|
46228d86
|
2020-02-06T11:10:27
|
|
transports: http: fix custom headers not being applied
In commit b9c5b15a7 (http: use the new httpclient, 2019-12-22), the HTTP
code got refactored to extract a generic HTTP client that operates
independently of the Git protocol. Part of refactoring was the creation
of a new `git_http_request` struct that encapsulates the generation of
requests. Our Git-specific HTTP transport was converted to use that in
`generate_request`, but during the process we forgot to set up custom
headers for the `git_http_request` and as a result we do not send out
these headers anymore.
Fix the issue by correctly setting up the request's custom headers and
add a test to verify we correctly send them.
|
|
3f54ba8b
|
2020-01-18T13:51:40
|
|
credential: change git_cred to git_credential
We avoid abbreviations where possible; rename git_cred to
git_credential.
In addition, we have standardized on a trailing `_t` for enum types,
instead of using "type" in the name. So `git_credtype_t` has become
`git_credential_t` and its members have become `GIT_CREDENTIAL` instead
of `GIT_CREDTYPE`.
Finally, the source and header files have been renamed to `credential`
instead of `cred`.
Keep previous name and values as deprecated, and include the new header
files from the previous ones.
|
|
bf55facf
|
2019-10-25T12:24:34
|
|
tests: allow users to use expect/continue
|
|
fe4efe2e
|
2019-12-03T10:17:30
|
|
tests: test that clone returns 4321
This conditional was backwards. We should instead test that clone
returns 4321, not that 4321 returns clone.
|
|
0005c77a
|
2019-11-24T15:49:49
|
|
test: add an azure repos test
We currently talk to Azure Repos for executing an online test
(online::clone::path_whitespace). Add a simpler test to talk to Azure
Repos to make it obvious that strange test failures are not likely the
whitespace in the path, but actually a function of talking to Azure
Repos itself.
|
|
62b80138
|
2019-08-13T09:10:10
|
|
clone: Remove whitespace ssh test
Will add later when infrastructure is configured
|
|
b15e7f2d
|
2019-08-12T09:56:51
|
|
clone: Update whitespace test url
|
|
42ea2f95
|
2019-07-25T13:15:10
|
|
clone: whitespace in url ssh test
|
|
1748f92c
|
2019-07-24T16:36:45
|
|
clone: whitespace in url test
|
|
e54343a4
|
2019-06-29T09:17:32
|
|
fileops: rename to "futils.h" to match function signatures
Our file utils functions all have a "futils" prefix, e.g.
`git_futils_touch`. One would thus naturally guess that their
definitions and implementation would live in files "futils.h" and
"futils.c", respectively, but in fact they live in "fileops.h".
Rename the files to match expectations.
|
|
3d11b6c5
|
2019-03-11T20:36:09
|
|
winhttp: support default credentials for proxies
We did not properly support default credentials for proxies, only for
destination servers. Refactor the credential handling to support sending
either username/password _or_ default credentials to either the proxy or
the destination server.
This actually shares the authentication logic between proxy servers and
destination servers. Due to copy/pasta drift over time, they had
diverged. Now they share a common logic which is: first, use
credentials specified in the URL (if there were any), treating empty
username and password (ie, "http://:@foo.com/") as default credentials,
for compatibility with git. Next, call the credential callbacks.
Finally, fallback to WinHTTP compatibility layers using built-in
authentication like we always have.
Allowing default credentials for proxies requires moving the security
level downgrade into the credential setting routines themselves.
We will update our security level to "high" by default which means that
we will never send default credentials without prompting. (A lower
setting, like the WinHTTP default of "medium" would allow WinHTTP to
handle credentials for us, despite what a user may have requested with
their structures.) Now we start with "high" and downgrade to "low" only
after a user has explicitly requested default credentials.
|
|
757411a0
|
2019-03-11T12:56:09
|
|
network: don't add arbitrary url rules
There's no reason a git repository couldn't be at the root of a server,
and URLs should have an implicit path of '/' when one is not specified.
|
|
e66a4eb3
|
2019-06-05T14:19:14
|
|
online tests: use gitlab for auth failures
GitHub recently changed their behavior from returning 401s for private
or nonexistent repositories on a clone to returning 404s. For our tests
that require an auth failure (and 401), move to GitLab to request a
missing repository. This lets us continue to test our auth failure
case, at least until they decide to mimic that decision.
