public inbox for git@vger.kernel.org
 help / color / mirror / Atom feed
From: Ashlesh Gawande <git@ashlesh.me>
To: git@vger.kernel.org
Cc: sandals@crustytoothpaste.net, gitster@pobox.com,
	Ashlesh Gawande <git@ashlesh.me>
Subject: [PATCH v2] t5550: add netrc tests for http 401/403
Date: Tue,  6 Jan 2026 17:10:29 +0530	[thread overview]
Message-ID: <20260106114029.763351-1-git@ashlesh.me> (raw)
In-Reply-To: <20260106093451.748761-1-git@ashlesh.me>

Signed-off-by: Ashlesh Gawande <git@ashlesh.me>
---
Range-diff against v1:
1:  27e112ea42 ! 1:  0b68f1d1af t5550: add netrc tests for http 401/403
    @@ Commit message
         Signed-off-by: Ashlesh Gawande <git@ashlesh.me>
     
      ## t/lib-httpd.sh ##
    -@@ t/lib-httpd.sh: set_askpass() {
    +@@ t/lib-httpd.sh: setup_askpass_helper() {
    + 	'
    + }
    + 
    +-set_askpass() {
    ++set_askpass () {
    + 	>"$TRASH_DIRECTORY/askpass-query" &&
    + 	echo "$1" >"$TRASH_DIRECTORY/askpass-user" &&
      	echo "$2" >"$TRASH_DIRECTORY/askpass-pass"
      }
      
    -+set_netrc() {
    +-expect_askpass() {
    ++set_netrc () {
     +	# $HOME=$TRASH_DIRECTORY
    -+	echo "machine $1 login $2 password $3" > $TRASH_DIRECTORY/.netrc
    ++	echo "machine $1 login $2 password $3" >"$TRASH_DIRECTORY/.netrc"
     +}
     +
    -+clear_netrc() {
    -+	rm "$TRASH_DIRECTORY/.netrc"
    ++clear_netrc () {
    ++	rm -f "$TRASH_DIRECTORY/.netrc"
     +}
     +
    - expect_askpass() {
    ++expect_askpass () {
      	dest=$HTTPD_DEST${3+/$3}
      
    + 	{
     
      ## t/lib-httpd/apache.conf ##
     @@ t/lib-httpd/apache.conf: SSLEngine On
    @@ t/t5550-http-fetch-dumb.sh: test_expect_success 'cloning password-protected repo
      '
      
     +test_expect_success 'using credentials from netrc to clone successfully' '
    ++	test_when_finished clear_netrc &&
     +	set_askpass wrong &&
     +	set_netrc 127.0.0.1 user@host pass@host &&
     +	git clone "$HTTPD_URL/auth/dumb/repo.git" clone-auth-netrc &&
     +	expect_askpass none
     +'
    -+clear_netrc
     +
     +test_expect_success 'netrc unauthorized credentials (prompt after 401)' '
    ++	test_when_finished clear_netrc &&
     +	set_askpass wrong &&
     +	set_netrc 127.0.0.1 user@host pass@wrong &&
     +	test_must_fail git clone "$HTTPD_URL/auth/dumb/repo.git" clone-auth-netrc-401 &&
     +	expect_askpass both wrong
     +'
    -+clear_netrc
     +
     +test_expect_success 'netrc authorized but forbidden credentials (fail on 403)' '
    ++	test_when_finished clear_netrc &&
     +	set_askpass wrong &&
     +	set_netrc 127.0.0.1 forbidden-user@host pass@host &&
     +	test_must_fail git clone "$HTTPD_URL/auth/dumb/repo.git" clone-auth-netrc-403 2>err &&
     +	expect_askpass none &&
     +	grep "The requested URL returned error: 403" err
     +'
    -+clear_netrc
     +
      test_expect_success 'http auth can use user/pass in URL' '
      	set_askpass wrong &&

 t/lib-httpd.sh             | 13 +++++++++++--
 t/lib-httpd/apache.conf    |  4 ++++
 t/lib-httpd/passwd         |  1 +
 t/t5550-http-fetch-dumb.sh | 25 +++++++++++++++++++++++++
 4 files changed, 41 insertions(+), 2 deletions(-)

diff --git a/t/lib-httpd.sh b/t/lib-httpd.sh
index 5091db949b..5f42c311c2 100644
--- a/t/lib-httpd.sh
+++ b/t/lib-httpd.sh
@@ -319,13 +319,22 @@ setup_askpass_helper() {
 	'
 }
 
-set_askpass() {
+set_askpass () {
 	>"$TRASH_DIRECTORY/askpass-query" &&
 	echo "$1" >"$TRASH_DIRECTORY/askpass-user" &&
 	echo "$2" >"$TRASH_DIRECTORY/askpass-pass"
 }
 
