From b1a43072543f15e30b094539ac2795c299f20e95 Mon Sep 17 00:00:00 2001
From: rick olson <technoweenie@gmail.com>
Date: Thu, 26 Oct 2017 16:29:43 -0600
Subject: [PATCH] lfsapi: only send 'path' to cred helpers if
 credential.useHttpPath is on

---
 lfsapi/auth_test.go | 41 ++++++++++++++++++++++++++++-------------
 lfsapi/creds.go     |  6 ++++--
 lfsapi/ntlm_test.go |  1 -
 3 files changed, 32 insertions(+), 16 deletions(-)

diff --git a/lfsapi/auth_test.go b/lfsapi/auth_test.go
index e55e45e0..349b4563 100644
--- a/lfsapi/auth_test.go
+++ b/lfsapi/auth_test.go
@@ -11,6 +11,7 @@ import (
 	"testing"
 
 	"github.com/git-lfs/git-lfs/errors"
+	"github.com/git-lfs/git-lfs/git"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 )
@@ -93,7 +94,6 @@ func TestDoWithAuthApprove(t *testing.T) {
 	assert.True(t, creds.IsApproved(Creds(map[string]string{
 		"username": "user",
 		"password": "pass",
-		"path":     "repo/lfs",
 		"protocol": "http",
 		"host":     srv.Listener.Addr().String(),
 	})))
@@ -264,6 +264,28 @@ func TestGetCreds(t *testing.T) {
 				"lfs.url": "https://git-server.com/repo/lfs",
 				"lfs.https://git-server.com/repo/lfs.access": "basic",
 			},
+			Expected: getCredsExpected{
+				Access:        BasicAccess,
+				Endpoint:      "https://git-server.com/repo/lfs",
+				Authorization: basicAuth("git-server.com", "monkey"),
+				CredsURL:      "https://git-server.com/repo/lfs",
+				Creds: map[string]string{
+					"protocol": "https",
+					"host":     "git-server.com",
+					"username": "git-server.com",
+					"password": "monkey",
+				},
+			},
+		},
+		"basic access with usehttppath": getCredsTest{
+			Remote: "origin",
+			Method: "GET",
+			Href:   "https://git-server.com/repo/lfs/locks",
+			Config: map[string]string{
+				"lfs.url": "https://git-server.com/repo/lfs",
+				"lfs.https://git-server.com/repo/lfs.access": "basic",
+				"credential.usehttppath":                     "true",
+			},
 			Expected: getCredsExpected{
 				Access:        BasicAccess,
 				Endpoint:      "https://git-server.com/repo/lfs",
@@ -295,7 +317,6 @@ func TestGetCreds(t *testing.T) {
 					"host":     "git-server.com",
 					"username": "git-server.com",
 					"password": "monkey",
-					"path":     "repo/lfs",
 				},
 			},
 		},
@@ -369,7 +390,6 @@ func TestGetCreds(t *testing.T) {
 					"host":     "git-server.com",
 					"username": "user",
 					"password": "monkey",
-					"path":     "repo/lfs",
 				},
 			},
 		},
@@ -392,7 +412,6 @@ func TestGetCreds(t *testing.T) {
 					"host":     "git-server.com",
 					"username": "git-server.com",
 					"password": "monkey",
-					"path":     "repo",
 				},
 			},
 		},
@@ -443,7 +462,6 @@ func TestGetCreds(t *testing.T) {
 					"host":     "git-server.com",
 					"username": "git-server.com",
 					"password": "monkey",
-					"path":     "repo/lfs/locks",
 				},
 			},
 		},
@@ -465,7 +483,6 @@ func TestGetCreds(t *testing.T) {
 					"host":     "lfs-server.com",
 					"username": "lfs-server.com",
 					"password": "monkey",
-					"path":     "repo/lfs/locks",
 				},
 			},
 		},
@@ -487,7 +504,6 @@ func TestGetCreds(t *testing.T) {
 					"host":     "git-server.com:8080",
 					"username": "git-server.com:8080",
 					"password": "monkey",
-					"path":     "repo/lfs/locks",
 				},
 			},
 		},
@@ -509,7 +525,6 @@ func TestGetCreds(t *testing.T) {
 				Creds: map[string]string{
 					"host":     "git-server.com",
 					"password": "monkey",
-					"path":     "repo/lfs",
 					"protocol": "https",
 					"username": "git-server.com",
 				},
@@ -517,10 +532,6 @@ func TestGetCreds(t *testing.T) {
 		},
 	}
 
-	client := &Client{
-		Credentials: &fakeCredentialFiller{},
-		Netrc:       &fakeNetrc{},
-	}
 	for desc, test := range tests {
 		t.Log(desc)
 		req, err := http.NewRequest(test.Method, test.Href, nil)
@@ -533,7 +544,11 @@ func TestGetCreds(t *testing.T) {
 			req.Header.Set(key, value)
 		}
 
-		client.Endpoints = NewEndpointFinder(NewContext(nil, nil, test.Config))
+		ctx := NewContext(git.NewConfig("", ""), nil, test.Config)
+		client, _ := NewClient(ctx)
+		client.Credentials = &fakeCredentialFiller{}
+		client.Netrc = &fakeNetrc{}
+		client.Endpoints = NewEndpointFinder(ctx)
 		endpoint, access, _, credsURL, creds, err := client.getCreds(test.Remote, req)
 		if !assert.Nil(t, err) {
 			continue
diff --git a/lfsapi/creds.go b/lfsapi/creds.go
index 745e5af7..86f1d5c8 100644
--- a/lfsapi/creds.go
+++ b/lfsapi/creds.go
@@ -18,11 +18,13 @@ import (
 // It returns an error if any configuration was invalid, or otherwise
 // un-useable.
 func (c *Client) getCredentialHelper(u *url.URL) (CredentialHelper, Creds) {
-	path := strings.TrimPrefix(u.Path, "/")
-	input := Creds{"protocol": u.Scheme, "host": u.Host, "path": path}
+	input := Creds{"protocol": u.Scheme, "host": u.Host}
 	if u.User != nil && u.User.Username() != "" {
 		input["username"] = u.User.Username()
 	}
+	if c.gitEnv.Bool("credential.usehttppath", false) {
+		input["path"] = strings.TrimPrefix(u.Path, "/")
+	}
 
 	if c.Credentials != nil {
 		return c.Credentials, input
diff --git a/lfsapi/ntlm_test.go b/lfsapi/ntlm_test.go
index fa776173..ab9eba94 100644
--- a/lfsapi/ntlm_test.go
+++ b/lfsapi/ntlm_test.go
@@ -90,7 +90,6 @@ func TestNTLMAuth(t *testing.T) {
 	creds := Creds{
 		"protocol": srvURL.Scheme,
 		"host":     srvURL.Host,
-		"path":     "ntlm",
 		"username": "ntlmdomain\\ntlmuser",
 		"password": "ntlmpass",
 	}