#!/bin/sh : ${HTTP_PROTO:=HTTP/1.1} test_description="test smart fetching over http via http-backend ($HTTP_PROTO)" GIT_TEST_DEFAULT_INITIAL_BRANCH_NAME=main export GIT_TEST_DEFAULT_INITIAL_BRANCH_NAME . ./test-lib.sh . "$TEST_DIRECTORY"/lib-httpd.sh test "$HTTP_PROTO" = "HTTP/2" && enable_http2 start_httpd test_expect_success HTTP2 'enable client-side http/2' ' git config --global http.version HTTP/2 ' test_expect_success 'setup repository' ' git config push.default matching && echo content >file && git add file && git commit -m one ' test_expect_success 'create http-accessible bare repository' ' mkdir "$HTTPD_DOCUMENT_ROOT_PATH/repo.git" && (cd "$HTTPD_DOCUMENT_ROOT_PATH/repo.git" && git --bare init ) && git remote add public "$HTTPD_DOCUMENT_ROOT_PATH/repo.git" && git push public main:main ' setup_askpass_helper test_expect_success 'clone http repository' ' cat >exp.raw <<-EOF && > GET /smart/repo.git/info/refs?service=git-upload-pack HTTP/1.1 > accept: */* > accept-encoding: ENCODINGS > accept-language: ko-KR, *;q=0.9 > pragma: no-cache {V2} > git-protocol: version=2 < $HTTP_PROTO 200 OK < pragma: no-cache < cache-control: no-cache, max-age=0, must-revalidate < content-type: application/x-git-upload-pack-advertisement > POST /smart/repo.git/git-upload-pack HTTP/1.1 > accept-encoding: ENCODINGS > content-type: application/x-git-upload-pack-request > accept: application/x-git-upload-pack-result > accept-language: ko-KR, *;q=0.9 {V2} > git-protocol: version=2 > content-length: xxx < HTTP/1.1 200 OK < pragma: no-cache < cache-control: no-cache, max-age=0, must-revalidate < content-type: application/x-git-upload-pack-result {V2} > POST /smart/repo.git/git-upload-pack HTTP/1.1 {V2} > accept-encoding: ENCODINGS {V2} > content-type: application/x-git-upload-pack-request {V2} > accept: application/x-git-upload-pack-result {V2} > accept-language: ko-KR, *;q=0.9 {V2} > git-protocol: version=2 {V2} > content-length: xxx {V2} < HTTP/1.1 200 OK {V2} < pragma: no-cache {V2} < cache-control: no-cache, max-age=0, must-revalidate {V2} < content-type: application/x-git-upload-pack-result EOF if test "$GIT_TEST_PROTOCOL_VERSION" = 0 then sed "/^{V2}/d" exp else sed "s/^{V2} //" exp fi && GIT_TRACE_CURL=true LANGUAGE="ko_KR.UTF-8" \ git clone --quiet $HTTPD_URL/smart/repo.git clone 2>err && test_cmp file clone/file && tr '\''\015'\'' Q Send header, /d /^=> Send header:$/d /^<= Recv header, /d /^<= Recv header:$/d s/=> Send header: // s/= Recv header:// /^<= Recv data/d /^=> Send data/d /^$/d /^< $/d /^[^><]/{ s/^/> / } /^< HTTP/ { s/200$/200 OK/ } /^< HTTP\\/1.1 101/d /^[><] connection: /d /^[><] upgrade: /d /^> http2-settings: /d /^> user-agent: /d /^> host: /d /^> POST /,$ { /^> Accept: [*]\\/[*]/d } s/^> content-length: .*/> content-length: xxx/ /^> 00..want /d /^> 00.*done/d /^< server: /d /^< expires: /d /^< date: /d /^< content-length: /d /^< transfer-encoding: /d " >actual && sed -e "s/^> accept-encoding: .*/> accept-encoding: ENCODINGS/" \ actual >actual.smudged && test_cmp exp actual.smudged && grep "accept-encoding:.*gzip" actual >actual.gzip ' test_expect_success 'fetch changes via http' ' echo content >>file && git commit -a -m two && git push public && (cd clone && git pull) && test_cmp file clone/file ' test_expect_success 'used upload-pack service' ' strip_access_log >log && grep "GET /smart/repo.git/info/refs?service=git-upload-pack HTTP/[0-9.]* 200" log && grep "POST /smart/repo.git/git-upload-pack HTTP/[0-9.]