lunny/git-lfs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
0ab0891fef
git-lfs/lfsapi/auth_test.go

770 lines
22 KiB
Go
Raw Normal View History

lfsapi: Implement getCreds()
2016-12-19 21:38:06 +00:00
package lfsapi
import (
"encoding/base64"
lfsapi: rewind body after retrying auth request
2016-12-20 20:53:26 +00:00
"encoding/json"
lfsapi: Implement getCreds()
2016-12-19 21:38:06 +00:00
"fmt"
"net/http"
lfsapi: add DoWithAuth()
2016-12-20 00:14:03 +00:00
"net/http/httptest"
lfsapi: Implement getCreds()
2016-12-19 21:38:06 +00:00
"strings"
lfsapi: add DoWithAuth()
2016-12-20 00:14:03 +00:00
"sync/atomic"
lfsapi: Implement getCreds()
2016-12-19 21:38:06 +00:00
"testing"
Move credential handling to its own package In a future commit, we're going to be accessing credential handling from multiple packages. To avoid an import loop, move credential handling into its own package. Update all the callers of the credential handling code to use a qualified name. Where there is a local variable called "creds", which would conflict with our package name, rename it "cred" instead.
2018-09-19 15:05:48 +00:00
"github.com/git-lfs/git-lfs/creds"
lfsapi: Implement getCreds()
2016-12-19 21:38:06 +00:00
"github.com/git-lfs/git-lfs/errors"
lfsapi: only send 'path' to cred helpers if credential.useHttpPath is on
2017-10-26 22:29:43 +00:00
"github.com/git-lfs/git-lfs/git"
lfsapi: extract new lfshttp package Extract more basic http-related functionality out of lfsapi and into a new package, lfshttp. Everything is currently functional aside from authorization.
2018-09-06 21:42:41 +00:00
"github.com/git-lfs/git-lfs/lfshttp"
lfsapi: add DoWithAuth()
2016-12-20 00:14:03 +00:00
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
lfsapi: Implement getCreds()
2016-12-19 21:38:06 +00:00
)
lfsapi: rewind body after retrying auth request
2016-12-20 20:53:26 +00:00
type authRequest struct {
Test string
}
fix getAuthAccess(), Authenticate header values can have multiple words
2016-12-20 16:40:58 +00:00
func TestAuthenticateHeaderAccess(t *testing.T) {
lfsapi: rename Access->AccessMode
2018-09-20 17:21:42 +00:00
tests := map[string]AccessMode{
fix getAuthAccess(), Authenticate header values can have multiple words
2016-12-20 16:40:58 +00:00
"": BasicAccess,
"basic 123": BasicAccess,
"basic": BasicAccess,
"unknown": BasicAccess,
"NTLM": NTLMAccess,
"ntlm": NTLMAccess,
"NTLM 1 2 3": NTLMAccess,
"ntlm 1 2 3": NTLMAccess,
"NEGOTIATE": NTLMAccess,
"negotiate": NTLMAccess,
"NEGOTIATE 1 2 3": NTLMAccess,
"negotiate 1 2 3": NTLMAccess,
}
for _, key := range authenticateHeaders {
for value, expected := range tests {
res := &http.Response{Header: make(http.Header)}
res.Header.Set(key, value)
t.Logf("%s: %s", key, value)
assert.Equal(t, expected, getAuthAccess(res))
}
}
}
lfsapi: add DoWithAuth()
2016-12-20 00:14:03 +00:00
func TestDoWithAuthApprove(t *testing.T) {
var called uint32
srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) {
atomic.AddUint32(&called, 1)
lfsapi: teach (*Client) Do() how to handle 307 redirections
2016-12-20 22:37:11 +00:00
assert.Equal(t, "POST", req.Method)
lfsapi: add DoWithAuth()
2016-12-20 00:14:03 +00:00
lfsapi: rewind body after retrying auth request
2016-12-20 20:53:26 +00:00
body := &authRequest{}
err := json.NewDecoder(req.Body).Decode(body)
assert.Nil(t, err)
assert.Equal(t, "Approve", body.Test)
lfsapi: teach (*Client) Do() how to handle 307 redirections
2016-12-20 22:37:11 +00:00
w.Header().Set("Lfs-Authenticate", "Basic")
lfsapi: add DoWithAuth()
2016-12-20 00:14:03 +00:00
actual := req.Header.Get("Authorization")
if len(actual) == 0 {
w.WriteHeader(http.StatusUnauthorized)
return
}
expected := "Basic " + strings.TrimSpace(
base64.StdEncoding.EncodeToString([]byte("user:pass")),
)
assert.Equal(t, expected, actual)
}))
defer srv.Close()
Move credential handling to its own package In a future commit, we're going to be accessing credential handling from multiple packages. To avoid an import loop, move credential handling into its own package. Update all the callers of the credential handling code to use a qualified name. Where there is a local variable called "creds", which would conflict with our package name, rename it "cred" instead.
2018-09-19 15:05:48 +00:00
cred := newMockCredentialHelper()
lfsapi: use read-only Git configuration object in tests Portions of this test call into the HTTP code, which eventually tries to write an lfs.*.access = basic setting into .git/config. Unfortunately, the .git/config it tries to use is that of the developer's git-lfs repository, which leads to a large number of substantially similar and mostly useless entries. To keep the developer's repository tidy and the test environment isolated, use a read-only Git configuration object in the tests. As a result, this code path will fail silently. This is good for tests, and should not impact real use negatively, because an actual client will simply fall back to determining this automatically.
2018-10-25 21:30:45 +00:00
c, err := NewClient(lfshttp.NewContext(git.NewReadOnlyConfig("", ""),
nil, map[string]string{
"lfs.url": srv.URL + "/repo/lfs",
},
))
lfsapi: port ntlm support from httputil
2017-01-06 15:14:09 +00:00
require.Nil(t, err)
Move credential handling to its own package In a future commit, we're going to be accessing credential handling from multiple packages. To avoid an import loop, move credential handling into its own package. Update all the callers of the credential handling code to use a qualified name. Where there is a local variable called "creds", which would conflict with our package name, rename it "cred" instead.
2018-09-19 15:05:48 +00:00
c.Credentials = cred
lfsapi: add DoWithAuth()
2016-12-20 00:14:03 +00:00
lfsapi: add new Access type Add a new Access type returned by the EndpointFinder. This type contains a URL and the AccessMode associated with it. It also contains an `Upgrade()` function, which returns a copy of the Access object but with a new AccessMode.
2018-09-24 18:50:09 +00:00
assert.Equal(t, NoneAccess, c.Endpoints.AccessFor(srv.URL+"/repo/lfs").mode)
lfsapi: add DoWithAuth()
2016-12-20 00:14:03 +00:00
lfsapi: fix bugs with getting the correct creds URL and setting the access properly
2016-12-23 03:06:51 +00:00
req, err := http.NewRequest("POST", srv.URL+"/repo/lfs/foo", nil)
lfsapi: add DoWithAuth()
2016-12-20 00:14:03 +00:00
require.Nil(t, err)
lfsapi: teach Marshal() how to set the request ContentLength
2016-12-20 21:03:00 +00:00
err = MarshalToRequest(req, &authRequest{Test: "Approve"})
lfsapi: add DoWithAuth()
2016-12-20 00:14:03 +00:00
require.Nil(t, err)
lfsapi: Add `DoWithAuthNoRetry()` Add a new auth function, `DoWithAuthNoRetry()`, which sends an HTTP request with authorization but won't retry if authorization failed. This commit also removes the `allowRetry` parameter from `DoWithAuth()` as a result, and that function will now retry requests where authorization failed as before.
