diff options
| author | Matthew John Cheetham <mjcheetham@outlook.com> | 2023-02-27 17:20:18 +0000 |
|---|---|---|
| committer | Junio C Hamano <gitster@pobox.com> | 2023-02-27 10:40:40 -0800 |
| commit | 988aad99b44f3fb3f04f4a75cadf0dbb7ac89ffe (patch) | |
| tree | 73575f7c1da1441def99ccf6fd49c5a4870bb662 /t/lib-httpd/nph-custom-auth.sh | |
| parent | The fourteenth batch (diff) | |
| download | git-988aad99b44f3fb3f04f4a75cadf0dbb7ac89ffe.tar.gz git-988aad99b44f3fb3f04f4a75cadf0dbb7ac89ffe.zip | |
t5563: add tests for basic and anoymous HTTP access
Add a test showing simple anoymous HTTP access to an unprotected
repository, that results in no credential helper invocations.
Also add a test demonstrating simple basic authentication with
simple credential helper support.
Leverage a no-parsed headers (NPH) CGI script so that we can directly
control the HTTP responses to simulate a multitude of good, bad and ugly
remote server implementations around auth.
Signed-off-by: Matthew John Cheetham <mjcheetham@outlook.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
Diffstat (limited to 't/lib-httpd/nph-custom-auth.sh')
| -rw-r--r-- | t/lib-httpd/nph-custom-auth.sh | 39 |
1 files changed, 39 insertions, 0 deletions
diff --git a/t/lib-httpd/nph-custom-auth.sh b/t/lib-httpd/nph-custom-auth.sh new file mode 100644 index 0000000000..f5345e775e --- /dev/null +++ b/t/lib-httpd/nph-custom-auth.sh @@ -0,0 +1,39 @@ +#!/bin/sh + +VALID_CREDS_FILE=custom-auth.valid +CHALLENGE_FILE=custom-auth.challenge + +# +# If $VALID_CREDS_FILE exists in $HTTPD_ROOT_PATH, consider each line as a valid +# credential for the current request. Each line in the file is considered a +# valid HTTP Authorization header value. For example: +# +# Basic YWxpY2U6c2VjcmV0LXBhc3N3ZA== +# +# If $CHALLENGE_FILE exists in $HTTPD_ROOT_PATH, output the contents as headers +# in a 401 response if no valid authentication credentials were included in the +# request. For example: +# +# WWW-Authenticate: Bearer authorize_uri="id.example.com" p=1 q=0 +# WWW-Authenticate: Basic realm="example.com" +# + +if test -n "$HTTP_AUTHORIZATION" && \ + grep -Fqsx "${HTTP_AUTHORIZATION}" "$VALID_CREDS_FILE" +then + # Note that although git-http-backend returns a status line, it + # does so using a CGI 'Status' header. Because this script is an + # No Parsed Headers (NPH) script, we must return a real HTTP + # status line. + # This is only a test script, so we don't bother to check for + # the actual status from git-http-backend and always return 200. + echo 'HTTP/1.1 200 OK' + exec "$GIT_EXEC_PATH"/git-http-backend +fi + +echo 'HTTP/1.1 401 Authorization Required' +if test -f "$CHALLENGE_FILE" +then + cat "$CHALLENGE_FILE" +fi +echo |