* 200" log ' test_expect_success 'follow redirects (301)' ' git clone $HTTPD_URL/smart-redir-perm/repo.git --quiet repo-p ' test_expect_success 'follow redirects (302)' ' git clone $HTTPD_URL/smart-redir-temp/repo.git --quiet repo-t ' test_expect_success 'redirects re-root further requests' ' git clone $HTTPD_URL/smart-redir-limited/repo.git repo-redir-limited ' test_expect_success 're-rooting dies on insane schemes' ' test_must_fail git clone $HTTPD_URL/insane-redir/repo.git insane ' test_expect_success 'clone from password-protected repository' ' echo two >expect && set_askpass user@host pass@host && git clone --bare "$HTTPD_URL/auth/smart/repo.git" smart-auth && expect_askpass both user@host && git --git-dir=smart-auth log -1 --format=%s >actual && test_cmp expect actual ' test_expect_success 'clone from auth-only-for-push repository' ' echo two >expect && set_askpass wrong && git clone --bare "$HTTPD_URL/auth-push/smart/repo.git" smart-noauth && expect_askpass none && git --git-dir=smart-noauth log -1 --format=%s >actual && test_cmp expect actual ' test_expect_success 'clone from auth-only-for-objects repository' ' echo two >expect && set_askpass user@host pass@host && git clone --bare "$HTTPD_URL/auth-fetch/smart/repo.git" half-auth && expect_askpass both user@host && git --git-dir=half-auth log -1 --format=%s >actual && test_cmp expect actual ' test_expect_success 'no-op half-auth fetch does not require a password' ' set_askpass wrong && # NEEDSWORK: When using HTTP(S), protocol v0 supports a "half-auth" # configuration with authentication required only when downloading # objects and not refs, by having the HTTP server only require # authentication for the "git-upload-pack" path and not "info/refs". # This is not possible with protocol v2, since both objects and refs # are obtained from the "git-upload-pack" path. A solution to this is # to teach the server and client to be able to inline ls-refs requests # as an Extra Parameter (see "git help gitformat-pack-protocol"), so that # "info/refs" can serve refs, just like it does in protocol v0. GIT_TEST_PROTOCOL_VERSION=0 git --git-dir=half-auth fetch && expect_askpass none ' test_expect_success 'redirects send auth to new location' ' set_askpass user@host pass@host && git -c credential.useHttpPath=true \ clone $HTTPD_URL/smart-redir-auth/repo.git repo-redir-auth && expect_askpass both user@host auth/smart/repo.git ' test_expect_success 'GIT_TRACE_CURL redacts auth details' ' rm -rf redact-auth trace && set_askpass user@host pass@host && GIT_TRACE_CURL="$(pwd)/trace" git clone --bare "$HTTPD_URL/auth/smart/repo.git" redact-auth && expect_askpass both user@host && # Ensure that there is no "Basic" followed by a base64 string, but that # the auth details are redacted ! grep -i "Authorization: Basic [0-9a-zA-Z+/]" trace && grep -i "Authorization: Basic " trace ' test_expect_success 'GIT_CURL_VERBOSE redacts auth details' ' rm -rf redact-auth trace && set_askpass user@host pass@host && GIT_CURL_VERBOSE=1 git clone --bare "$HTTPD_URL/auth/smart/repo.git" redact-auth 2>trace && expect_askpass both user@host && # Ensure that there is no "Basic" followed by a base64 string, but that # the auth details are redacted ! grep -i "Authorization: Basic [0-9a-zA-Z+/]" trace && grep -i "Authorization: Basic " trace ' test_expect_success 'GIT_TRACE_CURL does not redact auth details if GIT_TRACE_REDACT=0' ' rm -rf redact-auth trace && set_askpass user@host pass@host && GIT_TRACE_REDACT=0 GIT_TRACE_CURL="$(pwd)/trace" \ git clone --bare "$HTTPD_URL/auth/smart/repo.git" redact-auth && expect_askpass both user@host && grep -i "Authorization: Basic [0-9a-zA-Z+/]" trace ' test_expect_success 'disable dumb http on server' ' git --git-dir="$HTTPD_DOCUMENT_ROOT_PATH/repo.git" \ config http.getanyfile false ' test_expect_success 'GIT_SMART_HTTP can disable smart http' ' (GIT_SMART_HTTP=0 && export GIT_SMART_HTTP && cd clone && test_must_fail git fetch) ' test_expect_success 'invalid Content-Type rejected' ' test_must_fail git clone $HTTPD_URL/broken_smart/repo.git 2>actual && test_i18ngrep "not valid:" actual ' test_expect_success 'create namespaced refs' ' test_commit namespaced && git push public HEAD:refs/namespaces/ns/refs/heads/main && git --git-dir="$HTTPD_DOCUMENT_ROOT_PATH/repo.git" \ symbolic-ref refs/namespaces/ns/HEAD refs/namespaces/ns/refs/heads/main ' test_expect_success 'smart clone respects namespace' ' git clone "$HTTPD_URL/smart_namespace/repo.git" ns-smart && echo namespaced >expect && git --git-dir=ns-smart/.git log -1 --format=%s >actual && test_cmp expect actual ' test_expect_success 'dumb clone via http-backend respects namespace' ' git --git-dir="$HTTPD_DOCUMENT_ROOT_PATH/repo.git" \ config http.getanyfile true && GIT_SMART_HTTP=0 git clone \ "$HTTPD_URL/smart_namespace/repo.git" ns-dumb && echo namespaced >expect && git --git-dir=ns-dumb/.git log -1 --format=%s >actual && test_cmp expect actual ' test_expect_success 'cookies stored in http.cookiefile when http.savecookies set' ' cat >cookies.txt <<-\EOF && 127.0.0.1 FALSE /smart_cookies/ FALSE 0 othername othervalue EOF sort >expect_cookies.txt <<-\EOF && 127.0.0.1 FALSE /smart_cookies/ FALSE 0 othername othervalue 127.0.0.1 FALSE /smart_cookies/repo.git/ FALSE 0 name value 127.0.0.1 FALSE /smart_cookies/repo.git/info/ FALSE 0 name value EOF git config http.cookiefile cookies.txt && git config http.savecookies true && test_when_finished " git --git-dir=\"\$HTTPD_DOCUMENT_ROOT_PATH/repo.git\" \ tag -d cookie-tag " && git --git-dir="$HTTPD_DOCUMENT_ROOT_PATH/repo.git" \ tag -m "foo" cookie-tag && git fetch $HTTPD_URL/smart_cookies/repo.git cookie-tag && grep "^[^#]" cookies.txt | sort >cookies_stripped.txt && test_cmp expect_cookies.txt cookies_stripped.txt ' test_expect_success 'transfer.hiderefs works over smart-http' ' test_commit hidden && test_commit visible && git push public HEAD^:refs/heads/a HEAD:refs/heads/b && git --git-dir="$HTTPD_DOCUMENT_ROOT_PATH/repo.git" \ config transfer.hiderefs refs/heads/a && git clone --bare "$HTTPD_URL/smart/repo.git" hidden.git && test_must_fail git -C hidden.git rev-parse --verify a && git -C hidden.git rev-parse --verify b ' # create an arbitrary number of tags, numbered from tag-$1 to tag-$2 create_tags () { rm -f marks && for i in $(test_seq "$1" "$2") do # don't use here-doc, because it requires a process # per loop iteration echo "commit refs/heads/too-many-refs-$1" && echo "mark :$i" && echo "committer git $i +0000" && echo "data 0" && echo "M 644 inline bla.txt" && echo "data 4" && echo "bla" && # make every commit dangling by always # rewinding the branch after each commit echo "reset refs/heads/too-many-refs-$1" && echo "from :$1" done | git fast-import --export-marks=marks && # now assign tags to all the dangling commits we created above tag=$(perl -e "print \"bla\" x 30") && sed -e "s|^:\([^ ]*\) \(.