-expect_askpass() {
+set_netrc () {
+	# $HOME=$TRASH_DIRECTORY
+	echo "machine $1 login $2 password $3" >"$TRASH_DIRECTORY/.netrc"
+}
+
+clear_netrc () {
+	rm -f "$TRASH_DIRECTORY/.netrc"
+}
+
+expect_askpass () {
 	dest=$HTTPD_DEST${3+/$3}
 
 	{
diff --git a/t/lib-httpd/apache.conf b/t/lib-httpd/apache.conf
index e631ab0eb5..6b8c50a51a 100644
--- a/t/lib-httpd/apache.conf
+++ b/t/lib-httpd/apache.conf
@@ -238,6 +238,10 @@ SSLEngine On
 	AuthName "git-auth"
 	AuthUserFile passwd
 	Require valid-user
+
+	# return 403 for authenticated user: forbidden-user@host
+	RewriteCond "%{REMOTE_USER}" "^forbidden-user@host"
+	RewriteRule ^ - [F]
 </Location>
 
 <LocationMatch "^/auth-push/.*/git-receive-pack$">
diff --git a/t/lib-httpd/passwd b/t/lib-httpd/passwd
index d9c122f348..3bab7b6423 100644
--- a/t/lib-httpd/passwd
+++ b/t/lib-httpd/passwd
@@ -1 +1,2 @@
 user@host:$apr1$LGPmCZWj$9vxEwj5Z5GzQLBMxp3mCx1
+forbidden-user@host:$apr1$LGPmCZWj$9vxEwj5Z5GzQLBMxp3mCx1
diff --git a/t/t5550-http-fetch-dumb.sh b/t/t5550-http-fetch-dumb.sh
index ed0ad66fad..9530f01b9e 100755
--- a/t/t5550-http-fetch-dumb.sh
+++ b/t/t5550-http-fetch-dumb.sh
@@ -102,6 +102,31 @@ test_expect_success 'cloning password-protected repository can fail' '
 	expect_askpass both wrong
 '
 
+test_expect_success 'using credentials from netrc to clone successfully' '
+	test_when_finished clear_netrc &&
+	set_askpass wrong &&
+	set_netrc 127.0.0.1 user@host pass@host &&
+	git clone "$HTTPD_URL/auth/dumb/repo.git" clone-auth-netrc &&
+	expect_askpass none
+'
+
+test_expect_success 'netrc unauthorized credentials (prompt after 401)' '
+	test_when_finished clear_netrc &&
+	set_askpass wrong &&
+	set_netrc 127.0.0.1 user@host pass@wrong &&
+	test_must_fail git clone "$HTTPD_URL/auth/dumb/repo.git" clone-auth-netrc-401 &&
+	expect_askpass both wrong
+'
+
+test_expect_success 'netrc authorized but forbidden credentials (fail on 403)' '
+	test_when_finished clear_netrc &&
+	set_askpass wrong &&
+	set_netrc 127.0.0.1 forbidden-user@host pass@host &&
+	test_must_fail git clone "$HTTPD_URL/auth/dumb/repo.git" clone-auth-netrc-403 2>err &&
+	expect_askpass none &&
+	grep "The requested URL returned error: 403" err
+'
+
 test_expect_success 'http auth can use user/pass in URL' '
 	set_askpass wrong &&
 	git clone "$HTTPD_URL_USER_PASS/auth/dumb/repo.git" clone-auth-none &&
-- 
2.43.0


  parent reply	other threads:[~2026-01-06 11:47 UTC|newest]

Thread overview: 14+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2026-01-06  9:34 [PATCH] t5550: add netrc tests for http 401/403 Ashlesh Gawande
2026-01-06 10:20 ` Junio C Hamano
2026-01-06 11:47   ` Ashlesh Gawande
2026-01-06 11:40 ` Ashlesh Gawande [this message]
2026-01-07  0:32   ` [PATCH v2] " Junio C Hamano
2026-01-07  7:47   ` [PATCH v3] " Ashlesh Gawande
2026-01-31 12:33     ` Ashlesh Gawande
2026-02-06  5:05     ` Junio C Hamano
2026-02-06  9:38       ` Jeff King
2026-02-06 15:25         ` Ashlesh Gawande
2026-02-06 15:53           ` Ashlesh Gawande
2026-02-06 20:44             ` Jeff King
2026-02-06 17:39         ` Junio C Hamano
2026-02-06 20:53           ` Jeff King

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20260106114029.763351-1-git@ashlesh.me \
    --to=git@ashlesh.me \
    --cc=git@vger.kernel.org \
    --cc=gitster@pobox.com \
    --cc=sandals@crustytoothpaste.net \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox