t5563: add tests for basic and anoymous HTTP access
Add a test showing simple anoymous HTTP access to an unprotected repository, that results in no credential helper invocations. Also add a test demonstrating simple basic authentication with simple credential helper support. Leverage a no-parsed headers (NPH) CGI script so that we can directly control the HTTP responses to simulate a multitude of good, bad and ugly remote server implementations around auth. Signed-off-by: Matthew John Cheetham <mjcheetham@outlook.com> Signed-off-by: Junio C Hamano <gitster@pobox.com>
This commit is contained in:
Matthew John Cheetham
committed by
Junio C Hamano
Junio C Hamano
parent
7876265d61
commit
988aad99b4
@ -135,6 +135,11 @@ Alias /auth/dumb/ www/auth/dumb/
|
||||
SetEnv GIT_HTTP_EXPORT_ALL
|
||||
SetEnv GIT_PROTOCOL
|
||||
</LocationMatch>
|
||||
<LocationMatch /custom_auth/>
|
||||
SetEnv GIT_EXEC_PATH ${GIT_EXEC_PATH}
|
||||
SetEnv GIT_HTTP_EXPORT_ALL
|
||||
CGIPassAuth on
|
||||
</LocationMatch>
|
||||
ScriptAlias /smart/incomplete_length/git-upload-pack incomplete-length-upload-pack-v2-http.sh/
|
||||
ScriptAlias /smart/incomplete_body/git-upload-pack incomplete-body-upload-pack-v2-http.sh/
|
||||
ScriptAlias /smart/no_report/git-receive-pack error-no-report.sh/
|
||||
@ -144,6 +149,7 @@ ScriptAlias /broken_smart/ broken-smart-http.sh/
|
||||
ScriptAlias /error_smart/ error-smart-http.sh/
|
||||
ScriptAlias /error/ error.sh/
|
||||
ScriptAliasMatch /one_time_perl/(.*) apply-one-time-perl.sh/$1
|
||||
ScriptAliasMatch /custom_auth/(.*) nph-custom-auth.sh/$1
|
||||
<Directory ${GIT_EXEC_PATH}>
|
||||
Options FollowSymlinks
|
||||
</Directory>
|
||||
|
||||
39
t/lib-httpd/nph-custom-auth.sh
Normal file
39
t/lib-httpd/nph-custom-auth.sh
Normal file
@ -0,0 +1,39 @@
|
||||
#!/bin/sh
|
||||
|
||||
VALID_CREDS_FILE=custom-auth.valid
|
||||
CHALLENGE_FILE=custom-auth.challenge
|
||||
|
||||
#
|
||||
# If $VALID_CREDS_FILE exists in $HTTPD_ROOT_PATH, consider each line as a valid
|
||||
# credential for the current request. Each line in the file is considered a
|
||||
# valid HTTP Authorization header value. For example:
|
||||
#
|
||||
# Basic YWxpY2U6c2VjcmV0LXBhc3N3ZA==
|
||||
#
|
||||
# If $CHALLENGE_FILE exists in $HTTPD_ROOT_PATH, output the contents as headers
|
||||
# in a 401 response if no valid authentication credentials were included in the
|
||||
# request. For example:
|
||||
#
|
||||
# WWW-Authenticate: Bearer authorize_uri="id.example.com" p=1 q=0
|
||||
# WWW-Authenticate: Basic realm="example.com"
|
||||
#
|
||||
|
||||
if test -n "$HTTP_AUTHORIZATION" && \
|
||||
grep -Fqsx "${HTTP_AUTHORIZATION}" "$VALID_CREDS_FILE"
|
||||
then
|
||||
# Note that although git-http-backend returns a status line, it
|
||||
# does so using a CGI 'Status' header. Because this script is an
|
||||
# No Parsed Headers (NPH) script, we must return a real HTTP
|
||||
# status line.
|
||||
# This is only a test script, so we don't bother to check for
|
||||
# the actual status from git-http-backend and always return 200.
|
||||
echo 'HTTP/1.1 200 OK'
|
||||
exec "$GIT_EXEC_PATH"/git-http-backend
|
||||
fi
|
||||
|
||||
echo 'HTTP/1.1 401 Authorization Required'
|
||||
if test -f "$CHALLENGE_FILE"
|
||||
then
|
||||
cat "$CHALLENGE_FILE"
|
||||
fi
|
||||
echo
|
||||
Reference in New Issue
Block a user