t / t0300-credentials.shon commit t0001: don't let a default ACL interfere with the umask test (d549d21)
   1#!/bin/sh
   2
   3test_description='basic credential helper tests'
   4. ./test-lib.sh
   5. "$TEST_DIRECTORY"/lib-credential.sh
   6
   7test_expect_success 'setup helper scripts' '
   8        cat >dump <<-\EOF &&
   9        whoami=$(echo $0 | sed s/.*git-credential-//)
  10        echo >&2 "$whoami: $*"
  11        OIFS=$IFS
  12        IFS==
  13        while read key value; do
  14                echo >&2 "$whoami: $key=$value"
  15                eval "$key=$value"
  16        done
  17        IFS=$OIFS
  18        EOF
  19
  20        write_script git-credential-useless <<-\EOF &&
  21        . ./dump
  22        exit 0
  23        EOF
  24
  25        write_script git-credential-verbatim <<-\EOF &&
  26        user=$1; shift
  27        pass=$1; shift
  28        . ./dump
  29        test -z "$user" || echo username=$user
  30        test -z "$pass" || echo password=$pass
  31        EOF
  32
  33        PATH="$PWD:$PATH"
  34'
  35
  36test_expect_success 'credential_fill invokes helper' '
  37        check fill "verbatim foo bar" <<-\EOF
  38        --
  39        username=foo
  40        password=bar
  41        --
  42        verbatim: get
  43        EOF
  44'
  45
  46test_expect_success 'credential_fill invokes multiple helpers' '
  47        check fill useless "verbatim foo bar" <<-\EOF
  48        --
  49        username=foo
  50        password=bar
  51        --
  52        useless: get
  53        verbatim: get
  54        EOF
  55'
  56
  57test_expect_success 'credential_fill stops when we get a full response' '
  58        check fill "verbatim one two" "verbatim three four" <<-\EOF
  59        --
  60        username=one
  61        password=two
  62        --
  63        verbatim: get
  64        EOF
  65'
  66
  67test_expect_success 'credential_fill continues through partial response' '
  68        check fill "verbatim one \"\"" "verbatim two three" <<-\EOF
  69        --
  70        username=two
  71        password=three
  72        --
  73        verbatim: get
  74        verbatim: get
  75        verbatim: username=one
  76        EOF
  77'
  78
  79test_expect_success 'credential_fill passes along metadata' '
  80        check fill "verbatim one two" <<-\EOF
  81        protocol=ftp
  82        host=example.com
  83        path=foo.git
  84        --
  85        protocol=ftp
  86        host=example.com
  87        path=foo.git
  88        username=one
  89        password=two
  90        --
  91        verbatim: get
  92        verbatim: protocol=ftp
  93        verbatim: host=example.com
  94        verbatim: path=foo.git
  95        EOF
  96'
  97
  98test_expect_success 'credential_approve calls all helpers' '
  99        check approve useless "verbatim one two" <<-\EOF
 100        username=foo
 101        password=bar
 102        --
 103        --
 104        useless: store
 105        useless: username=foo
 106        useless: password=bar
 107        verbatim: store
 108        verbatim: username=foo
 109        verbatim: password=bar
 110        EOF
 111'
 112
 113test_expect_success 'do not bother storing password-less credential' '
 114        check approve useless <<-\EOF
 115        username=foo
 116        --
 117        --
 118        EOF
 119'
 120
 121
 122test_expect_success 'credential_reject calls all helpers' '
 123        check reject useless "verbatim one two" <<-\EOF
 124        username=foo
 125        password=bar
 126        --
 127        --
 128        useless: erase
 129        useless: username=foo
 130        useless: password=bar
 131        verbatim: erase
 132        verbatim: username=foo
 133        verbatim: password=bar
 134        EOF
 135'
 136
 137test_expect_success 'usernames can be preserved' '
 138        check fill "verbatim \"\" three" <<-\EOF
 139        username=one
 140        --
 141        username=one
 142        password=three
 143        --
 144        verbatim: get
 145        verbatim: username=one
 146        EOF
 147'
 148
 149test_expect_success 'usernames can be overridden' '
 150        check fill "verbatim two three" <<-\EOF
 151        username=one
 152        --
 153        username=two
 154        password=three
 155        --
 156        verbatim: get
 157        verbatim: username=one
 158        EOF
 159'
 160
 161test_expect_success 'do not bother completing already-full credential' '
 162        check fill "verbatim three four" <<-\EOF
 163        username=one
 164        password=two
 165        --
 166        username=one
 167        password=two
 168        --
 169        EOF
 170'
 171
 172# We can't test the basic terminal password prompt here because
 173# getpass() tries too hard to find the real terminal. But if our
 174# askpass helper is run, we know the internal getpass is working.