|
|
a1ef995d
|
2019-02-21T10:33:30
|
|
indexer: use git_indexer_progress throughout
Update internal usage of `git_transfer_progress` to
`git_indexer_progreses`.
|
|
f673e232
|
2018-12-27T13:47:34
|
|
git_error: use new names in internal APIs and usage
Move to the `git_error` name in the internal API for error-related
functions.
|
|
ed8cfbf0
|
2019-01-17T00:32:31
|
|
references: use new names in internal usage
Update internal usage to use the `git_reference` names for constants.
|
|
35d86c77
|
2019-01-14T10:14:36
|
|
proxy: fix crash on remote connection with GIT_PROXY_AUTO but no proxy is detected
|
|
45054732
|
2018-10-29T10:45:59
|
|
tests: optionally ignore https cert validation
For testing, we may wish to use a man-in-the-middle proxy that can
inspect the CONNECT traffic to our test endpoints. For this, we will
need to accept the proxy's certificate, which will not be valid for the
true endpoint.
Add a new environment variable, GITTEST_REMOTE_SSL_NOVERIFY to disable
https certificate validation for the tests.
|
|
6ba3e6af
|
2018-11-18T21:53:48
|
|
proxy tests: rename credential callback
Rename credential callback to proxy_cred_cb to match new cert callback.
|
|
394ae7e1
|
2018-10-22T17:35:35
|
|
proxy tests: support self-signed proxy cert
Give the proxy tests a proxy certificate callback, and allow self-signed
certificates when the `GITTEST_REMOTE_PROXY_SELFSIGNED` environment
variable is set (to anything). In that case, simply compare the hostname
from the callback to the hostname that we connected to.
|
|
4ecc14cd
|
2018-10-21T23:47:53
|
|
tests: support optional PROXY_SCHEME
As we want to support HTTPS proxies, support an optional
`GITTEST_REMOTE_PROXY_SCHEME` environment variable for tests that will
allow for HTTPS support. (When unset, the tests default to HTTP
proxies.)
|
|
de60d9b4
|
2018-10-21T21:00:37
|
|
tests: PROXY_URL is more accurately PROXY_HOST
Change the `GITTEST_REMOTE_PROXY_URL` environment variable to be
`GITTEST_REMOTE_PROXY_HOST`, since it is a host:port combination, not an
actual URL. (We cannot use a URL here since we may want to include the
username:password combination in the constructed URL.)
|
|
e84914fd
|
2018-09-20T20:11:36
|
|
online::clone: free url and username before resetting
Before resetting the url and username, ensure that we free them in case
they were set by environment variables.
|
|
ecf4f33a
|
2018-02-08T11:14:48
|
|
Convert usage of `git_buf_free` to new `git_buf_dispose`
|
|
fd634019
|
2018-04-16T15:42:35
|
|
Merge pull request #4556 from libgit2/ethomson/proxy_pass_in_env
online::clone: validate user:pass in HTTP_PROXY
|
|
54bf4d14
|
2018-03-20T07:47:27
|
|
online tests: update auth for bitbucket test
Update the settings to use a specific read-only token for accessing our
test repositories in Bitbucket.
|
|
03c58778
|
2018-03-19T09:20:35
|
|
online::clone: skip creds fallback test
At present, we have three online tests against bitbucket: one which
specifies the credentials in the payload, one which specifies the
correct credentials in the URL and a final one that specifies the
incorrect credentials in the URL. Bitbucket has begun responding to the
latter test with a 403, which causes us to fail.
Break these three tests into separate tests so that we can skip the
latter until this is resolved on Bitbucket's end or until we can change
the test to a different provider.
|
|
e380eae0
|
2018-02-28T16:10:53
|
|
online::clone: validate user:pass in HTTP_PROXY
Validate using the http://user:pass@host/ format in HTTP_PROXY and
HTTPS_PROXY environment variables.
|
|
820fb712
|
2018-01-18T07:48:28
|
|
tests: online::clone: fix memory leak due to not freeing URL
|
|
54a1bf05
|
2017-06-07T13:06:53
|
|
tests: online::clone: inline creds-test with nonexistent URL
Right now, we test our credential callback code twice, once via SSH on
localhost and once via a non-existent GitHub repository. While the first
URL makes sense to be configurable, it does not make sense to hard-code
the non-existing repository, which requires us to call tests multiple
times. Instead, we can just inline the URL into another set of tests.
|
|
fea60920
|
2017-06-07T12:48:48
|
|
tests: online::clone: construct credential-URL from environment
We support two types of passing credentials to the proxy, either via the
URL or explicitly by specifying user and password. We test these types
by modifying the proxy URL and executing the tests twice, which is
in fact unnecessary and requires us to maintain the list of environment
variables and test executions across multiple CI infrastructures.
To fix the situation, we can just always pass the host, port, user and
password to the tests. The tests can then assemble the complete URL
either with or without included credentials, allowing us to test both
cases in-process.
|
|
c2c95ad0
|
2017-04-26T13:16:18
|
|
tests: online::clone: use URL of test server
All our tests running against a local SSH server usually read the
server's URL from environment variables. But online::clone::ssh_cert
test fails to do so and instead always connects to
"ssh://localhost/foo". This assumption breaks whenever the SSH server is
not running on the standard port, e.g. when it is running as a user.
Fix the issue by using the URL provided by the environment.
|
|
0bd77401
|
2016-04-21T11:05:21
|
|
clone test: annotate unused vars
|
|
0d72f67f
|
2016-03-14T17:36:04
|
|
proxy: don't specify the protocol in the type
We leave this up to the scheme in the url field. The type should only
tell us about whether we want a proxy and whether we want to auto-detect
it.
|
|
b117721d
|
2015-07-29T21:23:56
|
|
proxy: use poxy to test our Windows proxy support
|
|
07bd3e57
|
2015-05-07T12:57:56
|
|
proxy: ask the user for credentials if necessary
|
|
3245896b
|
2015-09-10T13:18:26
|
|
Add a test for custom header validation
Also, *some* custom headers actually are valid.
|
|
e069c621
|
2015-07-02T09:25:48
|
|
git__getenv: utf-8 aware env reader
Introduce `git__getenv` which is a UTF-8 aware `getenv` everywhere.
Make `cl_getenv` use this to keep consistent memory handling around
return values (free everywhere, as opposed to only some platforms).
|
|
352ee171
|
2015-06-12T12:45:49
|
|
clone: set the credentials callback during testing
|
|
8085adf8
|
2015-05-27T18:44:40
|
|
test: Add a test for in-memory SSH private key cred_cb
|
|
77254990
|
2015-04-23T06:51:34
|
|
remote: remove live changing of refspecs
The base refspecs changing can be a cause of confusion as to what is the
current base refspec set and complicate saving the remote's
configuration.
Change `git_remote_add_{fetch,push}()` to update the configuration
instead of an instance.
This finally makes `git_remote_save()` a no-op, it will be removed in a
later commit.
|
|
058b753c
|
2015-04-22T15:45:21
|
|
remote: move the transport ctor to the callbacks
Instead of having it set in a different place from every other callback,
put it the main structure. This removes some state from the remote and
makes it behave more like clone, where the constructors are passed via
the options.
|
|
8f0104ec
|
2015-04-21T22:10:36
|
|
Remove the callbacks struct from the remote
Having the setting be different from calling its actions was not a great
idea and made for the sake of the wrong convenience.
Instead of that, accept either fetch options, push options or the
callbacks when dealing with the remote. The fetch options are currently
only the callbacks, but more options will be moved from setters and
getters on the remote to the options.