2018-10-02 23:47:10 +00:00
res, err := c.DoWithAuth("", c.Endpoints.AccessFor(srv.URL+"/repo/lfs"), req)
lfsapi: add DoWithAuth()
2016-12-20 00:14:03 +00:00
require.Nil(t, err)
assert.Equal(t, http.StatusOK, res.StatusCode)
Move credential handling to its own package In a future commit, we're going to be accessing credential handling from multiple packages. To avoid an import loop, move credential handling into its own package. Update all the callers of the credential handling code to use a qualified name. Where there is a local variable called "creds", which would conflict with our package name, rename it "cred" instead.
2018-09-19 15:05:48 +00:00
assert.True(t, cred.IsApproved(creds.Creds(map[string]string{
lfsapi: add DoWithAuth()
2016-12-20 00:14:03 +00:00
"username": "user",
"password": "pass",
"protocol": "http",
"host": srv.Listener.Addr().String(),
})))
lfsapi: add new Access type Add a new Access type returned by the EndpointFinder. This type contains a URL and the AccessMode associated with it. It also contains an `Upgrade()` function, which returns a copy of the Access object but with a new AccessMode.
2018-09-24 18:50:09 +00:00
assert.Equal(t, BasicAccess, c.Endpoints.AccessFor(srv.URL+"/repo/lfs").mode)
lfsapi: add DoWithAuth()
2016-12-20 00:14:03 +00:00
assert.EqualValues(t, 2, called)
}
func TestDoWithAuthReject(t *testing.T) {
var called uint32
srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) {
atomic.AddUint32(&called, 1)
lfsapi: teach (*Client) Do() how to handle 307 redirections
2016-12-20 22:37:11 +00:00
assert.Equal(t, "POST", req.Method)
lfsapi: add DoWithAuth()
2016-12-20 00:14:03 +00:00
lfsapi: rewind body after retrying auth request
2016-12-20 20:53:26 +00:00
body := &authRequest{}
err := json.NewDecoder(req.Body).Decode(body)
assert.Nil(t, err)
assert.Equal(t, "Reject", body.Test)
lfsapi: add DoWithAuth()
2016-12-20 00:14:03 +00:00
actual := req.Header.Get("Authorization")
expected := "Basic " + strings.TrimSpace(
base64.StdEncoding.EncodeToString([]byte("user:pass")),
)
lfsapi: teach (*Client) Do() how to handle 307 redirections
2016-12-20 22:37:11 +00:00
w.Header().Set("Lfs-Authenticate", "Basic")
lfsapi: add DoWithAuth()
2016-12-20 00:14:03 +00:00
if actual != expected {
lfsapi: fix bugs with getting the correct creds URL and setting the access properly
2016-12-23 03:06:51 +00:00
// Write http.StatusUnauthorized to force the credential
lfsapi: add DoWithAuth()
2016-12-20 00:14:03 +00:00
// helper to reject the credentials
w.WriteHeader(http.StatusUnauthorized)
} else {
w.WriteHeader(http.StatusOK)
}
}))
defer srv.Close()
Move credential handling to its own package In a future commit, we're going to be accessing credential handling from multiple packages. To avoid an import loop, move credential handling into its own package. Update all the callers of the credential handling code to use a qualified name. Where there is a local variable called "creds", which would conflict with our package name, rename it "cred" instead.
2018-09-19 15:05:48 +00:00
invalidCreds := creds.Creds(map[string]string{
lfsapi: add DoWithAuth()
2016-12-20 00:14:03 +00:00
"username": "user",
"password": "wrong_pass",
"path": "",
"protocol": "http",
"host": srv.Listener.Addr().String(),
})
Move credential handling to its own package In a future commit, we're going to be accessing credential handling from multiple packages. To avoid an import loop, move credential handling into its own package. Update all the callers of the credential handling code to use a qualified name. Where there is a local variable called "creds", which would conflict with our package name, rename it "cred" instead.
2018-09-19 15:05:48 +00:00
cred := newMockCredentialHelper()
cred.Approve(invalidCreds)
assert.True(t, cred.IsApproved(invalidCreds))
lfsapi: add DoWithAuth()
2016-12-20 00:14:03 +00:00
lfsapi: introduce interface for initializing a Client
2017-10-25 21:33:20 +00:00
c, _ := NewClient(nil)
Move credential handling to its own package In a future commit, we're going to be accessing credential handling from multiple packages. To avoid an import loop, move credential handling into its own package. Update all the callers of the credential handling code to use a qualified name. Where there is a local variable called "creds", which would conflict with our package name, rename it "cred" instead.
2018-09-19 15:05:48 +00:00
c.Credentials = cred
lfsapi: use read-only Git configuration object in tests Portions of this test call into the HTTP code, which eventually tries to write an lfs.*.access = basic setting into .git/config. Unfortunately, the .git/config it tries to use is that of the developer's git-lfs repository, which leads to a large number of substantially similar and mostly useless entries. To keep the developer's repository tidy and the test environment isolated, use a read-only Git configuration object in the tests. As a result, this code path will fail silently. This is good for tests, and should not impact real use negatively, because an actual client will simply fall back to determining this automatically.
2018-10-25 21:30:45 +00:00
c.Endpoints = NewEndpointFinder(lfshttp.NewContext(git.NewReadOnlyConfig("", ""),
nil, map[string]string{
"lfs.url": srv.URL,
},
))
lfsapi: add DoWithAuth()
2016-12-20 00:14:03 +00:00
lfsapi: teach (*Client) Do() how to handle 307 redirections
2016-12-20 22:37:11 +00:00
req, err := http.NewRequest("POST", srv.URL, nil)
lfsapi: add DoWithAuth()
2016-12-20 00:14:03 +00:00
require.Nil(t, err)
lfsapi: teach Marshal() how to set the request ContentLength
2016-12-20 21:03:00 +00:00
err = MarshalToRequest(req, &authRequest{Test: "Reject"})
lfsapi: add DoWithAuth()
2016-12-20 00:14:03 +00:00
require.Nil(t, err)
lfsapi: Add `DoWithAuthNoRetry()` Add a new auth function, `DoWithAuthNoRetry()`, which sends an HTTP request with authorization but won't retry if authorization failed. This commit also removes the `allowRetry` parameter from `DoWithAuth()` as a result, and that function will now retry requests where authorization failed as before.
2018-10-02 23:47:10 +00:00
res, err := c.DoWithAuth("", c.Endpoints.AccessFor(srv.URL), req)
lfsapi: add DoWithAuth()
2016-12-20 00:14:03 +00:00
require.Nil(t, err)
assert.Equal(t, http.StatusOK, res.StatusCode)
Move credential handling to its own package In a future commit, we're going to be accessing credential handling from multiple packages. To avoid an import loop, move credential handling into its own package. Update all the callers of the credential handling code to use a qualified name. Where there is a local variable called "creds", which would conflict with our package name, rename it "cred" instead.
2018-09-19 15:05:48 +00:00
assert.False(t, cred.IsApproved(invalidCreds))
assert.True(t, cred.IsApproved(creds.Creds(map[string]string{
lfsapi: add DoWithAuth()
2016-12-20 00:14:03 +00:00
"username": "user",
"password": "pass",
"path": "",
"protocol": "http",
"host": srv.Listener.Addr().String(),
})))
assert.EqualValues(t, 3, called)
}
lfsapi: Add `DoWithAuthNoRetry()` Add a new auth function, `DoWithAuthNoRetry()`, which sends an HTTP request with authorization but won't retry if authorization failed. This commit also removes the `allowRetry` parameter from `DoWithAuth()` as a result, and that function will now retry requests where authorization failed as before.
2018-10-02 23:47:10 +00:00
func TestDoWithAuthNoRetry(t *testing.T) {
lfsapi: add allowRetry param Add an allowRetry parameter to DoWithAuth(). This parameter is a boolean, and allows any requests without an authentication header to be retried if an authorization error was returned. This change is required to get things working with the basic upload adapter. Since it passes along a file reader in the request body, and since that reader is read by the HTTP Client in a copy operation to construct a new request, an upload request body can't be re-used in a new request.