*\)$|\2 refs/tags/$tag-\1|" >packed-refs } test_expect_success 'create 2,000 tags in the repo' ' ( cd "$HTTPD_DOCUMENT_ROOT_PATH/repo.git" && create_tags 1 2000 ) ' test_expect_success CMDLINE_LIMIT \ 'clone the 2,000 tag repo to check OS command line overflow' ' run_with_limited_cmdline git clone $HTTPD_URL/smart/repo.git too-many-refs && ( cd too-many-refs && git for-each-ref refs/tags >actual && test_line_count = 2000 actual ) ' test_expect_success 'large fetch-pack requests can be sent using chunked encoding' ' GIT_TRACE_CURL=true git -c http.postbuffer=65536 \ clone --bare "$HTTPD_URL/smart/repo.git" split.git 2>err && { test_have_prereq HTTP2 || grep "^=> Send header: Transfer-Encoding: chunked" err } ' test_expect_success 'test allowreachablesha1inwant' ' test_when_finished "rm -rf test_reachable.git" && server="$HTTPD_DOCUMENT_ROOT_PATH/repo.git" && main_sha=$(git -C "$server" rev-parse refs/heads/main) && git -C "$server" config uploadpack.allowreachablesha1inwant 1 && git init --bare test_reachable.git && git -C test_reachable.git remote add origin "$HTTPD_URL/smart/repo.git" && git -C test_reachable.git fetch origin "$main_sha" ' test_expect_success 'test allowreachablesha1inwant with unreachable' ' test_when_finished "rm -rf test_reachable.git; git reset --hard $(git rev-parse HEAD)" && #create unreachable sha echo content >file2 && git add file2 && git commit -m two && git push public HEAD:refs/heads/doomed && git push public :refs/heads/doomed && server="$HTTPD_DOCUMENT_ROOT_PATH/repo.git" && main_sha=$(git -C "$server" rev-parse refs/heads/main) && git -C "$server" config uploadpack.allowreachablesha1inwant 1 && git init --bare test_reachable.git && git -C test_reachable.git remote add origin "$HTTPD_URL/smart/repo.git" && # Some protocol versions (e.g. 2) support fetching # unadvertised objects, so restrict this test to v0. test_must_fail env GIT_TEST_PROTOCOL_VERSION=0 \ git -C test_reachable.git fetch origin "$(git rev-parse HEAD)" ' test_expect_success 'test allowanysha1inwant with unreachable' ' test_when_finished "rm -rf test_reachable.git; git reset --hard $(git rev-parse HEAD)" && #create unreachable sha echo content >file2 && git add file2 && git commit -m two && git push public HEAD:refs/heads/doomed && git push public :refs/heads/doomed && server="$HTTPD_DOCUMENT_ROOT_PATH/repo.git" && main_sha=$(git -C "$server" rev-parse refs/heads/main) && git -C "$server" config uploadpack.allowreachablesha1inwant 1 && git init --bare test_reachable.git && git -C test_reachable.git remote add origin "$HTTPD_URL/smart/repo.git" && # Some protocol versions (e.g. 2) support fetching # unadvertised objects, so restrict this test to v0. test_must_fail env GIT_TEST_PROTOCOL_VERSION=0 \ git -C test_reachable.git fetch origin "$(git rev-parse HEAD)" && git -C "$server" config uploadpack.allowanysha1inwant 1 && git -C test_reachable.git fetch origin "$(git rev-parse HEAD)" ' test_expect_success EXPENSIVE 'http can handle enormous ref negotiation' ' ( cd "$HTTPD_DOCUMENT_ROOT_PATH/repo.git" && create_tags 2001 50000 ) && git -C too-many-refs fetch -q --tags && ( cd "$HTTPD_DOCUMENT_ROOT_PATH/repo.git" && create_tags 50001 100000 ) && git -C too-many-refs fetch -q --tags && git -C too-many-refs for-each-ref refs/tags >tags && test_line_count = 100000 tags ' test_expect_success 'custom http headers' ' test_must_fail git -c http.extraheader="x-magic-two: cadabra" \ fetch "$HTTPD_URL/smart_headers/repo.git" && git -c http.extraheader="x-magic-one: abra" \ -c http.extraheader="x-magic-two: cadabra" \ fetch "$HTTPD_URL/smart_headers/repo.git" && git update-index --add --cacheinfo 160000,$(git rev-parse HEAD),sub && git config -f .gitmodules submodule.sub.path sub && git config -f .gitmodules submodule.sub.url \ "$HTTPD_URL/smart_headers/repo.git" && git submodule init sub && test_must_fail git submodule update sub && git -c http.extraheader="x-magic-one: abra" \ -c http.extraheader="x-magic-two: cadabra" \ submodule update sub ' test_expect_success 'using