tests/online


Log

Author Commit Date CI Message
Edward Thomson 3d11b6c5 2019-03-11T20:36:09 winhttp: support default credentials for proxies We did not properly support default credentials for proxies, only for destination servers. Refactor the credential handling to support sending either username/password _or_ default credentials to either the proxy or the destination server. This actually shares the authentication logic between proxy servers and destination servers. Due to copy/pasta drift over time, they had diverged. Now they share a common logic which is: first, use credentials specified in the URL (if there were any), treating empty username and password (ie, "http://:@foo.com/") as default credentials, for compatibility with git. Next, call the credential callbacks. Finally, fallback to WinHTTP compatibility layers using built-in authentication like we always have. Allowing default credentials for proxies requires moving the security level downgrade into the credential setting routines themselves. We will update our security level to "high" by default which means that we will never send default credentials without prompting. (A lower setting, like the WinHTTP default of "medium" would allow WinHTTP to handle credentials for us, despite what a user may have requested with their structures.) Now we start with "high" and downgrade to "low" only after a user has explicitly requested default credentials.
Edward Thomson 757411a0 2019-03-11T12:56:09 network: don't add arbitrary url rules There's no reason a git repository couldn't be at the root of a server, and URLs should have an implicit path of '/' when one is not specified.
Edward Thomson e66a4eb3 2019-06-05T14:19:14 online tests: use gitlab for auth failures GitHub recently changed their behavior from returning 401s for private or nonexistent repositories on a clone to returning 404s. For our tests that require an auth failure (and 401), move to GitLab to request a missing repository. This lets us continue to test our auth failure case, at least until they decide to mimic that decision.
Erik Aigner 59647e1a 2019-04-08T15:54:25 remote: add callback to resolve URLs before connecting Since libssh2 doesn't read host configuration from the config file, this callback can be used to hand over URL resolving to the client without touching the SSH implementation itself.
Edward Thomson a1ef995d 2019-02-21T10:33:30 indexer: use git_indexer_progress throughout Update internal usage of `git_transfer_progress` to `git_indexer_progreses`.
Edward Thomson f673e232 2018-12-27T13:47:34 git_error: use new names in internal APIs and usage Move to the `git_error` name in the internal API for error-related functions.
Edward Thomson ed8cfbf0 2019-01-17T00:32:31 references: use new names in internal usage Update internal usage to use the `git_reference` names for constants.
Jason Haslam 35d86c77 2019-01-14T10:14:36 proxy: fix crash on remote connection with GIT_PROXY_AUTO but no proxy is detected
Edward Thomson 45054732 2018-10-29T10:45:59 tests: optionally ignore https cert validation For testing, we may wish to use a man-in-the-middle proxy that can inspect the CONNECT traffic to our test endpoints. For this, we will need to accept the proxy's certificate, which will not be valid for the true endpoint. Add a new environment variable, GITTEST_REMOTE_SSL_NOVERIFY to disable https certificate validation for the tests.
Edward Thomson 6ba3e6af 2018-11-18T21:53:48 proxy tests: rename credential callback Rename credential callback to proxy_cred_cb to match new cert callback.
Edward Thomson 394ae7e1 2018-10-22T17:35:35 proxy tests: support self-signed proxy cert Give the proxy tests a proxy certificate callback, and allow self-signed certificates when the `GITTEST_REMOTE_PROXY_SELFSIGNED` environment variable is set (to anything). In that case, simply compare the hostname from the callback to the hostname that we connected to.
Edward Thomson 4ecc14cd 2018-10-21T23:47:53 tests: support optional PROXY_SCHEME As we want to support HTTPS proxies, support an optional `GITTEST_REMOTE_PROXY_SCHEME` environment variable for tests that will allow for HTTPS support. (When unset, the tests default to HTTP proxies.)