2018-09-27 23:46:56 +00:00
var called uint32
srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) {
atomic.AddUint32(&called, 1)
assert.Equal(t, "POST", req.Method)
body := &authRequest{}
err := json.NewDecoder(req.Body).Decode(body)
assert.Nil(t, err)
assert.Equal(t, "Approve", body.Test)
w.Header().Set("Lfs-Authenticate", "Basic")
actual := req.Header.Get("Authorization")
if len(actual) == 0 {
w.WriteHeader(http.StatusUnauthorized)
return
}
expected := "Basic " + strings.TrimSpace(
base64.StdEncoding.EncodeToString([]byte("user:pass")),
)
assert.Equal(t, expected, actual)
}))
defer srv.Close()
creds := newMockCredentialHelper()
lfsapi: use read-only Git configuration object in tests Portions of this test call into the HTTP code, which eventually tries to write an lfs.*.access = basic setting into .git/config. Unfortunately, the .git/config it tries to use is that of the developer's git-lfs repository, which leads to a large number of substantially similar and mostly useless entries. To keep the developer's repository tidy and the test environment isolated, use a read-only Git configuration object in the tests. As a result, this code path will fail silently. This is good for tests, and should not impact real use negatively, because an actual client will simply fall back to determining this automatically.
2018-10-25 21:30:45 +00:00
c, err := NewClient(lfshttp.NewContext(git.NewReadOnlyConfig("", ""),
nil, map[string]string{
"lfs.url": srv.URL + "/repo/lfs",
},
))
lfsapi: add allowRetry param Add an allowRetry parameter to DoWithAuth(). This parameter is a boolean, and allows any requests without an authentication header to be retried if an authorization error was returned. This change is required to get things working with the basic upload adapter. Since it passes along a file reader in the request body, and since that reader is read by the HTTP Client in a copy operation to construct a new request, an upload request body can't be re-used in a new request.
2018-09-27 23:46:56 +00:00
require.Nil(t, err)
c.Credentials = creds
assert.Equal(t, NoneAccess, c.Endpoints.AccessFor(srv.URL+"/repo/lfs").mode)
req, err := http.NewRequest("POST", srv.URL+"/repo/lfs/foo", nil)
require.Nil(t, err)
err = MarshalToRequest(req, &authRequest{Test: "Approve"})
require.Nil(t, err)
lfsapi: Add `DoWithAuthNoRetry()` Add a new auth function, `DoWithAuthNoRetry()`, which sends an HTTP request with authorization but won't retry if authorization failed. This commit also removes the `allowRetry` parameter from `DoWithAuth()` as a result, and that function will now retry requests where authorization failed as before.
2018-10-02 23:47:10 +00:00
res, err := c.DoWithAuthNoRetry("", c.Endpoints.AccessFor(srv.URL+"/repo/lfs"), req)
lfsapi: add allowRetry param Add an allowRetry parameter to DoWithAuth(). This parameter is a boolean, and allows any requests without an authentication header to be retried if an authorization error was returned. This change is required to get things working with the basic upload adapter. Since it passes along a file reader in the request body, and since that reader is read by the HTTP Client in a copy operation to construct a new request, an upload request body can't be re-used in a new request.
2018-09-27 23:46:56 +00:00
assert.True(t, errors.IsAuthError(err))
assert.Equal(t, http.StatusUnauthorized, res.StatusCode)
assert.Equal(t, BasicAccess, c.Endpoints.AccessFor(srv.URL+"/repo/lfs").mode)
assert.EqualValues(t, 1, called)
}
lfsapi: add Access param to DoWithAuth() Add a new Access parameter to DoWithAuth() to allow callers to specify the URL Access Mode. This removes the assumption that DoWithAuth() will always be used for an LFS API request. This commit also adds DoAPIRequestWithAuth(), which provides the functionality of DoWithAuth() while explicitly using the LFS API endpoint for the access mode, allowing parity with the previous DoWithAuth() functionality.
2018-09-24 23:45:32 +00:00
func TestDoAPIRequestWithAuth(t *testing.T) {
var called uint32
srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) {
atomic.AddUint32(&called, 1)
assert.Equal(t, "POST", req.Method)
body := &authRequest{}
err := json.NewDecoder(req.Body).Decode(body)
assert.Nil(t, err)
assert.Equal(t, "Approve", body.Test)
w.Header().Set("Lfs-Authenticate", "Basic")
actual := req.Header.Get("Authorization")
if len(actual) == 0 {
w.WriteHeader(http.StatusUnauthorized)
return
}
expected := "Basic " + strings.TrimSpace(
base64.StdEncoding.EncodeToString([]byte("user:pass")),
)
assert.Equal(t, expected, actual)
}))
defer srv.Close()
cred := newMockCredentialHelper()
lfsapi: use read-only Git configuration object in tests Portions of this test call into the HTTP code, which eventually tries to write an lfs.*.access = basic setting into .git/config. Unfortunately, the .git/config it tries to use is that of the developer's git-lfs repository, which leads to a large number of substantially similar and mostly useless entries. To keep the developer's repository tidy and the test environment isolated, use a read-only Git configuration object in the tests. As a result, this code path will fail silently. This is good for tests, and should not impact real use negatively, because an actual client will simply fall back to determining this automatically.
2018-10-25 21:30:45 +00:00
c, err := NewClient(lfshttp.NewContext(git.NewReadOnlyConfig("", ""),
nil, map[string]string{
"lfs.url": srv.URL + "/repo/lfs",
},
))
lfsapi: add Access param to DoWithAuth() Add a new Access parameter to DoWithAuth() to allow callers to specify the URL Access Mode. This removes the assumption that DoWithAuth() will always be used for an LFS API request. This commit also adds DoAPIRequestWithAuth(), which provides the functionality of DoWithAuth() while explicitly using the LFS API endpoint for the access mode, allowing parity with the previous DoWithAuth() functionality.
2018-09-24 23:45:32 +00:00
require.Nil(t, err)
c.Credentials = cred
assert.Equal(t, NoneAccess, c.Endpoints.AccessFor(srv.URL+"/repo/lfs").mode)
req, err := http.NewRequest("POST", srv.URL+"/repo/lfs/foo", nil)
require.Nil(t, err)
err = MarshalToRequest(req, &authRequest{Test: "Approve"})
require.Nil(t, err)
res, err := c.DoAPIRequestWithAuth("", req)
require.Nil(t, err)
assert.Equal(t, http.StatusOK, res.StatusCode)
assert.True(t, cred.IsApproved(creds.Creds(map[string]string{
"username": "user",
"password": "pass",
"protocol": "http",
"host": srv.Listener.Addr().String(),
})))
assert.Equal(t, BasicAccess, c.Endpoints.AccessFor(srv.URL+"/repo/lfs").mode)
assert.EqualValues(t, 2, called)
}
lfsapi: add DoWithAuth()
2016-12-20 00:14:03 +00:00
type mockCredentialHelper struct {
Move credential handling to its own package In a future commit, we're going to be accessing credential handling from multiple packages. To avoid an import loop, move credential handling into its own package. Update all the callers of the credential handling code to use a qualified name. Where there is a local variable called "creds", which would conflict with our package name, rename it "cred" instead.
2018-09-19 15:05:48 +00:00
Approved map[string]creds.Creds
lfsapi: add DoWithAuth()
2016-12-20 00:14:03 +00:00
}
func newMockCredentialHelper() *mockCredentialHelper {
return &mockCredentialHelper{
Move credential handling to its own package In a future commit, we're going to be accessing credential handling from multiple packages. To avoid an import loop, move credential handling into its own package. Update all the callers of the credential handling code to use a qualified name. Where there is a local variable called "creds", which would conflict with our package name, rename it "cred" instead.