fetch command in remote-curl updates refs' ' SERVER="$HTTPD_DOCUMENT_ROOT_PATH/twobranch" && rm -rf "$SERVER" client && git init "$SERVER" && test_commit -C "$SERVER" foo && git -C "$SERVER" update-ref refs/heads/anotherbranch foo && git clone $HTTPD_URL/smart/twobranch client && test_commit -C "$SERVER" bar && git -C client -c protocol.version=0 fetch && git -C "$SERVER" rev-parse main >expect && git -C client rev-parse origin/main >actual && test_cmp expect actual ' test_expect_success 'fetch by SHA-1 without tag following' ' SERVER="$HTTPD_DOCUMENT_ROOT_PATH/server" && rm -rf "$SERVER" client && git init "$SERVER" && test_commit -C "$SERVER" foo && git clone $HTTPD_URL/smart/server client && test_commit -C "$SERVER" bar && git -C "$SERVER" rev-parse bar >bar_hash && git -C client -c protocol.version=0 fetch \ --no-tags origin $(cat bar_hash) ' test_expect_success 'cookies are redacted by default' ' rm -rf clone && echo "Set-Cookie: Foo=1" >cookies && echo "Set-Cookie: Bar=2" >>cookies && GIT_TRACE_CURL=true \ git -c "http.cookieFile=$(pwd)/cookies" clone \ $HTTPD_URL/smart/repo.git clone 2>err && grep -i "Cookie:.*Foo=" err && grep -i "Cookie:.*Bar=" err && ! grep -i "Cookie:.*Foo=1" err && ! grep -i "Cookie:.*Bar=2" err ' test_expect_success 'empty values of cookies are also redacted' ' rm -rf clone && echo "Set-Cookie: Foo=" >cookies && GIT_TRACE_CURL=true \ git -c "http.cookieFile=$(pwd)/cookies" clone \ $HTTPD_URL/smart/repo.git clone 2>err && grep -i "Cookie:.*Foo=" err ' test_expect_success 'GIT_TRACE_REDACT=0 disables cookie redaction' ' rm -rf clone && echo "Set-Cookie: Foo=1" >cookies && echo "Set-Cookie: Bar=2" >>cookies && GIT_TRACE_REDACT=0 GIT_TRACE_CURL=true \ git -c "http.cookieFile=$(pwd)/cookies" clone \ $HTTPD_URL/smart/repo.git clone 2>err && grep -i "Cookie:.*Foo=1" err && grep -i "Cookie:.*Bar=2" err ' test_expect_success 'GIT_TRACE_CURL_NO_DATA prevents data from being traced' ' rm -rf clone && GIT_TRACE_CURL=true \ git clone $HTTPD_URL/smart/repo.git clone 2>err && grep "=> Send data" err && rm -rf clone && GIT_TRACE_CURL=true GIT_TRACE_CURL_NO_DATA=1 \ git clone $HTTPD_URL/smart/repo.git clone 2>err && ! grep "=> Send data" err ' test_expect_success 'server-side error detected' ' test_must_fail git clone $HTTPD_URL/error_smart/repo.git 2>actual && test_i18ngrep "server-side error" actual ' test_expect_success 'http auth remembers successful credentials' ' rm -f .git-credentials && test_config credential.helper store && # the first request prompts the user... set_askpass user@host pass@host && git ls-remote "$HTTPD_URL/auth/smart/repo.git" >/dev/null && expect_askpass both user@host && # ...and the second one uses the stored value rather than # prompting the user. set_askpass bogus-user bogus-pass && git ls-remote "$HTTPD_URL/auth/smart/repo.git" >/dev/null && expect_askpass none ' test_expect_success 'http auth forgets bogus credentials' ' # seed credential store with bogus values. In real life, # this would probably come from a password which worked # for a previous request. rm -f .git-credentials && test_config credential.helper store && { echo "url=$HTTPD_URL" && echo "username=bogus" && echo "password=bogus" } | git credential approve && # we expect this to use the bogus values and fail, never even # prompting the user... set_askpass user@host pass@host && test_must_fail git ls-remote "$HTTPD_URL/auth/smart/repo.git" >/dev/null && expect_askpass none && # ...but now we should have forgotten the bad value, causing # us to prompt the user again. set_askpass user@host pass@host && git ls-remote "$HTTPD_URL/auth/smart/repo.git" >/dev/null && expect_askpass both user@host ' test_expect_success 'client falls back from v2 to v0 to match server' ' GIT_TRACE_PACKET=$PWD/trace \ GIT_TEST_PROTOCOL_VERSION=2 \ git clone $HTTPD_URL/smart_v0/repo.git repo-v0 && # check for v0; there the HEAD symref is communicated in the capability # line; v2 uses a different syntax on each ref advertisement line grep symref=HEAD:refs/heads/ trace ' test_expect_success 'passing hostname resolution information works' ' BOGUS_HOST=gitbogusexamplehost.invalid && BOGUS_HTTPD_URL=$HTTPD_PROTO://$BOGUS_HOST:$LIB_HTTPD_PORT && test_must_fail git ls-remote "$BOGUS_HTTPD_URL/smart/repo.git" >/dev/null && git -c "http.curloptResolve=$BOGUS_HOST:$LIB_HTTPD_PORT:127.0.0.1" ls-remote "$BOGUS_HTTPD_URL/smart/repo.git" >/dev/null ' # here user%40host is the URL-encoded version of user@host, # which is our intentionally-odd username to catch parsing errors url_user=$HTTPD_URL_USER/auth/smart/repo.git url_userpass=$HTTPD_URL_USER_PASS/auth/smart/repo.git url_userblank=$HTTPD_PROTO://user%40host:@$HTTPD_DEST/auth/smart/repo.git message="URL .*:@.* uses plaintext credentials" test_expect_success 'clone warns or fails when using username:password' ' test_when_finished "rm -rf attempt*" && git -c transfer.credentialsInUrl=allow \ clone $url_userpass attempt1 2>err && ! grep "$message" err && git -c transfer.credentialsInUrl=warn \ clone $url_userpass attempt2 2>err && grep "warning: $message" err >warnings && test_line_count -ge 1 warnings && test_must_fail git -c transfer.credentialsInUrl=die \ clone $url_userpass attempt3 2>err && grep "fatal: $message" err >warnings && test_line_count -ge 1 warnings && test_must_fail git -c transfer.credentialsInUrl=die \ clone $url_userblank attempt4 2>err && grep "fatal: $message" err >warnings && test_line_count -ge 1 warnings ' test_expect_success 'clone does not detect username:password when it is https://username@domain:port/' ' test_when_finished "rm -rf attempt1" && # we are relying on lib-httpd for url construction, so document our # assumptions case "$HTTPD_URL_USER" in *:[0-9]*) : ok ;; *) BUG "httpd url does not have port: $HTTPD_URL_USER" esac && git -c transfer.credentialsInUrl=warn clone $url_user attempt1 2>err && ! grep "uses plaintext credentials" err ' test_expect_success 'fetch warns or fails when using username:password' ' git -c transfer.credentialsInUrl=allow fetch $url_userpass 2>err && ! grep "$message" err && git -c transfer.credentialsInUrl=warn fetch $url_userpass 2>err && grep "warning: $message" err >warnings && test_line_count -ge 1 warnings && test_must_fail git -c transfer.credentialsInUrl=die \ fetch $url_userpass 2>err && grep "fatal: $message" err >warnings && test_line_count -ge 1 warnings && test_must_fail git -c transfer.credentialsInUrl=die \ fetch $url_userblank 2>err && grep "fatal: $message" err >warnings && test_line_count -ge 1 warnings ' test_expect_success 'push warns or fails when using username:password' ' git -c transfer.credentialsInUrl=allow push $url_userpass 2>err && ! grep "$message" err && git -c transfer.credentialsInUrl=warn push $url_userpass 2>err && grep "warning: $message" err >warnings && test_must_fail git -c transfer.credentialsInUrl=die \ push $url_userpass 2>err && grep "fatal: $message" err >warnings && test_line_count -ge 1 warnings ' test_expect_success 'no empty path components' ' # In the URL, add a trailing slash, and see if git appends yet another # slash. git clone $HTTPD_URL/smart/repo.git/ clone-with-slash && strip_access_log >log && ! grep "//" log ' test_done