Merge branch 'jk/maint-http-half-auth-push' into maint-1.7.11
authorJunio C Hamano <gitster@pobox.com>
Wed, 12 Sep 2012 20:58:22 +0000 (13:58 -0700)
committerJunio C Hamano <gitster@pobox.com>
Wed, 12 Sep 2012 20:58:23 +0000 (13:58 -0700)
Pushing to smart HTTP server with recent Git fails without having
the username in the URL to force authentication, if the server is
configured to allow GET anonymously, while requiring authentication
for POST.

* jk/maint-http-half-auth-push:
http: prompt for credentials on failed POST
http: factor out http error code handling
t: test http access to "half-auth" repositories
t: test basic smart-http authentication
t/lib-httpd: recognize */smart/* repos as smart-http
t/lib-httpd: only route auth/dumb to dumb repos
t5550: factor out http auth setup
t5550: put auth-required repo in auth/dumb

1  2 
http.c
t/t5551-http-fetch.sh
diff --combined http.c
index 5cb87f16f25fe3d32e2594c8c6325d562eddc9ca,7c4a4072f24647bd3ab6cb6c24142d31c595bb86..0a27b146adb15ad97407ed2c196878058f0ccec8
--- 1/http.c
--- 2/http.c
+++ b/http.c
@@@ -744,6 -744,33 +744,33 @@@ char *get_remote_object_url(const char 
        return strbuf_detach(&buf, NULL);
  }
  
+ int handle_curl_result(struct active_request_slot *slot)
+ {
+       struct slot_results *results = slot->results;
+       if (results->curl_result == CURLE_OK) {
+               credential_approve(&http_auth);
+               return HTTP_OK;
+       } else if (missing_target(results))
+               return HTTP_MISSING_TARGET;
+       else if (results->http_code == 401) {
+               if (http_auth.username && http_auth.password) {
+                       credential_reject(&http_auth);
+                       return HTTP_NOAUTH;
+               } else {
+                       credential_fill(&http_auth);
+                       init_curl_http_auth(slot->curl);
+                       return HTTP_REAUTH;
+               }
+       } else {
+               if (!curl_errorstr[0])
+                       strlcpy(curl_errorstr,
+                               curl_easy_strerror(results->curl_result),
+                               sizeof(curl_errorstr));
+               return HTTP_ERROR;
+       }
+ }
  /* http_request() targets */
  #define HTTP_REQUEST_STRBUF   0
  #define HTTP_REQUEST_FILE     1
@@@ -791,26 -818,7 +818,7 @@@ static int http_request(const char *url
  
        if (start_active_slot(slot)) {
                run_active_slot(slot);
-               if (results.curl_result == CURLE_OK)
-                       ret = HTTP_OK;
-               else if (missing_target(&results))
-                       ret = HTTP_MISSING_TARGET;
-               else if (results.http_code == 401) {
-                       if (http_auth.username && http_auth.password) {
-                               credential_reject(&http_auth);
-                               ret = HTTP_NOAUTH;
-                       } else {
-                               credential_fill(&http_auth);
-                               init_curl_http_auth(slot->curl);
-                               ret = HTTP_REAUTH;
-                       }
-               } else {
-                       if (!curl_errorstr[0])
-                               strlcpy(curl_errorstr,
-                                       curl_easy_strerror(results.curl_result),
-                                       sizeof(curl_errorstr));
-                       ret = HTTP_ERROR;
-               }
+               ret = handle_curl_result(slot);
        } else {
                error("Unable to start HTTP request for %s", url);
                ret = HTTP_START_FAILED;
        curl_slist_free_all(headers);
        strbuf_release(&buf);
  
-       if (ret == HTTP_OK)
-               credential_approve(&http_auth);
        return ret;
  }
  
@@@ -917,7 -922,7 +922,7 @@@ static char *fetch_pack_index(unsigned 
        tmp = strbuf_detach(&buf, NULL);
  
        if (http_get_file(url, tmp, 0) != HTTP_OK) {
 -              error("Unable to get pack index %s\n", url);
 +              error("Unable to get pack index %s", url);
                free(tmp);
                tmp = NULL;
        }
diff --combined t/t5551-http-fetch.sh
index 91eaf53d1d30f7719e93e88b674f60b6c6eaa376,7380f2a2dd3f22d65a10389d8197af94f9ea4123..2db5c3564181818efdf885188d7cc597024c6f12
@@@ -27,6 -27,8 +27,8 @@@ test_expect_success 'create http-access
        git push public master:master
  '
  
+ setup_askpass_helper
  cat >exp <<EOF
  > GET /smart/repo.git/info/refs?service=git-upload-pack HTTP/1.1
  > Accept: */*
@@@ -109,12 -111,30 +111,30 @@@ test_expect_success 'follow redirects (
        git clone $HTTPD_URL/smart-redir-temp/repo.git --quiet repo-t
  '
  
+ test_expect_success 'clone from password-protected repository' '
+       echo two >expect &&
+       set_askpass user@host &&
+       git clone --bare "$HTTPD_URL/auth/smart/repo.git" smart-auth &&
+       expect_askpass both user@host &&
+       git --git-dir=smart-auth log -1 --format=%s >actual &&
+       test_cmp expect actual
+ '
+ test_expect_success 'clone from auth-only-for-push repository' '
+       echo two >expect &&
+       set_askpass wrong &&
+       git clone --bare "$HTTPD_URL/auth-push/smart/repo.git" smart-noauth &&
+       expect_askpass none &&
+       git --git-dir=smart-noauth log -1 --format=%s >actual &&
+       test_cmp expect actual
+ '
  test -n "$GIT_TEST_LONG" && test_set_prereq EXPENSIVE
  
  test_expect_success EXPENSIVE 'create 50,000 tags in the repo' '
        (
        cd "$HTTPD_DOCUMENT_ROOT_PATH/repo.git" &&
 -      for i in `seq 50000`
 +      for i in `test_seq 50000`
        do
                echo "commit refs/heads/too-many-refs"
                echo "mark :$i"
        done | git fast-import --export-marks=marks &&
  
        # now assign tags to all the dangling commits we created above
 -      tag=$(perl -e "print \"bla\" x 30") &&
 +      tag=$("$PERL_PATH" -e "print \"bla\" x 30") &&
        sed -e "s/^:\(.\+\) \(.\+\)$/\2 refs\/tags\/$tag-\1/" <marks >>packed-refs
        )
  '