2018-09-19 15:05:48 +00:00
Approved: make(map[string]creds.Creds),
lfsapi: add DoWithAuth()
2016-12-20 00:14:03 +00:00
}
}
Move credential handling to its own package In a future commit, we're going to be accessing credential handling from multiple packages. To avoid an import loop, move credential handling into its own package. Update all the callers of the credential handling code to use a qualified name. Where there is a local variable called "creds", which would conflict with our package name, rename it "cred" instead.
2018-09-19 15:05:48 +00:00
func (m *mockCredentialHelper) Fill(input creds.Creds) (creds.Creds, error) {
lfsapi: add DoWithAuth()
2016-12-20 00:14:03 +00:00
if found, ok := m.Approved[credsToKey(input)]; ok {
return found, nil
}
Move credential handling to its own package In a future commit, we're going to be accessing credential handling from multiple packages. To avoid an import loop, move credential handling into its own package. Update all the callers of the credential handling code to use a qualified name. Where there is a local variable called "creds", which would conflict with our package name, rename it "cred" instead.
2018-09-19 15:05:48 +00:00
output := make(creds.Creds)
lfsapi: add DoWithAuth()
2016-12-20 00:14:03 +00:00
for key, value := range input {
output[key] = value
}
if _, ok := output["username"]; !ok {
output["username"] = "user"
}
output["password"] = "pass"
return output, nil
}
Move credential handling to its own package In a future commit, we're going to be accessing credential handling from multiple packages. To avoid an import loop, move credential handling into its own package. Update all the callers of the credential handling code to use a qualified name. Where there is a local variable called "creds", which would conflict with our package name, rename it "cred" instead.
2018-09-19 15:05:48 +00:00
func (m *mockCredentialHelper) Approve(creds creds.Creds) error {
lfsapi: add DoWithAuth()
2016-12-20 00:14:03 +00:00
m.Approved[credsToKey(creds)] = creds
return nil
}
Move credential handling to its own package In a future commit, we're going to be accessing credential handling from multiple packages. To avoid an import loop, move credential handling into its own package. Update all the callers of the credential handling code to use a qualified name. Where there is a local variable called "creds", which would conflict with our package name, rename it "cred" instead.
2018-09-19 15:05:48 +00:00
func (m *mockCredentialHelper) Reject(creds creds.Creds) error {
lfsapi: add DoWithAuth()
2016-12-20 00:14:03 +00:00
delete(m.Approved, credsToKey(creds))
return nil
}
Move credential handling to its own package In a future commit, we're going to be accessing credential handling from multiple packages. To avoid an import loop, move credential handling into its own package. Update all the callers of the credential handling code to use a qualified name. Where there is a local variable called "creds", which would conflict with our package name, rename it "cred" instead.
2018-09-19 15:05:48 +00:00
func (m *mockCredentialHelper) IsApproved(creds creds.Creds) bool {
lfsapi: add DoWithAuth()
2016-12-20 00:14:03 +00:00
if found, ok := m.Approved[credsToKey(creds)]; ok {
return found["password"] == creds["password"]
}
return false
}
Move credential handling to its own package In a future commit, we're going to be accessing credential handling from multiple packages. To avoid an import loop, move credential handling into its own package. Update all the callers of the credential handling code to use a qualified name. Where there is a local variable called "creds", which would conflict with our package name, rename it "cred" instead.
2018-09-19 15:05:48 +00:00
func credsToKey(creds creds.Creds) string {
lfsapi: add DoWithAuth()
2016-12-20 00:14:03 +00:00
var kvs []string
for _, k := range []string{"protocol", "host", "path"} {
kvs = append(kvs, fmt.Sprintf("%s:%s", k, creds[k]))
}
return strings.Join(kvs, " ")
}
lfsapi: fix bugs with getting the correct creds URL and setting the access properly
2016-12-23 03:06:51 +00:00
func basicAuth(user, pass string) string {
value := fmt.Sprintf("%s:%s", user, pass)
return fmt.Sprintf("Basic %s", strings.TrimSpace(base64.StdEncoding.EncodeToString([]byte(value))))
}
type getCredsExpected struct {
lfsapi: rename Access->AccessMode
2018-09-20 17:21:42 +00:00
Access AccessMode
Move credential handling to its own package In a future commit, we're going to be accessing credential handling from multiple packages. To avoid an import loop, move credential handling into its own package. Update all the callers of the credential handling code to use a qualified name. Where there is a local variable called "creds", which would conflict with our package name, rename it "cred" instead.
2018-09-19 15:05:48 +00:00
Creds creds.Creds
lfsapi: fix bugs with getting the correct creds URL and setting the access properly
2016-12-23 03:06:51 +00:00
CredsURL string
lfsapi: Implement getCreds()
2016-12-19 21:38:06 +00:00
Authorization string
}
lfsapi: fix bugs with getting the correct creds URL and setting the access properly
2016-12-23 03:06:51 +00:00
type getCredsTest struct {
Remote string
Method string
Href string
lfsapi: add Access param to DoWithAuth() Add a new Access parameter to DoWithAuth() to allow callers to specify the URL Access Mode. This removes the assumption that DoWithAuth() will always be used for an LFS API request. This commit also adds DoAPIRequestWithAuth(), which provides the functionality of DoWithAuth() while explicitly using the LFS API endpoint for the access mode, allowing parity with the previous DoWithAuth() functionality.
2018-09-24 23:45:32 +00:00
Endpoint string
lfsapi: fix bugs with getting the correct creds URL and setting the access properly
2016-12-23 03:06:51 +00:00
Header map[string]string
Config map[string]string
Expected getCredsExpected
lfsapi: Implement getCreds()
2016-12-19 21:38:06 +00:00
}
lfsapi: fix bugs with getting the correct creds URL and setting the access properly
2016-12-23 03:06:51 +00:00
func TestGetCreds(t *testing.T) {
tests := map[string]getCredsTest{
"no access": getCredsTest{
lfsapi: add Access param to DoWithAuth() Add a new Access parameter to DoWithAuth() to allow callers to specify the URL Access Mode. This removes the assumption that DoWithAuth() will always be used for an LFS API request. This commit also adds DoAPIRequestWithAuth(), which provides the functionality of DoWithAuth() while explicitly using the LFS API endpoint for the access mode, allowing parity with the previous DoWithAuth() functionality.
2018-09-24 23:45:32 +00:00
Remote: "origin",
Method: "GET",
Href: "https://git-server.com/repo/lfs/locks",
Endpoint: "https://git-server.com/repo/lfs",
lfsapi: add DoWithAuth()
2016-12-20 00:14:03 +00:00
Config: map[string]string{
lfsapi: fix bugs with getting the correct creds URL and setting the access properly
2016-12-23 03:06:51 +00:00
"lfs.url": "https://git-server.com/repo/lfs",
},
Expected: getCredsExpected{
lfsapi: add Access param to DoWithAuth() Add a new Access parameter to DoWithAuth() to allow callers to specify the URL Access Mode. This removes the assumption that DoWithAuth() will always be used for an LFS API request. This commit also adds DoAPIRequestWithAuth(), which provides the functionality of DoWithAuth() while explicitly using the LFS API endpoint for the access mode, allowing parity with the previous DoWithAuth() functionality.
2018-09-24 23:45:32 +00:00
Access: NoneAccess,
lfsapi: add DoWithAuth()
2016-12-20 00:14:03 +00:00
},
lfsapi: Implement getCreds()
2016-12-19 21:38:06 +00:00
},
lfsapi: fix bugs with getting the correct creds URL and setting the access properly
2016-12-23 03:06:51 +00:00
"basic access": getCredsTest{
lfsapi: add Access param to DoWithAuth() Add a new Access parameter to DoWithAuth() to allow callers to specify the URL Access Mode. This removes the assumption that DoWithAuth() will always be used for an LFS API request. This commit also adds DoAPIRequestWithAuth(), which provides the functionality of DoWithAuth() while explicitly using the LFS API endpoint for the access mode, allowing parity with the previous DoWithAuth() functionality.
