#!/bin/sh global test_description := ''basic credential helper tests'' source ./test-lib.sh source "$TEST_DIRECTORY"/lib-credential.sh test_expect_success 'setup helper scripts' ' cat >dump <<-\EOF && whoami=$(echo $0 | sed s/.*git-credential-//) echo >&2 "$whoami: $*" OIFS=$IFS IFS== while read key value; do echo >&2 "$whoami: $key=$value" eval "$key=$value" done IFS=$OIFS EOF write_script git-credential-useless <<-\EOF && . ./dump exit 0 EOF write_script git-credential-verbatim <<-\EOF && user=$1; shift pass=$1; shift . ./dump test -z "$user" || echo username=$user test -z "$pass" || echo password=$pass EOF PATH="$PWD:$PATH" ' test_expect_success 'credential_fill invokes helper' ' check fill "verbatim foo bar" <<-\EOF -- username=foo password=bar -- verbatim: get EOF ' test_expect_success 'credential_fill invokes multiple helpers' ' check fill useless "verbatim foo bar" <<-\EOF -- username=foo password=bar -- useless: get verbatim: get EOF ' test_expect_success 'credential_fill stops when we get a full response' ' check fill "verbatim one two" "verbatim three four" <<-\EOF -- username=one password=two -- verbatim: get EOF ' test_expect_success 'credential_fill continues through partial response' ' check fill "verbatim one \"\"" "verbatim two three" <<-\EOF -- username=two password=three -- verbatim: get verbatim: get verbatim: username=one EOF ' test_expect_success 'credential_fill passes along metadata' ' check fill "verbatim one two" <<-\EOF protocol=ftp host=example.com path=foo.git -- protocol=ftp host=example.com path=foo.git username=one password=two -- verbatim: get verbatim: protocol=ftp verbatim: host=example.com verbatim: path=foo.git EOF ' test_expect_success 'credential_approve calls all helpers' ' check approve useless "verbatim one two" <<-\EOF username=foo password=bar -- -- useless: store useless: username=foo useless: password=bar verbatim: store verbatim: username=foo verbatim: password=bar EOF ' test_expect_success 'do not bother storing password-less credential' ' check approve useless <<-\EOF username=foo -- -- EOF ' test_expect_success 'credential_reject calls all helpers' ' check reject useless "verbatim one two" <<-\EOF username=foo password=bar -- -- useless: erase useless: username=foo useless: password=bar verbatim: erase verbatim: username=foo verbatim: password=bar EOF ' test_expect_success 'usernames can be preserved' ' check fill "verbatim \"\" three" <<-\EOF username=one -- username=one password=three -- verbatim: get verbatim: username=one EOF ' test_expect_success 'usernames can be overridden' ' check fill "verbatim two three" <<-\EOF username=one -- username=two password=three -- verbatim: get verbatim: username=one EOF ' test_expect_success 'do not bother completing already-full credential' ' check fill "verbatim three four" <<-\EOF username=one password=two -- username=one password=two -- EOF ' # We can't test the basic terminal password prompt here because # getpass() tries too hard to find the real terminal. But if our # askpass helper is run, we know the internal getpass is working. test_expect_success 'empty helper list falls back to internal getpass' ' check fill <<-\EOF -- username=askpass-username password=askpass-password -- askpass: Username: askpass: Password: EOF ' test_expect_success 'internal getpass does not ask for known username' ' check fill <<-\EOF username=foo -- username=foo password=askpass-password -- askpass: Password: EOF ' global HELPER := '"!f() { cat >/dev/null echo username=foo echo password=bar }; f'" test_expect_success 'respect