From: Junio C Hamano <gitster@pobox.com>
To: Ashlesh Gawande <git@ashlesh.me>
Cc: git@vger.kernel.org, sandals@crustytoothpaste.net
Subject: Re: [PATCH v2] t5550: add netrc tests for http 401/403
Date: Wed, 07 Jan 2026 09:32:34 +0900 [thread overview]
Message-ID: <xmqqwm1ui7od.fsf@gitster.g> (raw)
In-Reply-To: <20260106114029.763351-1-git@ashlesh.me> (Ashlesh Gawande's message of "Tue, 6 Jan 2026 17:10:29 +0530")
Ashlesh Gawande <git@ashlesh.me> writes:
Here between the title and your sign-off is a space to explain why
it makes sense to add these new tests. One way to do so may be to
explain that some cases were missing in the existing tests, and the
new ones are added to cover those cases, i.e., what the new tests
try to see under what situation, what behaviour do we expect out of
the system, and why do we expect that behaviour?
Thanks.
> Signed-off-by: Ashlesh Gawande <git@ashlesh.me>
> ---
> Range-diff against v1:
> 1: 27e112ea42 ! 1: 0b68f1d1af t5550: add netrc tests for http 401/403
> @@ Commit message
> Signed-off-by: Ashlesh Gawande <git@ashlesh.me>
>
> ## t/lib-httpd.sh ##
> -@@ t/lib-httpd.sh: set_askpass() {
> +@@ t/lib-httpd.sh: setup_askpass_helper() {
> + '
> + }
> +
> +-set_askpass() {
> ++set_askpass () {
> + >"$TRASH_DIRECTORY/askpass-query" &&
> + echo "$1" >"$TRASH_DIRECTORY/askpass-user" &&
> echo "$2" >"$TRASH_DIRECTORY/askpass-pass"
> }
>
> -+set_netrc() {
> +-expect_askpass() {
> ++set_netrc () {
> + # $HOME=$TRASH_DIRECTORY
> -+ echo "machine $1 login $2 password $3" > $TRASH_DIRECTORY/.netrc
> ++ echo "machine $1 login $2 password $3" >"$TRASH_DIRECTORY/.netrc"
> +}
> +
> -+clear_netrc() {
> -+ rm "$TRASH_DIRECTORY/.netrc"
> ++clear_netrc () {
> ++ rm -f "$TRASH_DIRECTORY/.netrc"
> +}
> +
> - expect_askpass() {
> ++expect_askpass () {
> dest=$HTTPD_DEST${3+/$3}
>
> + {
>
> ## t/lib-httpd/apache.conf ##
> @@ t/lib-httpd/apache.conf: SSLEngine On
> @@ t/t5550-http-fetch-dumb.sh: test_expect_success 'cloning password-protected repo
> '
>
> +test_expect_success 'using credentials from netrc to clone successfully' '
> ++ test_when_finished clear_netrc &&
> + set_askpass wrong &&
> + set_netrc 127.0.0.1 user@host pass@host &&
> + git clone "$HTTPD_URL/auth/dumb/repo.git" clone-auth-netrc &&
> + expect_askpass none
> +'
> -+clear_netrc
> +
> +test_expect_success 'netrc unauthorized credentials (prompt after 401)' '
> ++ test_when_finished clear_netrc &&
> + set_askpass wrong &&
> + set_netrc 127.0.0.1 user@host pass@wrong &&
> + test_must_fail git clone "$HTTPD_URL/auth/dumb/repo.git" clone-auth-netrc-401 &&
> + expect_askpass both wrong
> +'
> -+clear_netrc
> +
> +test_expect_success 'netrc authorized but forbidden credentials (fail on 403)' '
> ++ test_when_finished clear_netrc &&
> + set_askpass wrong &&
> + set_netrc 127.0.0.1 forbidden-user@host pass@host &&
> + test_must_fail git clone "$HTTPD_URL/auth/dumb/repo.git" clone-auth-netrc-403 2>err &&
> + expect_askpass none &&
> + grep "The requested URL returned error: 403" err
> +'
> -+clear_netrc
> +
> test_expect_success 'http auth can use user/pass in URL' '
> set_askpass wrong &&
>
> t/lib-httpd.sh | 13 +++++++++++--
> t/lib-httpd/apache.conf | 4 ++++
> t/lib-httpd/passwd | 1 +
> t/t5550-http-fetch-dumb.sh | 25 +++++++++++++++++++++++++
> 4 files changed, 41 insertions(+), 2 deletions(-)
>
> diff --git a/t/lib-httpd.sh b/t/lib-httpd.sh
> index 5091db949b..5f42c311c2 100644
> --- a/t/lib-httpd.sh
> +++ b/t/lib-httpd.sh
> @@ -319,13 +319,22 @@ setup_askpass_helper() {
> '
> }
>
> -set_askpass() {