Edward Thomson de60d9b4 2018-10-21T21:00:37 tests: PROXY_URL is more accurately PROXY_HOST Change the `GITTEST_REMOTE_PROXY_URL` environment variable to be `GITTEST_REMOTE_PROXY_HOST`, since it is a host:port combination, not an actual URL. (We cannot use a URL here since we may want to include the username:password combination in the constructed URL.)
Edward Thomson e84914fd 2018-09-20T20:11:36 online::clone: free url and username before resetting Before resetting the url and username, ensure that we free them in case they were set by environment variables.
Edward Thomson d285de73 2018-07-20T21:52:24 push tests: deeply free the specs Don't just free the spec vector, also free the specs themselves.
Edward Thomson dad99881 2018-07-20T21:51:36 push tests: deeply free the push status Don't just free the push status structure, actually free the strings that were strdup'd into the struct as well.
Patrick Steinhardt ecf4f33a 2018-02-08T11:14:48 Convert usage of `git_buf_free` to new `git_buf_dispose`
Edward Thomson fd634019 2018-04-16T15:42:35 Merge pull request #4556 from libgit2/ethomson/proxy_pass_in_env online::clone: validate user:pass in HTTP_PROXY
Edward Thomson 54bf4d14 2018-03-20T07:47:27 online tests: update auth for bitbucket test Update the settings to use a specific read-only token for accessing our test repositories in Bitbucket.
Edward Thomson 03c58778 2018-03-19T09:20:35 online::clone: skip creds fallback test At present, we have three online tests against bitbucket: one which specifies the credentials in the payload, one which specifies the correct credentials in the URL and a final one that specifies the incorrect credentials in the URL. Bitbucket has begun responding to the latter test with a 403, which causes us to fail. Break these three tests into separate tests so that we can skip the latter until this is resolved on Bitbucket's end or until we can change the test to a different provider.
Edward Thomson e380eae0 2018-02-28T16:10:53 online::clone: validate user:pass in HTTP_PROXY Validate using the http://user:pass@host/ format in HTTP_PROXY and HTTPS_PROXY environment variables.
Patrick Steinhardt 820fb712 2018-01-18T07:48:28 tests: online::clone: fix memory leak due to not freeing URL
Patrick Steinhardt 54a1bf05 2017-06-07T13:06:53 tests: online::clone: inline creds-test with nonexistent URL Right now, we test our credential callback code twice, once via SSH on localhost and once via a non-existent GitHub repository. While the first URL makes sense to be configurable, it does not make sense to hard-code the non-existing repository, which requires us to call tests multiple times. Instead, we can just inline the URL into another set of tests.
Patrick Steinhardt fea60920 2017-06-07T12:48:48 tests: online::clone: construct credential-URL from environment We support two types of passing credentials to the proxy, either via the URL or explicitly by specifying user and password. We test these types by modifying the proxy URL and executing the tests twice, which is in fact unnecessary and requires us to maintain the list of environment variables and test executions across multiple CI infrastructures. To fix the situation, we can just always pass the host, port, user and password to the tests. The tests can then assemble the complete URL either with or without included credentials, allowing us to test both cases in-process.
Edward Thomson fb585d01 2017-07-31T00:58:58 Merge branch '4233'
Patrick Steinhardt c2c95ad0 2017-04-26T13:16:18 tests: online::clone: use URL of test server All our tests running against a local SSH server usually read the server's URL from environment variables. But online::clone::ssh_cert test fails to do so and instead always connects to "ssh://localhost/foo". This assumption breaks whenever the SSH server is not running on the standard port, e.g. when it is running as a user. Fix the issue by using the URL provided by the environment.
Patrick Steinhardt 9364f274 2017-05-05T09:40:38 remote: test creating and fetching detached remotes
Patrick Steinhardt 34b79391 2017-05-05T09:14:20 tests: online::remotes: add defines for URL and refspec The repository URL is duplicated several times and can be de-duplicated like this. Furthermore, exchange the static refspec variable with a define to reduce BSS size.