 175test_expect_success 'empty helper list falls back to internal getpass' '
 176        check fill <<-\EOF
 177        --
 178        username=askpass-username
 179        password=askpass-password
 180        --
 181        askpass: Username:
 182        askpass: Password:
 183        EOF
 184'
 185
 186test_expect_success 'internal getpass does not ask for known username' '
 187        check fill <<-\EOF
 188        username=foo
 189        --
 190        username=foo
 191        password=askpass-password
 192        --
 193        askpass: Password:
 194        EOF
 195'
 196
 197HELPER="!f() {
 198                cat >/dev/null
 199                echo username=foo
 200                echo password=bar
 201        }; f"
 202test_expect_success 'respect configured credentials' '
 203        test_config credential.helper "$HELPER" &&
 204        check fill <<-\EOF
 205        --
 206        username=foo
 207        password=bar
 208        --
 209        EOF
 210'
 211
 212test_expect_success 'match configured credential' '
 213        test_config credential.https://example.com.helper "$HELPER" &&
 214        check fill <<-\EOF
 215        protocol=https
 216        host=example.com
 217        path=repo.git
 218        --
 219        protocol=https
 220        host=example.com
 221        username=foo
 222        password=bar
 223        --
 224        EOF
 225'
 226
 227test_expect_success 'do not match configured credential' '
 228        test_config credential.https://foo.helper "$HELPER" &&
 229        check fill <<-\EOF
 230        protocol=https
 231        host=bar
 232        --
 233        protocol=https
 234        host=bar
 235        username=askpass-username
 236        password=askpass-password
 237        --
 238        askpass: Username for '\''https://bar'\'':
 239        askpass: Password for '\''https://askpass-username@bar'\'':
 240        EOF
 241'
 242
 243test_expect_success 'pull username from config' '
 244        test_config credential.https://example.com.username foo &&
 245        check fill <<-\EOF
 246        protocol=https
 247        host=example.com
 248        --
 249        protocol=https
 250        host=example.com
 251        username=foo
 252        password=askpass-password
 253        --
 254        askpass: Password for '\''https://foo@example.com'\'':
 255        EOF
 256'
 257
 258test_expect_success 'http paths can be part of context' '
 259        check fill "verbatim foo bar" <<-\EOF &&
 260        protocol=https
 261        host=example.com
 262        path=foo.git
 263        --
 264        protocol=https
 265        host=example.com
 266        username=foo
 267        password=bar
 268        --
 269        verbatim: get
 270        verbatim: protocol=https
 271        verbatim: host=example.com
 272        EOF
 273        test_config credential.https://example.com.useHttpPath true &&
 274        check fill "verbatim foo bar" <<-\EOF
 275        protocol=https
 276        host=example.com
 277        path=foo.git
 278        --
 279        protocol=https
 280        host=example.com
 281        path=foo.git
 282        username=foo
 283        password=bar
 284        --
 285        verbatim: get
 286        verbatim: protocol=https
 287        verbatim: host=example.com
 288        verbatim: path=foo.git
 289        EOF
 290'
 291
 292test_expect_success 'helpers can abort the process' '
 293        test_must_fail git \
 294                -c credential.helper="!f() { echo quit=1; }; f" \
 295                -c credential.helper="verbatim foo bar" \
 296                credential fill >stdout &&
 297        >expect &&
 298        test_cmp expect stdout
 299'
 300
 301test_done