> +set_askpass () {
> >"$TRASH_DIRECTORY/askpass-query" &&
> echo "$1" >"$TRASH_DIRECTORY/askpass-user" &&
> echo "$2" >"$TRASH_DIRECTORY/askpass-pass"
> }
>
> -expect_askpass() {
> +set_netrc () {
> + # $HOME=$TRASH_DIRECTORY
> + echo "machine $1 login $2 password $3" >"$TRASH_DIRECTORY/.netrc"
> +}
> +
> +clear_netrc () {
> + rm -f "$TRASH_DIRECTORY/.netrc"
> +}
> +
> +expect_askpass () {
> dest=$HTTPD_DEST${3+/$3}
>
> {
> diff --git a/t/lib-httpd/apache.conf b/t/lib-httpd/apache.conf
> index e631ab0eb5..6b8c50a51a 100644
> --- a/t/lib-httpd/apache.conf
> +++ b/t/lib-httpd/apache.conf
> @@ -238,6 +238,10 @@ SSLEngine On
> AuthName "git-auth"
> AuthUserFile passwd
> Require valid-user
> +
> + # return 403 for authenticated user: forbidden-user@host
> + RewriteCond "%{REMOTE_USER}" "^forbidden-user@host"
> + RewriteRule ^ - [F]
> </Location>
>
> <LocationMatch "^/auth-push/.*/git-receive-pack$">
> diff --git a/t/lib-httpd/passwd b/t/lib-httpd/passwd
> index d9c122f348..3bab7b6423 100644
> --- a/t/lib-httpd/passwd
> +++ b/t/lib-httpd/passwd
> @@ -1 +1,2 @@
> user@host:$apr1$LGPmCZWj$9vxEwj5Z5GzQLBMxp3mCx1
> +forbidden-user@host:$apr1$LGPmCZWj$9vxEwj5Z5GzQLBMxp3mCx1
> diff --git a/t/t5550-http-fetch-dumb.sh b/t/t5550-http-fetch-dumb.sh
> index ed0ad66fad..9530f01b9e 100755
> --- a/t/t5550-http-fetch-dumb.sh
> +++ b/t/t5550-http-fetch-dumb.sh
> @@ -102,6 +102,31 @@ test_expect_success 'cloning password-protected repository can fail' '
> expect_askpass both wrong
> '
>
> +test_expect_success 'using credentials from netrc to clone successfully' '
> + test_when_finished clear_netrc &&
> + set_askpass wrong &&
> + set_netrc 127.0.0.1 user@host pass@host &&
> + git clone "$HTTPD_URL/auth/dumb/repo.git" clone-auth-netrc &&
> + expect_askpass none
> +'
> +
> +test_expect_success 'netrc unauthorized credentials (prompt after 401)' '
> + test_when_finished clear_netrc &&
> + set_askpass wrong &&
> + set_netrc 127.0.0.1 user@host pass@wrong &&
> + test_must_fail git clone "$HTTPD_URL/auth/dumb/repo.git" clone-auth-netrc-401 &&
> + expect_askpass both wrong
> +'
> +
> +test_expect_success 'netrc authorized but forbidden credentials (fail on 403)' '
> + test_when_finished clear_netrc &&
> + set_askpass wrong &&
> + set_netrc 127.0.0.1 forbidden-user@host pass@host &&
> + test_must_fail git clone "$HTTPD_URL/auth/dumb/repo.git" clone-auth-netrc-403 2>err &&
> + expect_askpass none &&
> + grep "The requested URL returned error: 403" err
> +'
> +
> test_expect_success 'http auth can use user/pass in URL' '
> set_askpass wrong &&
> git clone "$HTTPD_URL_USER_PASS/auth/dumb/repo.git" clone-auth-none &&
next prev parent reply other threads:[~2026-01-07 0:32 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-01-06 9:34 [PATCH] t5550: add netrc tests for http 401/403 Ashlesh Gawande
2026-01-06 10:20 ` Junio C Hamano
2026-01-06 11:47 ` Ashlesh Gawande
2026-01-06 11:40 ` [PATCH v2] " Ashlesh Gawande
2026-01-07 0:32 ` Junio C Hamano [this message]
2026-01-07 7:47 ` [PATCH v3] " Ashlesh Gawande
2026-01-31 12:33 ` Ashlesh Gawande
2026-02-06 5:05 ` Junio C Hamano
2026-02-06 9:38 ` Jeff King
2026-02-06 15:25 ` Ashlesh Gawande
2026-02-06 15:53 ` Ashlesh Gawande
2026-02-06 20:44 ` Jeff King
2026-02-06 17:39 ` Junio C Hamano
2026-02-06 20:53 ` Jeff King
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=xmqqwm1ui7od.fsf@gitster.g \
--to=gitster@pobox.com \
--cc=git@ashlesh.me \
--cc=git@vger.kernel.org \
--cc=sandals@crustytoothpaste.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox