29ae2c9e74
We do not test our http proxy functionality at all in the test suite, so this is a pretty big blind spot. Let's at least add a basic check that we can go through an authenticating proxy to perform a clone. A few notes on the implementation: - I'm using a single apache instance to proxy to itself. This seems to work fine in practice, and we can check with a test that this rather unusual setup is doing what we expect. - I've put the proxy tests into their own script, and it's the only one which loads the apache proxy config. If any platform can't handle this (e.g., doesn't have the right modules), the start_httpd step should fail and gracefully skip the rest of the script (but all the other http tests in existing scripts will continue to run). - I used a separate passwd file to make sure we don't ever get confused between proxy and regular auth credentials. It's using the antiquated crypt() format. This is a terrible choice security-wise in the modern age, but it's what our existing passwd file uses, and should be portable. It would probably be reasonable to switch both of these to bcrypt, but we can do that in a separate patch. - On the client side, we test two situations with credentials: when they are present in the url, and when the username is present but we prompt for the password. I think we should be able to handle the case that _neither_ is present, but an HTTP 407 causes us to prompt for them. However, this doesn't seem to work. That's either a bug, or at the very least an opportunity for a feature, but I punted on it for now. The point of this patch is just getting basic coverage, and we can explore possible deficiencies later. - this doesn't work with LIB_HTTPD_SSL. This probably would be valuable to have, as https over an http proxy is totally different (it uses CONNECT to tunnel the session). But adding in mod_proxy_connect and some basic config didn't seem to work for me, so I punted for now. Much of the rest of the test suite does not currently work with LIB_HTTPD_SSL either, so we shouldn't be making anything much worse here. Signed-off-by: Jeff King <peff@peff.net> Signed-off-by: Junio C Hamano <gitster@pobox.com>
42 lines
1.2 KiB
Bash
Executable File
42 lines
1.2 KiB
Bash
Executable File
#!/bin/sh
|
|
|
|
test_description="test fetching through http proxy"
|
|
|
|
. ./test-lib.sh
|
|
. "$TEST_DIRECTORY"/lib-httpd.sh
|
|
|
|
LIB_HTTPD_PROXY=1
|
|
start_httpd
|
|
|
|
test_expect_success 'setup repository' '
|
|
test_commit foo &&
|
|
git init --bare "$HTTPD_DOCUMENT_ROOT_PATH/repo.git" &&
|
|
git push --mirror "$HTTPD_DOCUMENT_ROOT_PATH/repo.git"
|
|
'
|
|
|
|
setup_askpass_helper
|
|
|
|
# sanity check that our test setup is correctly using proxy
|
|
test_expect_success 'proxy requires password' '
|
|
test_config_global http.proxy $HTTPD_DEST &&
|
|
test_must_fail git clone $HTTPD_URL/smart/repo.git 2>err &&
|
|
grep "error.*407" err
|
|
'
|
|
|
|
test_expect_success 'clone through proxy with auth' '
|
|
test_when_finished "rm -rf clone" &&
|
|
test_config_global http.proxy http://proxuser:proxpass@$HTTPD_DEST &&
|
|
GIT_TRACE_CURL=$PWD/trace git clone $HTTPD_URL/smart/repo.git clone &&
|
|
grep -i "Proxy-Authorization: Basic <redacted>" trace
|
|
'
|
|
|
|
test_expect_success 'clone can prompt for proxy password' '
|
|
test_when_finished "rm -rf clone" &&
|
|
test_config_global http.proxy http://proxuser@$HTTPD_DEST &&
|
|
set_askpass nobody proxpass &&
|
|
GIT_TRACE_CURL=$PWD/trace git clone $HTTPD_URL/smart/repo.git clone &&
|
|
expect_askpass pass proxuser
|
|
'
|
|
|
|
test_done
|