configured credentials' ' test_config credential.helper "$HELPER" && check fill <<-\EOF -- username=foo password=bar -- EOF ' test_expect_success 'match configured credential' ' test_config credential.https://example.com.helper "$HELPER" && check fill <<-\EOF protocol=https host=example.com path=repo.git -- protocol=https host=example.com username=foo password=bar -- EOF ' test_expect_success 'do not match configured credential' ' test_config credential.https://foo.helper "$HELPER" && check fill <<-\EOF protocol=https host=bar -- protocol=https host=bar username=askpass-username password=askpass-password -- askpass: Username for '''''https://bar''''': askpass: Password for '''''https://askpass-username@bar''''': EOF ' test_expect_success 'pull username from config' ' test_config credential.https://example.com.username foo && check fill <<-\EOF protocol=https host=example.com -- protocol=https host=example.com username=foo password=askpass-password -- askpass: Password for '''''https://foo@example.com''''': EOF ' test_expect_success 'http paths can be part of context' ' check fill "verbatim foo bar" <<-\EOF && protocol=https host=example.com path=foo.git -- protocol=https host=example.com username=foo password=bar -- verbatim: get verbatim: protocol=https verbatim: host=example.com EOF test_config credential.https://example.com.useHttpPath true && check fill "verbatim foo bar" <<-\EOF protocol=https host=example.com path=foo.git -- protocol=https host=example.com path=foo.git username=foo password=bar -- verbatim: get verbatim: protocol=https verbatim: host=example.com verbatim: path=foo.git EOF ' test_expect_success 'helpers can abort the process' ' test_must_fail git \ -c credential.helper="!f() { echo quit=1; }; f" \ -c credential.helper="verbatim foo bar" \ credential fill >stdout && >expect && test_cmp expect stdout ' test_expect_success 'empty helper spec resets helper list' ' test_config credential.helper "verbatim file file" && check fill "" "verbatim cmdline cmdline" <<-\EOF -- username=cmdline password=cmdline -- verbatim: get EOF ' test_done (CommandList children: [ (Assignment keyword: Assign_None pairs: [ (assign_pair lhs: (LhsName name:test_description) op: Equal rhs: {(SQ <"basic credential helper tests">)} spids: [4] ) ] spids: [4] ) (C {(.)} {(./test-lib.sh)}) (C {(.)} {(DQ ($ VSub_Name "$TEST_DIRECTORY")) (/lib-credential.sh)}) (C {(test_expect_success)} {(SQ <"setup helper scripts">)} { (SQ <"\n"> <"\tcat >dump <<-\\EOF &&\n"> <"\twhoami=$(echo $0 | sed s/.*git-credential-//)\n"> <"\techo >&2 \"$whoami: $*\"\n"> <"\tOIFS=$IFS\n"> <"\tIFS==\n"> <"\twhile read key value; do\n"> <"\t\techo >&2 \"$whoami: $key=$value\"\n"> <"\t\teval \"$key=$value\"\n"> <"\tdone\n"> <"\tIFS=$OIFS\n"> <"\tEOF\n"> <"\n"> <"\twrite_script git-credential-useless <<-\\EOF &&\n"> <"\t. ./dump\n"> <"\texit 0\n"> <"\tEOF\n"> <"\n"> <"\twrite_script git-credential-verbatim <<-\\EOF &&\n"> <"\tuser=$1; shift\n"> <"\tpass=$1; shift\n"> <"\t. ./dump\n"> <"\ttest -z \"$user\" || echo username=$user\n"> <"\ttest -z \"$pass\" || echo password=$pass\n"> <"\tEOF\n"> <"\n"> <"\tPATH=\"$PWD:$PATH\"\n"> ) } ) (C {(test_expect_success)} {(SQ <"credential_fill invokes helper">)} { (SQ <"\n"> <"\tcheck fill \"verbatim foo bar\" <<-\\EOF\n"> <"\t--\n"> <"\tusername=foo\n"> <"\tpassword=bar\n"> <"\t--\n"> <"\tverbatim: get\n"> <"\tEOF\n"> ) } ) (C {(test_expect_success)} {(SQ <"credential_fill invokes multiple helpers">)} { (SQ <"\n"> <"\tcheck fill useless \"verbatim foo bar\" <<-\\EOF\n"> <"\t--\n"> <"\tusername=foo\n"> <"\tpassword=bar\n"> <"\t--\n"> <"\tuseless: