git-commit-vandalism/t/lib-httpd/nph-custom-auth.sh

#!/bin/sh

VALID_CREDS_FILE=custom-auth.valid
CHALLENGE_FILE=custom-auth.challenge

#
# If $VALID_CREDS_FILE exists in $HTTPD_ROOT_PATH, consider each line as a valid
# credential for the current request. Each line in the file is considered a
# valid HTTP Authorization header value. For example:
#
# Basic YWxpY2U6c2VjcmV0LXBhc3N3ZA==
#
# If $CHALLENGE_FILE exists in $HTTPD_ROOT_PATH, output the contents as headers
# in a 401 response if no valid authentication credentials were included in the
# request. For example:
#
# WWW-Authenticate: Bearer authorize_uri="id.example.com" p=1 q=0
# WWW-Authenticate: Basic realm="example.com"
#

if test -n "$HTTP_AUTHORIZATION" && \
	grep -Fqsx "${HTTP_AUTHORIZATION}" "$VALID_CREDS_FILE"
then
	# Note that although git-http-backend returns a status line, it
	# does so using a CGI 'Status' header. Because this script is an
	# No Parsed Headers (NPH) script, we must return a real HTTP
	# status line.
	# This is only a test script, so we don't bother to check for
	# the actual status from git-http-backend and always return 200.
	echo 'HTTP/1.1 200 OK'
	exec "$GIT_EXEC_PATH"/git-http-backend
fi

echo 'HTTP/1.1 401 Authorization Required'
if test -f "$CHALLENGE_FILE"
then
	cat "$CHALLENGE_FILE"
fi
echo
t5563: add tests for basic and anoymous HTTP access Add a test showing simple anoymous HTTP access to an unprotected repository, that results in no credential helper invocations. Also add a test demonstrating simple basic authentication with simple credential helper support. Leverage a no-parsed headers (NPH) CGI script so that we can directly control the HTTP responses to simulate a multitude of good, bad and ugly remote server implementations around auth. Signed-off-by: Matthew John Cheetham <mjcheetham@outlook.com> Signed-off-by: Junio C Hamano <gitster@pobox.com> 2023-02-27 18:20:18 +01:00			`#!/bin/sh`

			`VALID_CREDS_FILE=custom-auth.valid`
			`CHALLENGE_FILE=custom-auth.challenge`

			`#`
			`# If $VALID_CREDS_FILE exists in $HTTPD_ROOT_PATH, consider each line as a valid`
			`# credential for the current request. Each line in the file is considered a`
			`# valid HTTP Authorization header value. For example:`
			`#`
			`# Basic YWxpY2U6c2VjcmV0LXBhc3N3ZA==`
			`#`
			`# If $CHALLENGE_FILE exists in $HTTPD_ROOT_PATH, output the contents as headers`
			`# in a 401 response if no valid authentication credentials were included in the`
			`# request. For example:`
			`#`
			`# WWW-Authenticate: Bearer authorize_uri="id.example.com" p=1 q=0`
			`# WWW-Authenticate: Basic realm="example.com"`
			`#`

			`if test -n "$HTTP_AUTHORIZATION" && \`
			`grep -Fqsx "${HTTP_AUTHORIZATION}" "$VALID_CREDS_FILE"`
			`then`
			`# Note that although git-http-backend returns a status line, it`
			`# does so using a CGI 'Status' header. Because this script is an`
			`# No Parsed Headers (NPH) script, we must return a real HTTP`
			`# status line.`
			`# This is only a test script, so we don't bother to check for`
			`# the actual status from git-http-backend and always return 200.`
			`echo 'HTTP/1.1 200 OK'`
			`exec "$GIT_EXEC_PATH"/git-http-backend`
			`fi`

			`echo 'HTTP/1.1 401 Authorization Required'`
			`if test -f "$CHALLENGE_FILE"`
			`then`
			`cat "$CHALLENGE_FILE"`
			`fi`
			`echo`