Merge branch 'cb/credential-store-ignore-bogus-lines'

With the recent tightening of the code that is used to parse
various parts of a URL for use in the credential subsystem, a
hand-edited credential-store file causes the credential helper to
die, which is a bit too harsh to the users.  Demote the error
behaviour to just ignore and keep using well-formed lines instead.

* cb/credential-store-ignore-bogus-lines:
  credential-store: ignore bogus lines from store file
  credential-store: document the file format a bit more
This commit is contained in:
Junio C Hamano 2020-05-08 14:25:01 -07:00
commit 933fdf8784
3 changed files with 96 additions and 3 deletions

View File

@ -94,6 +94,10 @@ stored on its own line as a URL like:
https://user:pass@example.com https://user:pass@example.com
------------------------------ ------------------------------
No other kinds of lines (e.g. empty lines or comment lines) are
allowed in the file, even though some may be silently ignored. Do
not view or edit the file with editors.
When Git needs authentication for a particular URL context, When Git needs authentication for a particular URL context,
credential-store will consider that context a pattern to match against credential-store will consider that context a pattern to match against
each entry in the credentials file. If the protocol, hostname, and each entry in the credentials file. If the protocol, hostname, and

View File

@ -24,8 +24,8 @@ static int parse_credential_file(const char *fn,
} }
while (strbuf_getline_lf(&line, fh) != EOF) { while (strbuf_getline_lf(&line, fh) != EOF) {
credential_from_url(&entry, line.buf); if (!credential_from_url_gently(&entry, line.buf, 1) &&
if (entry.username && entry.password && entry.username && entry.password &&
credential_match(c, &entry)) { credential_match(c, &entry)) {
found_credential = 1; found_credential = 1;
if (match_cb) { if (match_cb) {

View File

@ -107,7 +107,6 @@ test_expect_success 'store: if both xdg and home files exist, only store in home
test_must_be_empty "$HOME/.config/git/credentials" test_must_be_empty "$HOME/.config/git/credentials"
' '
test_expect_success 'erase: erase matching credentials from both xdg and home files' ' test_expect_success 'erase: erase matching credentials from both xdg and home files' '
echo "https://home-user:home-pass@example.com" >"$HOME/.git-credentials" && echo "https://home-user:home-pass@example.com" >"$HOME/.git-credentials" &&
mkdir -p "$HOME/.config/git" && mkdir -p "$HOME/.config/git" &&
@ -120,4 +119,94 @@ test_expect_success 'erase: erase matching credentials from both xdg and home fi
test_must_be_empty "$HOME/.config/git/credentials" test_must_be_empty "$HOME/.config/git/credentials"
' '
invalid_credential_test() {
test_expect_success "get: ignore credentials without $1 as invalid" '
echo "$2" >"$HOME/.git-credentials" &&
check fill store <<-\EOF
protocol=https
host=example.com
--
protocol=https
host=example.com
username=askpass-username
password=askpass-password
--
askpass: Username for '\''https://example.com'\'':
askpass: Password for '\''https://askpass-username@example.com'\'':
--
EOF
'
}
invalid_credential_test "scheme" ://user:pass@example.com
invalid_credential_test "valid host/path" https://user:pass@
invalid_credential_test "username/password" https://pass@example.com
test_expect_success 'get: credentials with DOS line endings are invalid' '
printf "https://user:pass@example.com\r\n" >"$HOME/.git-credentials" &&
check fill store <<-\EOF
protocol=https
host=example.com
--
protocol=https
host=example.com
username=askpass-username
password=askpass-password
--
askpass: Username for '\''https://example.com'\'':
askpass: Password for '\''https://askpass-username@example.com'\'':
--
EOF
'
test_expect_success 'get: credentials with path and DOS line endings are valid' '
printf "https://user:pass@example.com/repo.git\r\n" >"$HOME/.git-credentials" &&
check fill store <<-\EOF
url=https://example.com/repo.git
--
protocol=https
host=example.com
username=user
password=pass
--
EOF
'
test_expect_success 'get: credentials with DOS line endings are invalid if path is relevant' '
printf "https://user:pass@example.com/repo.git\r\n" >"$HOME/.git-credentials" &&
test_config credential.useHttpPath true &&
check fill store <<-\EOF
url=https://example.com/repo.git
--
protocol=https
host=example.com
path=repo.git
username=askpass-username
password=askpass-password
--
askpass: Username for '\''https://example.com/repo.git'\'':
askpass: Password for '\''https://askpass-username@example.com/repo.git'\'':
--
EOF
'
test_expect_success 'get: store file can contain empty/bogus lines' '
echo "" >"$HOME/.git-credentials" &&
q_to_tab <<-\CREDENTIAL >>"$HOME/.git-credentials" &&
#comment
Q
https://user:pass@example.com
CREDENTIAL
check fill store <<-\EOF
protocol=https
host=example.com
--
protocol=https
host=example.com
username=user
password=pass
--
EOF
'
test_done test_done