mirrors/git
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

credential-cache: respect authtype capability

Browse Source 
Previously, credential-cache populated authtype regardless whether
"get" request had authtype capability. As documented in
git-credential.txt, authtype "should not be sent unless the appropriate
capability ... is provided".

Add test. Without this change, the test failed because "credential fill"
printed an incomplete credential with only protocol and host attributes
(the unexpected authtype attribute was discarded by credential.c).

Signed-off-by: M Hickford <mirth.hickford@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
This commit is contained in:
M Hickford
2025-01-09 22:45:20 +00:00
committed by Junio C Hamano
parent 4f71522dfb
commit 0b43274850
2 changed files with 17 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
builtin/credential-cache--daemon.c
View File

@ -141,9 +141,9 @@ static void serve_one_client(FILE *in, FILE *out)
fprintf(out, "username=%s\n", e->item.username);
if (e->item.password)
fprintf(out, "password=%s\n", e->item.password);
if (credential_has_capability(&c.capa_authtype, CREDENTIAL_OP_HELPER) && e->item.authtype)
if (credential_has_capability(&c.capa_authtype, CREDENTIAL_OP_RESPONSE) && e->item.authtype)
fprintf(out, "authtype=%s\n", e->item.authtype);
if (credential_has_capability(&c.capa_authtype, CREDENTIAL_OP_HELPER) && e->item.credential)
if (credential_has_capability(&c.capa_authtype, CREDENTIAL_OP_RESPONSE) && e->item.credential)
fprintf(out, "credential=%s\n", e->item.credential);
if (e->item.password_expiry_utc != TIME_MAX)
fprintf(out, "password_expiry_utc=%"PRItime"\n",

15
t/lib-credential.sh
View File

@ -566,6 +566,21 @@ helper_test_authtype() {
EOF
'
test_expect_success "helper ($HELPER) gets authtype and credential only if request has authtype capability" '
check fill $HELPER <<-\EOF
protocol=https
host=git.example.com
--
protocol=https
host=git.example.com
username=askpass-username
password=askpass-password
--
askpass: Username for '\''https://git.example.com'\'':
askpass: Password for '\''https://askpass-username@git.example.com'\'':
EOF
'
test_expect_success "helper ($HELPER) stores authtype and credential with username" '
check approve $HELPER <<-\EOF
capability[]=authtype