2018-09-24 23:45:32 +00:00
Remote: "origin",
Method: "GET",
Href: "https://git-server.com/repo/lfs/locks",
Endpoint: "https://git-server.com/repo/lfs",
lfsapi: add DoWithAuth()
2016-12-20 00:14:03 +00:00
Config: map[string]string{
lfsapi: fix bugs with getting the correct creds URL and setting the access properly
2016-12-23 03:06:51 +00:00
"lfs.url": "https://git-server.com/repo/lfs",
"lfs.https://git-server.com/repo/lfs.access": "basic",
},
lfsapi: only send 'path' to cred helpers if credential.useHttpPath is on
2017-10-26 22:29:43 +00:00
Expected: getCredsExpected{
Access: BasicAccess,
Authorization: basicAuth("git-server.com", "monkey"),
CredsURL: "https://git-server.com/repo/lfs",
Creds: map[string]string{
"protocol": "https",
"host": "git-server.com",
"username": "git-server.com",
"password": "monkey",
},
},
},
"basic access with usehttppath": getCredsTest{
lfsapi: add Access param to DoWithAuth() Add a new Access parameter to DoWithAuth() to allow callers to specify the URL Access Mode. This removes the assumption that DoWithAuth() will always be used for an LFS API request. This commit also adds DoAPIRequestWithAuth(), which provides the functionality of DoWithAuth() while explicitly using the LFS API endpoint for the access mode, allowing parity with the previous DoWithAuth() functionality.
2018-09-24 23:45:32 +00:00
Remote: "origin",
Method: "GET",
Href: "https://git-server.com/repo/lfs/locks",
Endpoint: "https://git-server.com/repo/lfs",
lfsapi: only send 'path' to cred helpers if credential.useHttpPath is on
2017-10-26 22:29:43 +00:00
Config: map[string]string{
"lfs.url": "https://git-server.com/repo/lfs",
"lfs.https://git-server.com/repo/lfs.access": "basic",
"credential.usehttppath": "true",
},
lfsapi: fix bugs with getting the correct creds URL and setting the access properly
2016-12-23 03:06:51 +00:00
Expected: getCredsExpected{
Access: BasicAccess,
Authorization: basicAuth("git-server.com", "monkey"),
CredsURL: "https://git-server.com/repo/lfs",
lfsapi: add test case for credential.URL.usehttppath
2017-10-27 16:42:17 +00:00
Creds: map[string]string{
"protocol": "https",
"host": "git-server.com",
"username": "git-server.com",
"password": "monkey",
"path": "repo/lfs",
},
},
},
"basic access with url-specific usehttppath": getCredsTest{
lfsapi: add Access param to DoWithAuth() Add a new Access parameter to DoWithAuth() to allow callers to specify the URL Access Mode. This removes the assumption that DoWithAuth() will always be used for an LFS API request. This commit also adds DoAPIRequestWithAuth(), which provides the functionality of DoWithAuth() while explicitly using the LFS API endpoint for the access mode, allowing parity with the previous DoWithAuth() functionality.
2018-09-24 23:45:32 +00:00
Remote: "origin",
Method: "GET",
Href: "https://git-server.com/repo/lfs/locks",
Endpoint: "https://git-server.com/repo/lfs",
lfsapi: add test case for credential.URL.usehttppath
2017-10-27 16:42:17 +00:00
Config: map[string]string{
"lfs.url": "https://git-server.com/repo/lfs",
"lfs.https://git-server.com/repo/lfs.access": "basic",
"credential.https://git-server.com.usehttppath": "true",
},
Expected: getCredsExpected{
Access: BasicAccess,
Authorization: basicAuth("git-server.com", "monkey"),
CredsURL: "https://git-server.com/repo/lfs",
lfsapi: fix bugs with getting the correct creds URL and setting the access properly
2016-12-23 03:06:51 +00:00
Creds: map[string]string{
"protocol": "https",
"host": "git-server.com",
"username": "git-server.com",
"password": "monkey",
"path": "repo/lfs",
},
lfsapi: add DoWithAuth()
2016-12-20 00:14:03 +00:00
},
lfsapi: Implement getCreds()
2016-12-19 21:38:06 +00:00
},
lfsapi: get git creds for ntlm session without setting Authorization header
2017-01-05 21:13:27 +00:00
"ntlm": getCredsTest{
lfsapi: add Access param to DoWithAuth() Add a new Access parameter to DoWithAuth() to allow callers to specify the URL Access Mode. This removes the assumption that DoWithAuth() will always be used for an LFS API request. This commit also adds DoAPIRequestWithAuth(), which provides the functionality of DoWithAuth() while explicitly using the LFS API endpoint for the access mode, allowing parity with the previous DoWithAuth() functionality.
2018-09-24 23:45:32 +00:00
Remote: "origin",
Method: "GET",
Href: "https://git-server.com/repo/lfs/locks",
Endpoint: "https://git-server.com/repo/lfs",
lfsapi: get git creds for ntlm session without setting Authorization header
2017-01-05 21:13:27 +00:00
Config: map[string]string{
"lfs.url": "https://git-server.com/repo/lfs",
"lfs.https://git-server.com/repo/lfs.access": "ntlm",
},
Expected: getCredsExpected{
Access: NTLMAccess,
CredsURL: "https://git-server.com/repo/lfs",
Creds: map[string]string{
"protocol": "https",
"host": "git-server.com",
"username": "git-server.com",
"password": "monkey",
},
},
},
lfsapi: fix bugs with getting the correct creds URL and setting the access properly
2016-12-23 03:06:51 +00:00
"custom auth": getCredsTest{
lfsapi: add Access param to DoWithAuth() Add a new Access parameter to DoWithAuth() to allow callers to specify the URL Access Mode. This removes the assumption that DoWithAuth() will always be used for an LFS API request. This commit also adds DoAPIRequestWithAuth(), which provides the functionality of DoWithAuth() while explicitly using the LFS API endpoint for the access mode, allowing parity with the previous DoWithAuth() functionality.
2018-09-24 23:45:32 +00:00
Remote: "origin",
Method: "GET",
Href: "https://git-server.com/repo/lfs/locks",
Endpoint: "https://git-server.com/repo/lfs",
lfsapi: fix bugs with getting the correct creds URL and setting the access properly
2016-12-23 03:06:51 +00:00
Header: map[string]string{
"Authorization": "custom",
},
Config: map[string]string{
"lfs.url": "https://git-server.com/repo/lfs",
"lfs.https://git-server.com/repo/lfs.access": "basic",
},
Expected: getCredsExpected{
Access: BasicAccess,
Authorization: "custom",
},
lfsapi: Implement getCreds()
2016-12-19 21:38:06 +00:00
},
lfsapi: fix bugs with getting the correct creds URL and setting the access properly
2016-12-23 03:06:51 +00:00
"username in url": getCredsTest{
lfsapi: add Access param to DoWithAuth() Add a new Access parameter to DoWithAuth() to allow callers to specify the URL Access Mode. This removes the assumption that DoWithAuth() will always be used for an LFS API request. This commit also adds DoAPIRequestWithAuth(), which provides the functionality of DoWithAuth() while explicitly using the LFS API endpoint for the access mode, allowing parity with the previous DoWithAuth() functionality.