This does mean passing the same struct along the different functions but
the typical use-case will only call git_remote_fetch() or
git_remote_push() and so won't notice much difference.
|
|
29e7ae5d
|
2015-03-16T19:39:05
|
|
Add failing test for cert callback with non-ecrypted stream
When we have an HTTP stream and have set the certificatre check
callback, we currently fail as we ask the unencrypted stream for its
certificate.
|
|
6c9e86ad
|
2015-02-14T10:46:41
|
|
clone: drop now unnecessary SAFE_CREATE
|
|
209425ce
|
2014-11-08T13:25:51
|
|
remote: rename _load() to _lookup()
This brings it in line with the rest of the lookup functions.
|
|
db3d169c
|
2014-09-24T11:28:45
|
|
Add tests for host names
Signed-off-by: Sven Strickroth <email@cs-ware.de>
|
|
e6e834a1
|
2014-09-18T12:23:07
|
|
Provide host name to certificate_check_cb
Signed-off-by: Sven Strickroth <email@cs-ware.de>
|
|
52e09724
|
2014-09-16T17:13:58
|
|
ssh: skip the localhost cert check earlier
Skip it before we attempt to clone, as we would exit with -1 on systems
which do not have sshd running.
|
|
1e0aa105
|
2014-09-16T03:22:09
|
|
ssh: expose both hashes
The user may have the data hashed as MD5 or SHA-1, so we should provide
both types for consumption.
|
|
286369a8
|
2014-09-16T02:27:16
|
|
ssh: provide our own types for host key lengths
Instead of using the libssh2 defines, provide our own, which eases usage
as we do not need to check whether libgit2 was built with libssh2 or not.
|
|
0782fc43
|
2014-09-16T01:47:30
|
|
net: use only structs to pass information about cert
Instead of spreading the data in function arguments, some of which
aren't used for ssh and having a struct only for ssh, use a struct for
both, using a common parent to pass to the callback.
|
|
0fef3899
|
2014-09-16T01:25:53
|
|
Merge remote-tracking branch 'upstream/master' into cmn/host-cert-info
|
|
bf8756d6
|
2014-09-15T21:51:42
|
|
ssh: add test for host key
Test that the certificate check callback gets the right fingerprint from
the host we're connecting to.
|
|
08545d36
|
2014-08-30T00:40:37
|
|
winhttp: credential check on successful connect
On successful connection, still ask the user whether they accept the server's certificate, indicating that WinHTTP would let it though.
|
|
23ca0ad5
|
2014-08-29T21:25:13
|
|
Bring certificate check back to the normal return code
Returning 0 lets the certificate check succeed. An error code is bubbled
up to the user.
|
|
2f5864c5
|
2014-08-29T21:15:36
|
|
ssh: do ssh cert info before asking for credentials
We know the host's key as soon as we connect, so we should perform the
check as soon as we can, before we bother with the user's credentials.
|
|
17491f6e
|
2014-08-29T17:18:23
|
|
transport: always call the certificate check callback
We should let the user decide whether to cancel the connection or not
regardless of whether our checks have decided that the certificate is
fine. We provide our own assessment to the callback to let the user fall
back to our checks if they so desire.
|
|
85acc562
|
2014-08-29T17:07:07
|
|
remote: add tests for the certificate callback
|
|
fe3b6789
|
2014-09-01T19:18:20
|
|
Skip SSH clone tests if libgit2 not built with GIT_SSH defined
|
|
f0c53d21
|
2014-08-27T10:28:46
|
|
winhttp: Prevent swallowing of url parsing error
|
|
c13b6844
|
2014-08-27T15:25:46
|
|
Adjust clone tests to USERNAME cred type
|
|
6a0d2b43
|
2014-08-27T15:09:07
|
|
Merge remote-tracking branch 'upstream/master' into cmn/ssh-retry
|
|
adcdeb36
|
2014-08-01T13:06:37
|
|
online::clone::credentials support default credentials
|
|
aea67633
|
2014-07-31T17:59:03
|
|
Don't run the ssh clone tests against http remotes
|
|
d4256ed5
|
2014-07-04T10:00:39
|
|
ssh: provide a factory function for setting ssh paths
git allows you to set which paths to use for the git server programs
when connecting over ssh; and we want to provide something similar.
We do this by providing a factory function which can be set as the
remote's transport callback which will set the given paths upon
creation.
|
|
6812afaf
|
2014-06-30T21:36:38
|
|
clone: remote git_clone_into{,_local} from the public API
As git_clone now has callbacks to configure the details of the
repository and remote, remove the lower-level functions from the public
API, as they lack some of the logic from git_clone proper.
|
|
e26b08d3
|
2014-06-25T17:05:27
|
|
ssh: adjust clone and push test credentials to the split user+pass method
For urls where we do not specify a username, we must handle the case
where the ssh transport asks us for the username.