Patrick Steinhardt 8897f8fe 2017-05-05T09:47:54 remote: reject various actions for detached remotes There are only few actions which actually make sense for a detached remote, like e.g. `git_remote_ls`, `git_remote_prune`. For all the other actions, we have to report an error when the remote has no repository attached to it. This commit does so and implements some tests.
Patrick Steinhardt a4de1ae3 2017-04-25T10:14:19 cmake: define GIT_HTTPS when HTTPS is supported
Carlos Martín Nieto 2ac57aa8 2017-01-09T17:53:21 https: don't test that RC4 is invalid None of our crypto backends actually reject RC4 as a cipher so don't test for it and instead keep it as something we'd like to do.
Carlos Martín Nieto 3829ba2e 2017-01-09T17:50:17 http: correct the expected error for RC4 We must make sure that we're getting a certificate error from the library so we know that we're testing the right thing.
Carlos Martín Nieto 98d66240 2017-01-06T10:51:31 http: perform 'badssl' check also via certificate callback Make sure that the callbacks do also get a 'valid' value of zero when the certificate we're looking at is in valid and assert that within the test.
Patrick Steinhardt 30a876cd 2016-10-27T11:29:15 tests: fetchhead: fix memory leak
Patrick Steinhardt 1eee631d 2016-08-04T13:45:28 refspec: do not set empty rhs for fetch refspecs According to git-fetch(1), "[t]he colon can be omitted when <dst> is empty." So according to git, the refspec "refs/heads/master" is the same as the refspec "refs/heads/master:" when fetching changes. When trying to fetch from a remote with a trailing colon with libgit2, though, the fetch actually fails while it works when the trailing colon is left out. So obviously, libgit2 does _not_ treat these two refspec formats the same for fetches. The problem results from parsing refspecs, where the resulting refspec has its destination set to an empty string in the case of a trailing colon and to a `NULL` pointer in the case of no trailing colon. When passing this to our DWIM machinery, the empty string gets translated to "refs/heads/", which is simply wrong. Fix the problem by having the parsing machinery treat both cases the same for fetch refspecs.
Edward Thomson 0bd77401 2016-04-21T11:05:21 clone test: annotate unused vars
Carlos Martín Nieto 0d72f67f 2016-03-14T17:36:04 proxy: don't specify the protocol in the type We leave this up to the scheme in the url field. The type should only tell us about whether we want a proxy and whether we want to auto-detect it.
Carlos Martín Nieto b117721d 2015-07-29T21:23:56 proxy: use poxy to test our Windows proxy support
Carlos Martín Nieto 07bd3e57 2015-05-07T12:57:56 proxy: ask the user for credentials if necessary
Dirkjan Bussink c577efbb 2016-03-14T12:41:41 Use general cl_git_fail because the error is generic
Dirkjan Bussink fa72d6da 2016-03-14T12:02:00 Setup better defaults for OpenSSL ciphers This ensures that when using OpenSSL a safe default set of ciphers is selected. This is done so that the client communicates securely and we don't accidentally enable unsafe ciphers like RC4, or even worse some old export ciphers. Implements the first part of https://github.com/libgit2/libgit2/issues/3682
Leo Yang 505e4531 2015-10-30T13:53:53 Fix build for unit test If none of GIT_OPENSSL, GIT_WINHTTP or GIT_SECURE_TRANSPORT is defined we should also be able to build the unit test.
Carlos Martín Nieto 72b7c570 2015-09-30T09:17:18 Merge pull request #3411 from spraints/custom-push-headers Include custom HTTP headers
Carlos Martín Nieto 53a28705 2015-09-27T22:48:39 net: add tests against badssl.com These provide bad X.509 certificates, which we should refuse to connect to by default.
Carlos Martín Nieto dfe2856d 2015-09-18T12:06:55 Fix a couple of warnings
Carlos Martín Nieto 1af5aecb 2015-09-13T05:38:29 push: put the git_oid inline in the test structure These are small pieces of data, so there is no advantage to allocating them separately. Include the two ids inline in the struct we use to check that the expected and actual ids match.
