lib.sh
   5. "$TEST_DIRECTORY"/lib-credential.sh
   6
   7test_expect_success 'setup helper scripts' '
   8        cat >dump <<-\EOF &&
   9        whoami=`echo $0 | sed s/.*git-credential-//`
  10        echo >&2 "$whoami: $*"
  11        while IFS== read key value; do
  12                echo >&2 "$whoami: $key=$value"
  13                eval "$key=$value"
  14        done
  15        EOF
  16
  17        cat >git-credential-useless <<-\EOF &&
  18        #!/bin/sh
  19        . ./dump
  20        exit 0
  21        EOF
  22        chmod +x git-credential-useless &&
  23
  24        cat >git-credential-verbatim <<-\EOF &&
  25        #!/bin/sh
  26        user=$1; shift
  27        pass=$1; shift
  28        . ./dump
  29        test -z "$user" || echo username=$user
  30        test -z "$pass" || echo password=$pass
  31        EOF
  32        chmod +x git-credential-verbatim &&
  33
  34        PATH="$PWD:$PATH"
  35'
  36
  37test_expect_success 'credential_fill invokes helper' '
  38        check fill "verbatim foo bar" <<-\EOF
  39        --
  40        username=foo
  41        password=bar
  42        --
  43        verbatim: get
  44        EOF
  45'
  46
  47test_expect_success 'credential_fill invokes multiple helpers' '
  48        check fill useless "verbatim foo bar" <<-\EOF
  49        --
  50        username=foo
  51        password=bar
  52        --
  53        useless: get
  54        verbatim: get
  55        EOF
  56'
  57
  58test_expect_success 'credential_fill stops when we get a full response' '
  59        check fill "verbatim one two" "verbatim three four" <<-\EOF
  60        --
  61        username=one
  62        password=two
  63        --
  64        verbatim: get
  65        EOF
  66'
  67
  68test_expect_success 'credential_fill continues through partial response' '
  69        check fill "verbatim one \"\"" "verbatim two three" <<-\EOF
  70        --
  71        username=two
  72        password=three
  73        --
  74        verbatim: get
  75        verbatim: get
  76        verbatim: username=one
  77        EOF
  78'
  79
  80test_expect_success 'credential_fill passes along metadata' '
  81        check fill "verbatim one two" <<-\EOF
  82        protocol=ftp
  83        host=example.com
  84        path=foo.git
  85        --
  86        username=one
  87        password=two
  88        --
  89        verbatim: get
  90        verbatim: protocol=ftp
  91        verbatim: host=example.com
  92        verbatim: path=foo.git
  93        EOF
  94'
  95
  96test_expect_success 'credential_approve calls all helpers' '
  97        check approve useless "verbatim one two" <<-\EOF
  98        username=foo
  99        password=bar
 100        --
 101        --
 102        useless: store
 103        useless: username=foo
 104        useless: password=bar
 105        verbatim: store
 106        verbatim: username=foo
 107        verbatim: password=bar
 108        EOF
 109'
 110
 111test_expect_success 'do not bother storing password-less credential' '
 112        check approve useless <<-\EOF
 113        username=foo
 114        --
 115        --
 116        EOF
 117'
 118
 119
 120test_expect_success 'credential_reject calls all helpers' '
 121        check reject useless "verbatim one two" <<-\EOF
 122        username=foo
 123        password=bar
 124        --
 125        --
 126        useless: erase
 127        useless: username=foo
 128        useless: password=bar
 129        verbatim: erase
 130        verbatim: username=foo
 131        verbatim: password=bar
 132        EOF
 133'
 134
 135test_expect_success 'usernames can be preserved' '
 136        check fill "verbatim \"\" three" <<-\EOF
 137        username=one
 138        --
 139        username=one
 140        password=three
 141        --
 142        verbatim: get
 143        verbatim: username=one
 144        EOF
 145'
 146
 147test_expect_success 'usernames can be overridden' '
 148        check fill "verbatim two three" <<-\EOF
 149        username=one
 150        --
 151        username=two
 152        password=three
 153        --
 154        verbatim: get
 155        verbatim: username=one
 156        EOF
 157'
 158
 159test_expect_success 'do not bother completing already-full credential' '
 160        check fill "verbatim three four" <<-\EOF
 161        username=one
 162        password=two
 163        --
 164        username=one
 165        password=two
 166        --
 167        EOF
 168'
 169
 170# We can't test the basic terminal password prompt here because
 171# getpass() tries too hard to find the real terminal. But if our
 172# askpass helper is run, we know the internal getpass is working.
 173test_expect_success 'empty helper list falls back to internal getpass' '
 174        check fill <<-\EOF
 175        --
 176        username=askpass-username
 177        password=askpass-password
 178        --
 179        askpass: Username:
 180        askpass: Password:
 181        EOF
 182'
 183
 184test_expect_success 'internal getpass does not ask for known username' '
 185        check fill <<-\EOF
 186        username=foo
 187        --
 188        username=foo
 189        password=askpass-password
 190        --
 191        askpass: Password:
 192        EOF
 193'
 194
 195HELPER="!f() {
 196                cat >/dev/null
 197                echo username=foo
 198                echo password=bar
 199        }; f"
 200test_expect_success 'respect configured credentials' '
 201        test_config credential.helper "$HELPER" &&
 202        check fill <<-\EOF
 203        --
 204        username=foo
 205        password=bar
 206        --
 207        EOF
 208'
 209
 210test_expect_success 'match configured credential' '
 211        test_config credential.https://example.com.helper "$HELPER" &&
 212        check fill <<-\EOF
 213        protocol=https
 214        host=example.com
 215        path=repo.git
 216        --
 217        username=foo
 218        password=bar
 219        --
 220        EOF
 221'
 222
 223test_expect_success 'do not match configured credential' '
 224        test_config credential.https://foo.helper "$HELPER" &&
 225        check fill <<-\EOF
 226        protocol=https
 227        host=bar
 228        --
 229        username=askpass-username
 230        password=askpass-password
 231        --
 232        askpass: Username for '\''https://bar'\'':
 233        askpass: Password for '\''https://askpass-username@bar'\'':
 234        EOF
 235'
 236
 237test_expect_success 'pull username from config' '
 238        test_config credential.https://example.com.username foo &&
 239        check fill <<-\EOF
 240        protocol=https
 241        host=example.com
 242        --
 243        username=foo
 244        password=askpass-password
 245        --
 246        askpass: Password for '\''https://foo@example.com'\'':
 247        EOF
 248'
 249
 250test_expect_success 'http paths can be part of context' '
 251        check fill "verbatim foo bar" <<-\EOF &&
 252        protocol=https
 253        host=example.com
 254        path=foo.git
 255        --
 256        username=foo
 257        password=bar
 258        --
 259        verbatim: get
 260        verbatim: protocol=https
 261        verbatim: host=example.com
 262        EOF
 263        test_config credential.https://example.com.useHttpPath true &&
 264        check fill "verbatim foo bar" <<-\EOF
 265        protocol=https
 266        host=example.com
 267        path=foo.git
 268        --
 269        username=foo
 270        password=bar
 271        --
 272        verbatim: get
 273        verbatim: protocol=https
 274        verbatim: host=example.com
 275        verbatim: path=foo.git
 276        EOF
 277'
 278
 279test_done