get\n"> <"\tverbatim: get\n"> <"\tEOF\n"> ) } ) (C {(test_expect_success)} {(SQ <"credential_fill stops when we get a full response">)} { (SQ <"\n"> <"\tcheck fill \"verbatim one two\" \"verbatim three four\" <<-\\EOF\n"> <"\t--\n"> <"\tusername=one\n"> <"\tpassword=two\n"> <"\t--\n"> <"\tverbatim: get\n"> <"\tEOF\n"> ) } ) (C {(test_expect_success)} {(SQ <"credential_fill continues through partial response">)} { (SQ <"\n"> <"\tcheck fill \"verbatim one \\\"\\\"\" \"verbatim two three\" <<-\\EOF\n"> <"\t--\n"> <"\tusername=two\n"> <"\tpassword=three\n"> <"\t--\n"> <"\tverbatim: get\n"> <"\tverbatim: get\n"> <"\tverbatim: username=one\n"> <"\tEOF\n"> ) } ) (C {(test_expect_success)} {(SQ <"credential_fill passes along metadata">)} { (SQ <"\n"> <"\tcheck fill \"verbatim one two\" <<-\\EOF\n"> <"\tprotocol=ftp\n"> <"\thost=example.com\n"> <"\tpath=foo.git\n"> <"\t--\n"> <"\tprotocol=ftp\n"> <"\thost=example.com\n"> <"\tpath=foo.git\n"> <"\tusername=one\n"> <"\tpassword=two\n"> <"\t--\n"> <"\tverbatim: get\n"> <"\tverbatim: protocol=ftp\n"> <"\tverbatim: host=example.com\n"> <"\tverbatim: path=foo.git\n"> <"\tEOF\n"> ) } ) (C {(test_expect_success)} {(SQ <"credential_approve calls all helpers">)} { (SQ <"\n"> <"\tcheck approve useless \"verbatim one two\" <<-\\EOF\n"> <"\tusername=foo\n"> <"\tpassword=bar\n"> <"\t--\n"> <"\t--\n"> <"\tuseless: store\n"> <"\tuseless: username=foo\n"> <"\tuseless: password=bar\n"> <"\tverbatim: store\n"> <"\tverbatim: username=foo\n"> <"\tverbatim: password=bar\n"> <"\tEOF\n"> ) } ) (C {(test_expect_success)} {(SQ <"do not bother storing password-less credential">)} { (SQ <"\n"> <"\tcheck approve useless <<-\\EOF\n"> <"\tusername=foo\n"> <"\t--\n"> <"\t--\n"> <"\tEOF\n"> ) } ) (C {(test_expect_success)} {(SQ <"credential_reject calls all helpers">)} { (SQ <"\n"> <"\tcheck reject useless \"verbatim one two\" <<-\\EOF\n"> <"\tusername=foo\n"> <"\tpassword=bar\n"> <"\t--\n"> <"\t--\n"> <"\tuseless: erase\n"> <"\tuseless: username=foo\n"> <"\tuseless: password=bar\n"> <"\tverbatim: erase\n"> <"\tverbatim: username=foo\n"> <"\tverbatim: password=bar\n"> <"\tEOF\n"> ) } ) (C {(test_expect_success)} {(SQ <"usernames can be preserved">)} { (SQ <"\n"> <"\tcheck fill \"verbatim \\\"\\\" three\" <<-\\EOF\n"> <"\tusername=one\n"> <"\t--\n"> <"\tusername=one\n"> <"\tpassword=three\n"> <"\t--\n"> <"\tverbatim: get\n"> <"\tverbatim: username=one\n"> <"\tEOF\n"> ) } ) (C {(test_expect_success)} {(SQ <"usernames can be overridden">)} { (SQ <"\n"> <"\tcheck fill \"verbatim two three\" <<-\\EOF\n"> <"\tusername=one\n"> <"\t--\n"> <"\tusername=two\n"> <"\tpassword=three\n"> <"\t--\n"> <"\tverbatim: get\n"> <"\tverbatim: username=one\n"> <"\tEOF\n"> ) } ) (C {(test_expect_success)} {(SQ <"do not bother completing already-full credential">)} { (SQ <"\n"> <"\tcheck fill \"verbatim three four\" <<-\\EOF\n"> <"\tusername=one\n"> <"\tpassword=two\n"> <"\t--\n"> <"\tusername=one\n"> <"\tpassword=two\n"> <"\t--\n"> <"\tEOF\n"> ) } ) (C {(test_expect_success)} {(SQ <"empty helper list falls back to internal getpass">)} { (SQ <"\n"> <"\tcheck fill <<-\\EOF\n"> <"\t--\n"> <"\tusername=askpass-username\n"> <"\tpassword=askpass-password\n"> <"\t--\n"> <"\taskpass: Username:\n"> <"\taskpass: Password:\n"> <"\tEOF\n"> ) } ) (C {(test_expect_success)} {(SQ <"internal getpass does not ask for known username">)} { (SQ <"\n"> <"\tcheck fill <<-\\EOF\n"> <"\tusername=foo\n"> <"\t--\n"> <"\tusername=foo\n"> <"\tpassword=askpass-password\n"> <"\t--\n"> <"\taskpass: Password:\n"> <"\tEOF\n"> ) } ) (Assignment keyword: Assign_None pairs: [ (assign_pair lhs: (LhsName name:HELPER) op: Equal rhs: { (DQ ("!f() {\n") ("\t\tcat >/dev/null\n") ("\t\techo username=foo\n") ("\t\techo password=bar\n") ("\t}; f") ) } spids: [329] ) ] spids: [329] ) (C {(test_expect_success)} {(SQ <"respect configured credentials">)} { (SQ <"\n"> <"\ttest_config credential.helper \"$HELPER\" &&\n"> <"\tcheck fill <<-\\EOF\n"> <"\t--\n"> <"\tusername=foo\n"> <"\tpassword=bar\n"> <"\t--\n"> <"\tEOF\n"> ) } ) (C {(test_expect_success)} {(SQ <"match configured credential">)} { (SQ <"\n"> <"\ttest_config credential.https://example.com.helper \"$HELPER\" &&\n"> <"\tcheck fill <<-\\EOF\n"> <"\tprotocol=https\n"> <"\thost=example.com\n"> <"\tpath=repo.git\n"> <"\t--\n"> <"\tprotocol=https\n"> <"\thost=example.com\n"> <"\tusername=foo\n"> <"\tpassword=bar\n"> <"\t--\n"> <"\tEOF\n"> ) } ) (C {(test_expect_success)} {(SQ <"do not match configured credential">)} { (SQ <"\n"> <"\ttest_config credential.https://foo.helper \"$HELPER\" &&\n"> <"\tcheck fill <<-\\EOF\n"> <"\tprotocol=https\n"> <"\thost=bar\n"> <"\t--\n"> <"\tprotocol=https\n"> <"\thost=bar\n"> <"\tusername=askpass-username\n"> <"\tpassword=askpass-password\n"> <"\t--\n"> <"\taskpass: Username for "> ) (EscapedLiteralPart token:) (SQ <"https://bar">) (EscapedLiteralPart token:) (SQ <":\n"> <"\taskpass: Password for ">) (EscapedLiteralPart token:) (SQ <"https://askpass-username@bar">) (EscapedLiteralPart token:) (SQ <":\n"> <"\tEOF\n">) } ) (C {(test_expect_success)} {(SQ <"pull username from config">)} { (SQ <"\n"> <"\ttest_config credential.https://example.com.username foo &&\n"> <"\tcheck fill <<-\\EOF\n"> <"\tprotocol=https\n"> <"\thost=example.com\n"> <"\t--\n"> <"\tprotocol=https\n"> <"\thost=example.com\n"> <"\tusername=foo\n"> <"\tpassword=askpass-password\n"> <"\t--\n"> <"\taskpass: Password for "> ) (EscapedLiteralPart token:) (SQ <"https://foo@example.com">) (EscapedLiteralPart token:) (SQ <":\n"> <"\tEOF\n">) } ) (C {(test_expect_success)} {(SQ <"http paths can be part of context">)} { (SQ <"\n"> <"\tcheck fill \"verbatim foo bar\" <<-\\EOF &&\n"> <"\tprotocol=https\n"> <"\thost=example.com\n"> <"\tpath=foo.git\n"> <"\t--\n"> <"\tprotocol=https\n"> <"\thost=example.com\n"> <"\tusername=foo\n"> <"\tpassword=bar\n"> <"\t--\n"> <"\tverbatim: get\n"> <"\tverbatim: protocol=https\n"> <"\tverbatim: host=example.com\n"> <"\tEOF\n"> <"\ttest_config credential.https://example.com.useHttpPath true &&\n"> <"\tcheck fill \"verbatim foo bar\" <<-\\EOF\n"> <"\tprotocol=https\n"> <"\thost=example.com\n"> <"\tpath=foo.git\n"> <"\t--\n"> <"\tprotocol=https\n"> <"\thost=example.com\n"> <"\tpath=foo.git\n"> <"\tusername=foo\n"> <"\tpassword=bar\n"> <"\t--\n"> <"\tverbatim: get\n"> <"\tverbatim: protocol=https\n"> <"\tverbatim: host=example.com\n"> <"\tverbatim: path=foo.git\n"> <"\tEOF\n"> ) } ) (C {(test_expect_success)} {(SQ <"helpers can abort the process">)} { (SQ <"\n"> <"\ttest_must_fail git \\\n"> <"\t\t-c credential.helper=\"!f() { echo quit=1; }; f\" \\\n"> <"\t\t-c credential.helper=\"verbatim foo bar\" \\\n"> <"\t\tcredential fill >stdout &&\n"> <"\t>expect &&\n"> <"\ttest_cmp expect stdout\n"> ) } ) (C {(test_expect_success)} {(SQ <"empty helper spec resets helper list">)} { (SQ <"\n"> <"\ttest_config credential.helper \"verbatim file file\" &&\n"> <"\tcheck fill \"\" \"verbatim cmdline cmdline\" <<-\\EOF\n"> <"\t--\n"> <"\tusername=cmdline\n"> <"\tpassword=cmdline\n"> <"\t--\n"> <"\tverbatim: get\n"> <"\tEOF\n"> ) } ) (C {(test_done)}) ] )