Matt Burke 3245896b 2015-09-10T13:18:26 Add a test for custom header validation Also, *some* custom headers actually are valid.
Matt Burke 4f2b6093 2015-09-08T13:53:41 Tell the git_transport about the custom_headers
Edward Thomson e069c621 2015-07-02T09:25:48 git__getenv: utf-8 aware env reader Introduce `git__getenv` which is a UTF-8 aware `getenv` everywhere. Make `cl_getenv` use this to keep consistent memory handling around return values (free everywhere, as opposed to only some platforms).
Carlos Martín Nieto 352ee171 2015-06-12T12:45:49 clone: set the credentials callback during testing
Carlos Martín Nieto 0f69b41d 2015-06-12T12:25:25 push: pass the callbacks during setup as well We need to pass these options in order to have the credentials callback set.
Carlos Martín Nieto 2c8550f0 2015-05-29T19:38:11 Merge pull request #3157 from mgorny/ssh_memory_auth Support getting SSH keys from memory, pt. 2
Michał Górny 8085adf8 2015-05-27T18:44:40 test: Add a test for in-memory SSH private key cred_cb
Carlos Martín Nieto 7b5ce2e5 2015-05-14T09:33:54 clone: don't rely on auto-saving for single-branch The code used to rely on the clone code calling the remote's save, which does not happen anymore, meaning that the configuration settings the remote expected were not being written to disk. The run-time configuration was still being affected, so the right branch was being cloned. The tests continued to pass as we did not check for the configuration entires. Fix this by creating the remote with the single-branch refspec we want and checking for its existence in the configuration.
Carlos Martín Nieto 77254990 2015-04-23T06:51:34 remote: remove live changing of refspecs The base refspecs changing can be a cause of confusion as to what is the current base refspec set and complicate saving the remote's configuration. Change `git_remote_add_{fetch,push}()` to update the configuration instead of an instance. This finally makes `git_remote_save()` a no-op, it will be removed in a later commit.
Carlos Martín Nieto 35a8a8c5 2015-04-22T17:29:20 remote: move the tagopt setting to the fetch options This is another option which we should not be keeping in the remote, but is specific to each particular operation.
Carlos Martín Nieto 3eff2a57 2015-04-22T16:11:10 remote: move the update_fetchhead setting to the options While this will rarely be different from the default, having it in the remote adds yet another setting it has to keep around and can affect its behaviour. Move it to the options.
Carlos Martín Nieto 058b753c 2015-04-22T15:45:21 remote: move the transport ctor to the callbacks Instead of having it set in a different place from every other callback, put it the main structure. This removes some state from the remote and makes it behave more like clone, where the constructors are passed via the options.
Carlos Martín Nieto 8f0104ec 2015-04-21T22:10:36 Remove the callbacks struct from the remote Having the setting be different from calling its actions was not a great idea and made for the sake of the wrong convenience. Instead of that, accept either fetch options, push options or the callbacks when dealing with the remote. The fetch options are currently only the callbacks, but more options will be moved from setters and getters on the remote to the options. This does mean passing the same struct along the different functions but the typical use-case will only call git_remote_fetch() or git_remote_push() and so won't notice much difference.
Edward Thomson cbe8a61d 2015-05-01T11:28:54 Merge pull request #3059 from libgit2/cmn/negotiation-notify [WIP/RFC] push: report the update plan to the caller
cthomas fc6f044e 2015-04-21T20:02:24 Fix for Issue #3023 tests fail with no network Moved offending tests from network to online so they will get skipped when there is a lack of network connectivity: -test_online_remotes__single_branch -test_online_remotes__restricted_refspecs
Carlos Martín Nieto efc2fec5 2015-04-19T00:55:00 push: report the update plan to the caller It can be useful for the caller to know which update commands will be sent to the server before the packfile is pushed up. git does this via the pre-push hook. We don't have hooks, but as it adds introspection into what is happening, we can add a callback which performs the same function.
