From: "M Hickford via GitGitGadget" <gitgitgadget@gmail.com>
To: git@vger.kernel.org
Cc: M Hickford <mirth.hickford@gmail.com>,
M Hickford <mirth.hickford@gmail.com>
Subject: [PATCH] credential-cache: respect request capabilities
Date: Fri, 20 Dec 2024 21:18:53 +0000 [thread overview]
Message-ID: <pull.1842.git.1734729534213.gitgitgadget@gmail.com> (raw)
From: M Hickford <mirth.hickford@gmail.com>
Previously, credential-cache responded with capability[]=authtype
regardless of request.
The capabilities in a credential helper response should be a subset of
the capabilities in the request.
Signed-off-by: M Hickford <mirth.hickford@gmail.com>
---
credential-cache: respect request capabilities
Published-As: https://github.com/gitgitgadget/git/releases/tag/pr-1842%2Fhickford%2Fcache-capability-v1
Fetch-It-Via: git fetch https://github.com/gitgitgadget/git pr-1842/hickford/cache-capability-v1
Pull-Request: https://github.com/gitgitgadget/git/pull/1842
builtin/credential-cache--daemon.c | 11 +++++------
t/lib-credential.sh | 15 +++++++++++++++
t/t0303-credential-external.sh | 1 +
3 files changed, 21 insertions(+), 6 deletions(-)
diff --git a/builtin/credential-cache--daemon.c b/builtin/credential-cache--daemon.c
index bc22f5c6d24..692216cf83c 100644
--- a/builtin/credential-cache--daemon.c
+++ b/builtin/credential-cache--daemon.c
@@ -134,17 +134,16 @@ static void serve_one_client(FILE *in, FILE *out)
else if (!strcmp(action.buf, "get")) {
struct credential_cache_entry *e = lookup_credential(&c);
if (e) {
- e->item.capa_authtype.request_initial = 1;
- e->item.capa_authtype.request_helper = 1;
-
- fprintf(out, "capability[]=authtype\n");
+ if (credential_has_capability(&c.capa_authtype, CREDENTIAL_OP_RESPONSE)) {
+ fprintf(out, "capability[]=authtype\n");
+ }
if (e->item.username)
fprintf(out, "username=%s\n", e->item.username);
if (e->item.password)
fprintf(out, "password=%s\n", e->item.password);
- if (credential_has_capability(&c.capa_authtype, CREDENTIAL_OP_HELPER) && e->item.authtype)
+ if (credential_has_capability(&c.capa_authtype, CREDENTIAL_OP_RESPONSE) && e->item.authtype)
fprintf(out, "authtype=%s\n", e->item.authtype);
- if (credential_has_capability(&c.capa_authtype, CREDENTIAL_OP_HELPER) && e->item.credential)
+ if (credential_has_capability(&c.capa_authtype, CREDENTIAL_OP_RESPONSE) && e->item.credential)
fprintf(out, "credential=%s\n", e->item.credential);
if (e->item.password_expiry_utc != TIME_MAX)
fprintf(out, "password_expiry_utc=%"PRItime"\n",
diff --git a/t/lib-credential.sh b/t/lib-credential.sh
index 58b9c740605..fe170b513fd 100644
--- a/t/lib-credential.sh
+++ b/t/lib-credential.sh
@@ -566,6 +566,21 @@ helper_test_authtype() {
EOF
'
+ test_expect_success "helper ($HELPER) does not get authtype and credential without authtype capability" '
+ check fill $HELPER <<-\EOF
+ protocol=https
+ host=git.example.com
+ --
+ protocol=https
+ host=git.example.com
+ username=askpass-username
+ password=askpass-password
+ --
+ askpass: Username for '\''https://git.example.com'\'':
+ askpass: Password for '\''https://askpass-username@git.example.com'\'':
+ EOF
+ '
+
test_expect_success "helper ($HELPER) stores authtype and credential with username" '
check approve $HELPER <<-\EOF
capability[]=authtype
diff --git a/t/t0303-credential-external.sh b/t/t0303-credential-external.sh
index 8aadbe86c45..437eae5002a 100755
--- a/t/t0303-credential-external.sh
+++ b/t/t0303-credential-external.sh
@@ -63,6 +63,7 @@ helper_test_clean "$GIT_TEST_CREDENTIAL_HELPER"
helper_test "$GIT_TEST_CREDENTIAL_HELPER"
helper_test_password_expiry_utc "$GIT_TEST_CREDENTIAL_HELPER"
helper_test_oauth_refresh_token "$GIT_TEST_CREDENTIAL_HELPER"
+helper_test_authtype "$GIT_TEST_CREDENTIAL_HELPER"
if test -z "$GIT_TEST_CREDENTIAL_HELPER_TIMEOUT"; then
say "# skipping timeout tests (GIT_TEST_CREDENTIAL_HELPER_TIMEOUT not set)"
base-commit: 92999a42db1c5f43f330e4f2bca4026b5b81576f
--
gitgitgadget
next reply other threads:[~2024-12-20 21:18 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-12-20 21:18 M Hickford via GitGitGadget [this message]
2025-01-06 19:52 ` [PATCH v2] credential-cache: respect request capabilities M Hickford via GitGitGadget
2025-01-06 22:32 ` brian m. carlson
2025-01-06 22:57 ` M Hickford
2025-01-06 23:05 ` brian m. carlson
2025-01-06 23:05 ` [PATCH v3] " M Hickford via GitGitGadget
2025-01-07 1:19 ` [PATCH v4] " M Hickford via GitGitGadget
2025-01-08 2:05 ` Junio C Hamano
2025-01-09 22:45 ` [PATCH v5] credential-cache: respect authtype capability M Hickford via GitGitGadget
2025-01-18 20:09 ` M Hickford
2025-01-18 20:14 ` brian m. carlson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=pull.1842.git.1734729534213.gitgitgadget@gmail.com \
--to=gitgitgadget@gmail.com \
--cc=git@vger.kernel.org \
--cc=mirth.hickford@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.