2018-09-24 23:45:32 +00:00
Remote: "origin",
Method: "GET",
Href: "https://git-server.com/repo/lfs/locks",
Endpoint: "https://git-server.com/repo/lfs",
lfsapi: add DoWithAuth()
2016-12-20 00:14:03 +00:00
Config: map[string]string{
lfsapi: fix bugs with getting the correct creds URL and setting the access properly
2016-12-23 03:06:51 +00:00
"lfs.url": "https://user@git-server.com/repo/lfs",
lfsapi: stop writing url auth to access keys
2016-12-23 17:42:57 +00:00
"lfs.https://git-server.com/repo/lfs.access": "basic",
lfsapi: fix bugs with getting the correct creds URL and setting the access properly
2016-12-23 03:06:51 +00:00
},
Expected: getCredsExpected{
Access: BasicAccess,
Authorization: basicAuth("user", "monkey"),
CredsURL: "https://user@git-server.com/repo/lfs",
Creds: map[string]string{
"protocol": "https",
"host": "git-server.com",
"username": "user",
"password": "monkey",
},
lfsapi: add DoWithAuth()
2016-12-20 00:14:03 +00:00
},
lfsapi: Implement getCreds()
2016-12-19 21:38:06 +00:00
},
lfsapi: fix bugs with getting the correct creds URL and setting the access properly
2016-12-23 03:06:51 +00:00
"different remote url, basic access": getCredsTest{
lfsapi: add Access param to DoWithAuth() Add a new Access parameter to DoWithAuth() to allow callers to specify the URL Access Mode. This removes the assumption that DoWithAuth() will always be used for an LFS API request. This commit also adds DoAPIRequestWithAuth(), which provides the functionality of DoWithAuth() while explicitly using the LFS API endpoint for the access mode, allowing parity with the previous DoWithAuth() functionality.
2018-09-24 23:45:32 +00:00
Remote: "origin",
Method: "GET",
Href: "https://git-server.com/repo/lfs/locks",
Endpoint: "https://git-server.com/repo/lfs",
lfsapi: add DoWithAuth()
2016-12-20 00:14:03 +00:00
Config: map[string]string{
lfsapi: fix bugs with getting the correct creds URL and setting the access properly
2016-12-23 03:06:51 +00:00
"lfs.url": "https://git-server.com/repo/lfs",
"lfs.https://git-server.com/repo/lfs.access": "basic",
"remote.origin.url": "https://git-server.com/repo",
},
Expected: getCredsExpected{
Access: BasicAccess,
Authorization: basicAuth("git-server.com", "monkey"),
CredsURL: "https://git-server.com/repo",
Creds: map[string]string{
"protocol": "https",
"host": "git-server.com",
"username": "git-server.com",
"password": "monkey",
},
lfsapi: add DoWithAuth()
2016-12-20 00:14:03 +00:00
},
lfsapi: Implement getCreds()
2016-12-19 21:38:06 +00:00
},
lfsapi: fix bugs with getting the correct creds URL and setting the access properly
2016-12-23 03:06:51 +00:00
"api url auth": getCredsTest{
lfsapi: add Access param to DoWithAuth() Add a new Access parameter to DoWithAuth() to allow callers to specify the URL Access Mode. This removes the assumption that DoWithAuth() will always be used for an LFS API request. This commit also adds DoAPIRequestWithAuth(), which provides the functionality of DoWithAuth() while explicitly using the LFS API endpoint for the access mode, allowing parity with the previous DoWithAuth() functionality.
2018-09-24 23:45:32 +00:00
Remote: "origin",
Method: "GET",
Href: "https://git-server.com/repo/locks",
Endpoint: "https://git-server.com/repo",
lfsapi: add DoWithAuth()
2016-12-20 00:14:03 +00:00
Config: map[string]string{
Tidy files with Go 1.11's gofmt We recently updated to Go 1.11. In that version, the output of gofmt changed from 1.10 for a few files. Run these files through the new gofmt to ease the development process going forward.
2018-08-28 15:25:44 +00:00
"lfs.url": "https://user:pass@git-server.com/repo",
lfsapi: stop writing url auth to access keys
2016-12-23 17:42:57 +00:00
"lfs.https://git-server.com/repo.access": "basic",
lfsapi: fix bugs with getting the correct creds URL and setting the access properly
2016-12-23 03:06:51 +00:00
},
Expected: getCredsExpected{
Access: BasicAccess,
Authorization: basicAuth("user", "pass"),
lfsapi: add DoWithAuth()
2016-12-20 00:14:03 +00:00
},
lfsapi: Implement getCreds()
2016-12-19 21:38:06 +00:00
},
lfsapi: fix bugs with getting the correct creds URL and setting the access properly
2016-12-23 03:06:51 +00:00
"git url auth": getCredsTest{
lfsapi: add Access param to DoWithAuth() Add a new Access parameter to DoWithAuth() to allow callers to specify the URL Access Mode. This removes the assumption that DoWithAuth() will always be used for an LFS API request. This commit also adds DoAPIRequestWithAuth(), which provides the functionality of DoWithAuth() while explicitly using the LFS API endpoint for the access mode, allowing parity with the previous DoWithAuth() functionality.
2018-09-24 23:45:32 +00:00
Remote: "origin",
Method: "GET",
Href: "https://git-server.com/repo/locks",
Endpoint: "https://git-server.com/repo",
lfsapi: fix bugs with getting the correct creds URL and setting the access properly
2016-12-23 03:06:51 +00:00
Config: map[string]string{
Tidy files with Go 1.11's gofmt We recently updated to Go 1.11. In that version, the output of gofmt changed from 1.10 for a few files. Run these files through the new gofmt to ease the development process going forward.
2018-08-28 15:25:44 +00:00
"lfs.url": "https://git-server.com/repo",
lfsapi: fix bugs with getting the correct creds URL and setting the access properly
2016-12-23 03:06:51 +00:00
"lfs.https://git-server.com/repo.access": "basic",
"remote.origin.url": "https://user:pass@git-server.com/repo",
},
Expected: getCredsExpected{
Access: BasicAccess,
Authorization: basicAuth("user", "pass"),
},
lfsapi: Implement getCreds()
2016-12-19 21:38:06 +00:00
},
lfsapi: fix bugs with getting the correct creds URL and setting the access properly
2016-12-23 03:06:51 +00:00
"scheme mismatch": getCredsTest{
lfsapi: add Access param to DoWithAuth() Add a new Access parameter to DoWithAuth() to allow callers to specify the URL Access Mode. This removes the assumption that DoWithAuth() will always be used for an LFS API request. This commit also adds DoAPIRequestWithAuth(), which provides the functionality of DoWithAuth() while explicitly using the LFS API endpoint for the access mode, allowing parity with the previous DoWithAuth() functionality.
2018-09-24 23:45:32 +00:00
Remote: "origin",
Method: "GET",
Href: "http://git-server.com/repo/lfs/locks",
Endpoint: "https://git-server.com/repo/lfs",
lfsapi: Implement getCreds()
2016-12-19 21:38:06 +00:00
Config: map[string]string{
lfsapi: fix bugs with getting the correct creds URL and setting the access properly
2016-12-23 03:06:51 +00:00
"lfs.url": "https://git-server.com/repo/lfs",
"lfs.https://git-server.com/repo/lfs.access": "basic",
},
Expected: getCredsExpected{
Access: BasicAccess,
Authorization: basicAuth("git-server.com", "monkey"),
CredsURL: "http://git-server.com/repo/lfs/locks",
Creds: map[string]string{
"protocol": "http",
"host": "git-server.com",
"username": "git-server.com",
"password": "monkey",
},
lfsapi: Implement getCreds()
2016-12-19 21:38:06 +00:00
},
},
lfsapi: fix bugs with getting the correct creds URL and setting the access properly
2016-12-23 03:06:51 +00:00
"host mismatch": getCredsTest{
lfsapi: add Access param to DoWithAuth() Add a new Access parameter to DoWithAuth() to allow callers to specify the URL Access Mode. This removes the assumption that DoWithAuth() will always be used for an LFS API request. This commit also adds DoAPIRequestWithAuth(), which provides the functionality of DoWithAuth() while explicitly using the LFS API endpoint for the access mode, allowing parity with the previous DoWithAuth() functionality.