Carlos Martín Nieto 29e7ae5d 2015-03-16T19:39:05 Add failing test for cert callback with non-ecrypted stream When we have an HTTP stream and have set the certificatre check callback, we currently fail as we ask the unencrypted stream for its certificate.
Carlos Martín Nieto e5e2c11d 2015-03-13T17:52:07 Put back the number of expected references to 6 from the test repo This was but down to 5 when GitHub made a change to their server which made them stop honouring the include-tag request. This has recently been corrected, so we can bring it back up to six.
Carlos Martín Nieto 412a3808 2015-01-15T15:31:23 push: remove reflog message override We always use "update by push".
Carlos Martín Nieto 659cf202 2015-01-07T12:23:05 Remove the signature from ref-modifying functions The signature for the reflog is not something which changes dynamically. Almost all uses will be NULL, since we want for the repository's default identity to be used, making it noise. In order to allow for changing the identity, we instead provide git_repository_set_ident() and git_repository_ident() which allow a user to override the choice of signature.
Edward Thomson 6c9e86ad 2015-02-14T10:46:41 clone: drop now unnecessary SAFE_CREATE
Carlos Martín Nieto fe794b2e 2014-12-16T08:57:05 remote: remove git_push from the public API Instead we provide git_remote_upload() and git_remote_update_tips() in order to have a parallel API for fetching and pushing.
Carlos Martín Nieto 21083a71 2014-12-06T03:12:04 notes: move the notes name argument Make it consistent between git_note_create() and git_note_remote() by putting it after the repository.
Carlos Martín Nieto 1ca61bdc 2014-11-19T20:53:25 fetch: clear the connection data on close When we fetch twice with the same remote object, we did not properly clear the connection flags, so we would leak state from the last connection. This can cause the second fetch with the same remote object to fail if using a HTTP URL where the server redirects to HTTPS, as the second fetch would see `use_ssl` set and think the initial connection wanted to downgrade the connection.
Edward Thomson 45301cca 2014-11-18T11:44:59 Merge pull request #2608 from libgit2/cmn/remote-push Provide a convenience function `git_remote_push()`
Edward Thomson 7f1b73b7 2014-11-17T17:03:55 Merge pull request #2693 from libgit2/cmn/push-refspec-refactor push: use the common refspec parser
Carlos Martín Nieto aad638f3 2014-11-07T15:00:11 push: use the common refspec parser There is one well-known and well-tested parser which we should use, instead of implementing parsing a second time. The common parser is also augmented to copy the LHS into the RHS if the latter is empty. The expressions test had to change a bit, as we now catch a bad RHS of a refspec locally.
Carlos Martín Nieto 64e3e6d4 2014-10-11T12:25:50 remote: use configured push refspecs if none are given If the user does not pass any refspecs to push, try to use those configured via the configuration or via add_push().
Carlos Martín Nieto 6eb9e39c 2014-10-10T13:35:57 push: move main test function to git_remote_push() We have the step-by-step method in the initialization function as we want to remove references based on the list of references which are already there, and we can use the convenience function for testing the main push.
Carlos Martín Nieto 3149547b 2014-10-10T12:39:53 remote: introduce git_remote_push() This function, similar in style to git_remote_fetch(), performs all the steps required for a push, with a similar interface. The remote callbacks struct has learnt about the push callbacks, letting us set the callbacks a single time instead of setting some in the remote and some in the push operation.
Carlos Martín Nieto 209425ce 2014-11-08T13:25:51 remote: rename _load() to _lookup() This brings it in line with the rest of the lookup functions.
Edward Thomson f54d8d52 2014-10-10T11:28:58 Merge pull request #2574 from csware/hostname-for-certificate_check_cb Provide host name to certificate_check_cb
Sven Strickroth db3d169c 2014-09-24T11:28:45 Add tests for host names Signed-off-by: Sven Strickroth <email@cs-ware.de>
Carlos Martín Nieto 9c206a22 2014-06-06T15:24:53 remote: use active refspec override in the tests This lets us test this bit as well as getting closer to what they were trying to do.