Test also that switching username fails.
|
|
ccb85c8f
|
2014-06-25T16:27:43
|
|
ssh: make sure to ask for a username and use the same one
In order to know which authentication methods are supported/allowed by
the ssh server, we need to send a NONE auth request, which needs a
username associated with it.
Most ssh server implementations do not allow switching the username
between authentication attempts, which means we cannot use a dummy
username and then switch. There are two ways around this.
The first is to use a different connection, which an earlier commit
implements, but this increases how long it takes to get set up, and
without knowing the right username, we cannot guarantee that the
list we get in response is the right one.
The second is what's implemented here: if there is no username specified
in the url, ask for it first. We can then ask for the list of auth
methods and use the user's credentials in the same connection.
|
|
d7f962f4
|
2014-06-16T19:30:06
|
|
ssh: request credentials again on authentication failure
Instead of completely giving up on the first failure, ask for
credentials as long as we fail to authenticate.
|
|
b529c5f9
|
2014-06-12T17:19:00
|
|
ssh: propagate the error code from the auth callback
We need to be able to get a GIT_EUSER back through the outermost call.
|
|
22618906
|
2014-06-12T16:09:54
|
|
ssh: detect authentication methods
Before calling the credentials callback, ask the sever which
authentication methods it supports and report that to the user, instead
of simply reporting everything that the transport supports.
In case of an error, we do fall back to listing all of them.
|
|
09561d33
|
2014-06-13T22:27:46
|
|
test: remove assembla clone test
The assembla failure we were seeing referred to a private repository,
which is not what is there at the moment.
This reverts 1fd21b0342f
|
|
3382d8b1
|
2014-06-13T22:24:43
|
|
test: use read-only account
Don't write in plaintext the password of an account which has full
control over the repository. Instead use an account with read-only
access.
|
|
6d1b0438
|
2014-06-07T12:18:24
|
|
Win32: Fix failing clone_mirror test
|
|
b2067248
|
2014-05-15T09:03:30
|
|
clone: add failing test for a mirror-clone with clone_into
Show a failure to perform a mirror-clone from a repository, both local
and remote.
|
|
0f65733b
|
2014-04-02T18:50:47
|
|
Clar: skip tests
|
|
6affd71f
|
2014-01-03T17:38:34
|
|
git_checkout_opts -> git_checkout_options
|
|
5dae3ffe
|
2014-02-05T19:27:27
|
|
Only run clone-failure test on private repo
|
|
fe45922d
|
2014-02-05T13:41:12
|
|
Fix broken clone test
|
|
1cc974ab
|
2014-01-27T14:40:31
|
|
Augment clone API with reflog parameters
|
|
25e0b157
|
2013-12-06T15:07:57
|
|
Remove converting user error to GIT_EUSER
This changes the behavior of callbacks so that the callback error
code is not converted into GIT_EUSER and instead we propagate the
return value through to the caller. Instead of using the
giterr_capture and giterr_restore functions, we now rely on all
functions to pass back the return value from a callback.
To avoid having a return value with no error message, the user
can call the public giterr_set_str or some such function to set
an error message. There is a new helper 'giterr_set_callback'
that functions can invoke after making a callback which ensures
that some error message was set in case the callback did not set
one.
In places where the sign of the callback return value is
meaningful (e.g. positive to skip, negative to abort), only the
negative values are returned back to the caller, obviously, since
the other values allow for continuing the loop.
The hardest parts of this were in the checkout code where positive
return values were overloaded as meaningful values for checkout.
I fixed this by adding an output parameter to many of the internal
checkout functions and removing the overload. This added some
code, but it is probably a better implementation.
There is some funkiness in the network code where user provided
callbacks could be returning a positive or a negative value and
we want to rely on that to cancel the loop. There are still a
couple places where an user error might get turned into GIT_EUSER
there, I think, though none exercised by the tests.
|
|
8f2a3d62
|
2013-11-18T12:14:50
|
|
Fix warnings
|
|
80fc7d6b
|
2013-11-13T16:46:45
|
|
Propagate auth error codes as GIT_EUSER in winhttp
|
|
17820381
|
2013-11-14T14:05:52
|
|
Rename tests-clar to tests
|