2018-09-24 23:45:32 +00:00
Remote: "origin",
Method: "GET",
Href: "https://lfs-server.com/repo/lfs/locks",
Endpoint: "https://git-server.com/repo/lfs",
lfsapi: add DoWithAuth()
2016-12-20 00:14:03 +00:00
Config: map[string]string{
lfsapi: fix bugs with getting the correct creds URL and setting the access properly
2016-12-23 03:06:51 +00:00
"lfs.url": "https://git-server.com/repo/lfs",
"lfs.https://git-server.com/repo/lfs.access": "basic",
},
Expected: getCredsExpected{
Access: BasicAccess,
Authorization: basicAuth("lfs-server.com", "monkey"),
CredsURL: "https://lfs-server.com/repo/lfs/locks",
Creds: map[string]string{
"protocol": "https",
"host": "lfs-server.com",
"username": "lfs-server.com",
"password": "monkey",
},
lfsapi: add DoWithAuth()
2016-12-20 00:14:03 +00:00
},
lfsapi: Implement getCreds()
2016-12-19 21:38:06 +00:00
},
lfsapi: fix bugs with getting the correct creds URL and setting the access properly
2016-12-23 03:06:51 +00:00
"port mismatch": getCredsTest{
lfsapi: add Access param to DoWithAuth() Add a new Access parameter to DoWithAuth() to allow callers to specify the URL Access Mode. This removes the assumption that DoWithAuth() will always be used for an LFS API request. This commit also adds DoAPIRequestWithAuth(), which provides the functionality of DoWithAuth() while explicitly using the LFS API endpoint for the access mode, allowing parity with the previous DoWithAuth() functionality.
2018-09-24 23:45:32 +00:00
Remote: "origin",
Method: "GET",
Href: "https://git-server.com:8080/repo/lfs/locks",
Endpoint: "https://git-server.com/repo/lfs",
lfsapi: fix bugs with getting the correct creds URL and setting the access properly
2016-12-23 03:06:51 +00:00
Config: map[string]string{
"lfs.url": "https://git-server.com/repo/lfs",
"lfs.https://git-server.com/repo/lfs.access": "basic",
},
Expected: getCredsExpected{
Access: BasicAccess,
Authorization: basicAuth("git-server.com:8080", "monkey"),
CredsURL: "https://git-server.com:8080/repo/lfs/locks",
Creds: map[string]string{
"protocol": "https",
"host": "git-server.com:8080",
"username": "git-server.com:8080",
"password": "monkey",
},
},
lfsapi: Implement getCreds()
2016-12-19 21:38:06 +00:00
},
lfsapi/auth_test: add a "bare ssh URI" test case
2017-03-28 16:16:12 +00:00
"bare ssh URI": getCredsTest{
lfsapi: add Access param to DoWithAuth() Add a new Access parameter to DoWithAuth() to allow callers to specify the URL Access Mode. This removes the assumption that DoWithAuth() will always be used for an LFS API request. This commit also adds DoAPIRequestWithAuth(), which provides the functionality of DoWithAuth() while explicitly using the LFS API endpoint for the access mode, allowing parity with the previous DoWithAuth() functionality.
2018-09-24 23:45:32 +00:00
Remote: "origin",
Method: "POST",
Href: "https://git-server.com/repo/lfs/objects/batch",
Endpoint: "https://git-server.com/repo/lfs",
lfsapi/auth_test: add a "bare ssh URI" test case
2017-03-28 16:16:12 +00:00
Config: map[string]string{
"lfs.url": "https://git-server.com/repo/lfs",
"lfs.https://git-server.com/repo/lfs.access": "basic",
"remote.origin.url": "git@git-server.com:repo.git",
},
Expected: getCredsExpected{
Access: BasicAccess,
Authorization: basicAuth("git-server.com", "monkey"),
CredsURL: "https://git-server.com/repo/lfs",
Creds: map[string]string{
"host": "git-server.com",
"password": "monkey",
"protocol": "https",
"username": "git-server.com",
},
},
},
lfsapi: Implement getCreds()
2016-12-19 21:38:06 +00:00
}
lfsapi: fix bugs with getting the correct creds URL and setting the access properly
2016-12-23 03:06:51 +00:00
for desc, test := range tests {
t.Log(desc)
req, err := http.NewRequest(test.Method, test.Href, nil)
lfsapi: Implement getCreds()
2016-12-19 21:38:06 +00:00
if err != nil {
lfsapi: fix bugs with getting the correct creds URL and setting the access properly
2016-12-23 03:06:51 +00:00
t.Errorf("[%s] %s", desc, err)
lfsapi: Implement getCreds()
2016-12-19 21:38:06 +00:00
continue
}
lfsapi: fix bugs with getting the correct creds URL and setting the access properly
2016-12-23 03:06:51 +00:00
for key, value := range test.Header {
lfsapi: Implement getCreds()
2016-12-19 21:38:06 +00:00
req.Header.Set(key, value)
}
lfsapi: use read-only Git configuration object in tests Portions of this test call into the HTTP code, which eventually tries to write an lfs.*.access = basic setting into .git/config. Unfortunately, the .git/config it tries to use is that of the developer's git-lfs repository, which leads to a large number of substantially similar and mostly useless entries. To keep the developer's repository tidy and the test environment isolated, use a read-only Git configuration object in the tests. As a result, this code path will fail silently. This is good for tests, and should not impact real use negatively, because an actual client will simply fall back to determining this automatically.
2018-10-25 21:30:45 +00:00
ctx := lfshttp.NewContext(git.NewReadOnlyConfig("", ""), nil, test.Config)
lfsapi: only send 'path' to cred helpers if credential.useHttpPath is on
2017-10-26 22:29:43 +00:00
client, _ := NewClient(ctx)
client.Credentials = &fakeCredentialFiller{}
client.Endpoints = NewEndpointFinder(ctx)
Initial pass at wrapping the credential data so that prompting the user can be delayed when necessary.
2019-04-18 14:41:55 +00:00
credWrapper, err := client.getCreds(test.Remote, client.Endpoints.AccessFor(test.Endpoint), req)
lfsapi: fix bugs with getting the correct creds URL and setting the access properly
2016-12-23 03:06:51 +00:00
if !assert.Nil(t, err) {
lfsapi: Implement getCreds()
2016-12-19 21:38:06 +00:00
continue
}
lfsapi: add Access param to DoWithAuth() Add a new Access parameter to DoWithAuth() to allow callers to specify the URL Access Mode. This removes the assumption that DoWithAuth() will always be used for an LFS API request. This commit also adds DoAPIRequestWithAuth(), which provides the functionality of DoWithAuth() while explicitly using the LFS API endpoint for the access mode, allowing parity with the previous DoWithAuth() functionality.
2018-09-24 23:45:32 +00:00
lfsapi: fix bugs with getting the correct creds URL and setting the access properly
2016-12-23 03:06:51 +00:00
assert.Equal(t, test.Expected.Authorization, req.Header.Get("Authorization"), "authorization")
lfsapi: Implement getCreds()
2016-12-19 21:38:06 +00:00
lfsapi: fix bugs with getting the correct creds URL and setting the access properly
2016-12-23 03:06:51 +00:00
if test.Expected.Creds != nil {
Initial pass at wrapping the credential data so that prompting the user can be delayed when necessary.
2019-04-18 14:41:55 +00:00
assert.EqualValues(t, test.Expected.Creds, credWrapper.Creds)
lfsapi: Implement getCreds()
2016-12-19 21:38:06 +00:00
} else {
Initial pass at wrapping the credential data so that prompting the user can be delayed when necessary.