Carlos Martín Nieto 3f894205 2014-06-06T15:01:45 remote: allow overriding the refspecs for download and fetch With opportunistic ref updates, git has introduced the concept of having base refspecs *and* refspecs that are active for a particular fetch. Let's start by letting the user override the refspecs for download.
Sven Strickroth e6e834a1 2014-09-18T12:23:07 Provide host name to certificate_check_cb Signed-off-by: Sven Strickroth <email@cs-ware.de>
Carlos Martín Nieto 52e09724 2014-09-16T17:13:58 ssh: skip the localhost cert check earlier Skip it before we attempt to clone, as we would exit with -1 on systems which do not have sshd running.
Carlos Martín Nieto 1e0aa105 2014-09-16T03:22:09 ssh: expose both hashes The user may have the data hashed as MD5 or SHA-1, so we should provide both types for consumption.
Carlos Martín Nieto 286369a8 2014-09-16T02:27:16 ssh: provide our own types for host key lengths Instead of using the libssh2 defines, provide our own, which eases usage as we do not need to check whether libgit2 was built with libssh2 or not.
Carlos Martín Nieto 0782fc43 2014-09-16T01:47:30 net: use only structs to pass information about cert Instead of spreading the data in function arguments, some of which aren't used for ssh and having a struct only for ssh, use a struct for both, using a common parent to pass to the callback.
Carlos Martín Nieto 0fef3899 2014-09-16T01:25:53 Merge remote-tracking branch 'upstream/master' into cmn/host-cert-info
Carlos Martín Nieto bf8756d6 2014-09-15T21:51:42 ssh: add test for host key Test that the certificate check callback gets the right fingerprint from the host we're connecting to.
Carlos Martín Nieto 08545d36 2014-08-30T00:40:37 winhttp: credential check on successful connect On successful connection, still ask the user whether they accept the server's certificate, indicating that WinHTTP would let it though.
Carlos Martín Nieto 23ca0ad5 2014-08-29T21:25:13 Bring certificate check back to the normal return code Returning 0 lets the certificate check succeed. An error code is bubbled up to the user.
Carlos Martín Nieto 2f5864c5 2014-08-29T21:15:36 ssh: do ssh cert info before asking for credentials We know the host's key as soon as we connect, so we should perform the check as soon as we can, before we bother with the user's credentials.
Carlos Martín Nieto 17491f6e 2014-08-29T17:18:23 transport: always call the certificate check callback We should let the user decide whether to cancel the connection or not regardless of whether our checks have decided that the certificate is fine. We provide our own assessment to the callback to let the user fall back to our checks if they so desire.
Carlos Martín Nieto 85acc562 2014-08-29T17:07:07 remote: add tests for the certificate callback
Carlos Martín Nieto 9b940586 2014-07-04T12:45:43 Provide a callback for certificate validation If the certificate validation fails (or always in the case of ssh), let the user decide whether to allow the connection. The data structure passed to the user is the native certificate information from the underlying implementation, namely OpenSSL or WinHTTP.
Vicent Marti a7fcac13 2014-09-15T20:26:12 Merge pull request #2554 from linquize/fetch-head-tag When auto follow tags, FETCH_HEAD should list only newly followed tags
Linquize d908351a 2014-09-05T22:31:53 When auto follow tags, FETCH_HEAD should list only newly followed tags
Vicent Marti 0ac9f9a0 2014-09-03T00:13:23 Merge pull request #2545 from linquize/no-ssh Skip SSH clone tests if libgit2 not built with GIT_SSH defined
Linquize fe3b6789 2014-09-01T19:18:20 Skip SSH clone tests if libgit2 not built with GIT_SSH defined
Linquize aff70018 2014-08-31T22:43:53 MSVC does not support zero size array
nulltoken f0c53d21 2014-08-27T10:28:46 winhttp: Prevent swallowing of url parsing error