2019-04-18 14:41:55 +00:00
assert.Nil(t, credWrapper.Creds, "creds")
lfsapi: Implement getCreds()
2016-12-19 21:38:06 +00:00
}
lfsapi: fix bugs with getting the correct creds URL and setting the access properly
2016-12-23 03:06:51 +00:00
if len(test.Expected.CredsURL) > 0 {
Initial pass at wrapping the credential data so that prompting the user can be delayed when necessary.
2019-04-18 14:41:55 +00:00
if assert.NotNil(t, credWrapper.Url, "credURL") {
assert.Equal(t, test.Expected.CredsURL, credWrapper.Url.String(), "credURL")
lfsapi: Implement getCreds()
2016-12-19 21:38:06 +00:00
}
} else {
Initial pass at wrapping the credential data so that prompting the user can be delayed when necessary.
2019-04-18 14:41:55 +00:00
assert.Nil(t, credWrapper.Url)
lfsapi: Implement getCreds()
2016-12-19 21:38:06 +00:00
}
}
}
type fakeCredentialFiller struct{}
Move credential handling to its own package In a future commit, we're going to be accessing credential handling from multiple packages. To avoid an import loop, move credential handling into its own package. Update all the callers of the credential handling code to use a qualified name. Where there is a local variable called "creds", which would conflict with our package name, rename it "cred" instead.
2018-09-19 15:05:48 +00:00
func (f *fakeCredentialFiller) Fill(input creds.Creds) (creds.Creds, error) {
output := make(creds.Creds)
lfsapi: Implement getCreds()
2016-12-19 21:38:06 +00:00
for key, value := range input {
output[key] = value
}
if _, ok := output["username"]; !ok {
output["username"] = input["host"]
}
output["password"] = "monkey"
return output, nil
}
Move credential handling to its own package In a future commit, we're going to be accessing credential handling from multiple packages. To avoid an import loop, move credential handling into its own package. Update all the callers of the credential handling code to use a qualified name. Where there is a local variable called "creds", which would conflict with our package name, rename it "cred" instead.
2018-09-19 15:05:48 +00:00
func (f *fakeCredentialFiller) Approve(creds creds.Creds) error {
lfsapi: Implement getCreds()
2016-12-19 21:38:06 +00:00
return errors.New("Not implemented")
}
Move credential handling to its own package In a future commit, we're going to be accessing credential handling from multiple packages. To avoid an import loop, move credential handling into its own package. Update all the callers of the credential handling code to use a qualified name. Where there is a local variable called "creds", which would conflict with our package name, rename it "cred" instead.
2018-09-19 15:05:48 +00:00
func (f *fakeCredentialFiller) Reject(creds creds.Creds) error {
lfsapi: Implement getCreds()
2016-12-19 21:38:06 +00:00
return errors.New("Not implemented")
}
lfsapi: extract new lfshttp package Extract more basic http-related functionality out of lfsapi and into a new package, lfshttp. Everything is currently functional aside from authorization.
2018-09-06 21:42:41 +00:00
lfsapi: implement auth redirects Refactor the client redirect code to allow lfsapi to re-authenticate redirected requests
2018-09-11 21:14:37 +00:00
func TestClientRedirectReauthenticate(t *testing.T) {
var srv1, srv2 *httptest.Server
var called1, called2 uint32
Move credential handling to its own package In a future commit, we're going to be accessing credential handling from multiple packages. To avoid an import loop, move credential handling into its own package. Update all the callers of the credential handling code to use a qualified name. Where there is a local variable called "creds", which would conflict with our package name, rename it "cred" instead.
2018-09-19 15:05:48 +00:00
var creds1, creds2 creds.Creds
lfsapi: implement auth redirects Refactor the client redirect code to allow lfsapi to re-authenticate redirected requests
2018-09-11 21:14:37 +00:00
srv1 = httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
atomic.AddUint32(&called1, 1)
if hdr := r.Header.Get("Authorization"); len(hdr) > 0 {
parts := strings.SplitN(hdr, " ", 2)
typ, b64 := parts[0], parts[1]
auth, err := base64.URLEncoding.DecodeString(b64)
assert.Nil(t, err)
assert.Equal(t, "Basic", typ)
assert.Equal(t, "user1:pass1", string(auth))
http.Redirect(w, r, srv2.URL+r.URL.Path, http.StatusMovedPermanently)
return
}
w.WriteHeader(http.StatusUnauthorized)
}))
srv2 = httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
atomic.AddUint32(&called2, 1)
parts := strings.SplitN(r.Header.Get("Authorization"), " ", 2)
typ, b64 := parts[0], parts[1]
auth, err := base64.URLEncoding.DecodeString(b64)
assert.Nil(t, err)
assert.Equal(t, "Basic", typ)
assert.Equal(t, "user2:pass2", string(auth))
}))
// Change the URL of srv2 to make it appears as if it is a different
// host.
srv2.URL = strings.Replace(srv2.URL, "127.0.0.1", "0.0.0.0", 1)
Move credential handling to its own package In a future commit, we're going to be accessing credential handling from multiple packages. To avoid an import loop, move credential handling into its own package. Update all the callers of the credential handling code to use a qualified name. Where there is a local variable called "creds", which would conflict with our package name, rename it "cred" instead.
2018-09-19 15:05:48 +00:00
creds1 = creds.Creds(map[string]string{
lfsapi: implement auth redirects Refactor the client redirect code to allow lfsapi to re-authenticate redirected requests
2018-09-11 21:14:37 +00:00
"protocol": "http",
"host": strings.TrimPrefix(srv1.URL, "http://"),
"username": "user1",
"password": "pass1",
})
Move credential handling to its own package In a future commit, we're going to be accessing credential handling from multiple packages. To avoid an import loop, move credential handling into its own package. Update all the callers of the credential handling code to use a qualified name. Where there is a local variable called "creds", which would conflict with our package name, rename it "cred" instead.
2018-09-19 15:05:48 +00:00
creds2 = creds.Creds(map[string]string{
lfsapi: implement auth redirects Refactor the client redirect code to allow lfsapi to re-authenticate redirected requests
2018-09-11 21:14:37 +00:00
"protocol": "http",
"host": strings.TrimPrefix(srv2.URL, "http://"),
"username": "user2",
"password": "pass2",
})
defer srv1.Close()
defer srv2.Close()
c, err := NewClient(lfshttp.NewContext(nil, nil, nil))
Move credential handling to its own package In a future commit, we're going to be accessing credential handling from multiple packages. To avoid an import loop, move credential handling into its own package. Update all the callers of the credential handling code to use a qualified name. Where there is a local variable called "creds", which would conflict with our package name, rename it "cred" instead.
2018-09-19 15:05:48 +00:00
cred := creds.NewCredentialCacher()
cred.Approve(creds1)
cred.Approve(creds2)
c.Credentials = cred
lfsapi: implement auth redirects Refactor the client redirect code to allow lfsapi to re-authenticate redirected requests
2018-09-11 21:14:37 +00:00
req, err := http.NewRequest("GET", srv1.URL, nil)
require.Nil(t, err)
lfsapi: add Access param to DoWithAuth() Add a new Access parameter to DoWithAuth() to allow callers to specify the URL Access Mode. This removes the assumption that DoWithAuth() will always be used for an LFS API request. This commit also adds DoAPIRequestWithAuth(), which provides the functionality of DoWithAuth() while explicitly using the LFS API endpoint for the access mode, allowing parity with the previous DoWithAuth() functionality.
2018-09-24 23:45:32 +00:00
_, err = c.DoAPIRequestWithAuth("", req)
lfsapi: implement auth redirects Refactor the client redirect code to allow lfsapi to re-authenticate redirected requests
2018-09-11 21:14:37 +00:00
assert.Nil(t, err)
// called1 is 2 since LFS tries an unauthenticated request first
assert.EqualValues(t, 2, called1)
assert.EqualValues(t, 1, called2)
}
Reference in New Issue Copy Permalink