aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJeff King <peff@peff.net>2013-09-28 04:35:35 -0400
committerJonathan Nieder <jrnieder@gmail.com>2013-10-14 17:01:34 -0700
commit050ef3655c8ea1dc7a2b3b843ca7c45dd94d9c88 (patch)
treec5f0f3da2da24b72fe828c634897991636cafe97
parentb227bbc43a568b282b5f8cb35e563d00d60b272d (diff)
downloadgit-050ef3655c8ea1dc7a2b3b843ca7c45dd94d9c88.tar.gz
git-050ef3655c8ea1dc7a2b3b843ca7c45dd94d9c88.tar.xz
remote-curl: rewrite base url from info/refs redirects
For efficiency and security reasons, an earlier commit in this series taught http_get_* to re-write the base url based on redirections we saw while making a specific request. This commit wires that option into the info/refs request, meaning that a redirect from http://example.com/foo.git/info/refs to https://example.com/bar.git/info/refs will behave as if "https://example.com/bar.git" had been provided to git in the first place. The tests bear some explanation. We introduce two new hierearchies into the httpd test config: 1. Requests to /smart-redir-limited will work only for the initial info/refs request, but not any subsequent requests. As a result, we can confirm whether the client is re-rooting its requests after the initial contact, since otherwise it will fail (it will ask for "repo.git/git-upload-pack", which is not redirected). 2. Requests to smart-redir-auth will redirect, and require auth after the redirection. Since we are using the redirected base for further requests, we also update the credential struct, in order not to mislead the user (or credential helpers) about which credential is needed. We can therefore check the GIT_ASKPASS prompts to make sure we are prompting for the new location. Because we have neither multiple servers nor https support in our test setup, we can only redirect between paths, meaning we need to turn on credential.useHttpPath to see the difference. Signed-off-by: Jeff King <peff@peff.net> Signed-off-by: Jonathan Nieder <jrnieder@gmail.com>
-rw-r--r--remote-curl.c4
-rw-r--r--t/lib-httpd.sh3
-rw-r--r--t/lib-httpd/apache.conf2
-rwxr-xr-xt/t5551-http-fetch.sh11
4 files changed, 19 insertions, 1 deletions
diff --git a/remote-curl.c b/remote-curl.c
index 345fea889..ef1684b9d 100644
--- a/remote-curl.c
+++ b/remote-curl.c
@@ -188,6 +188,7 @@ static struct discovery* discover_refs(const char *service, int for_push)
struct strbuf type = STRBUF_INIT;
struct strbuf buffer = STRBUF_INIT;
struct strbuf refs_url = STRBUF_INIT;
+ struct strbuf effective_url = STRBUF_INIT;
struct discovery *last = last_discovery;
int http_ret, maybe_smart = 0;
struct http_get_options options;
@@ -209,6 +210,8 @@ static struct discovery* discover_refs(const char *service, int for_push)
memset(&options, 0, sizeof(options));
options.content_type = &type;
+ options.effective_url = &effective_url;
+ options.base_url = &url;
options.no_cache = 1;
options.keep_error = 1;
@@ -268,6 +271,7 @@ static struct discovery* discover_refs(const char *service, int for_push)
strbuf_release(&refs_url);
strbuf_release(&exp);
strbuf_release(&type);
+ strbuf_release(&effective_url);
strbuf_release(&buffer);
last_discovery = last;
return last;
diff --git a/t/lib-httpd.sh b/t/lib-httpd.sh
index 895b9258b..7059cc6c2 100644
--- a/t/lib-httpd.sh
+++ b/t/lib-httpd.sh
@@ -187,7 +187,8 @@ set_askpass() {
}
expect_askpass() {
- dest=$HTTPD_DEST
+ dest=$HTTPD_DEST${3+/$3}
+
{
case "$1" in
none)
diff --git a/t/lib-httpd/apache.conf b/t/lib-httpd/apache.conf
index dd17e3a09..4a261f13f 100644
--- a/t/lib-httpd/apache.conf
+++ b/t/lib-httpd/apache.conf
@@ -102,6 +102,8 @@ ScriptAlias /broken_smart/ broken-smart-http.sh/
RewriteEngine on
RewriteRule ^/smart-redir-perm/(.*)$ /smart/$1 [R=301]
RewriteRule ^/smart-redir-temp/(.*)$ /smart/$1 [R=302]
+RewriteRule ^/smart-redir-auth/(.*)$ /auth/smart/$1 [R=301]
+RewriteRule ^/smart-redir-limited/(.*)/info/refs$ /smart/$1/info/refs [R=301]
<IfDefine SSL>
LoadModule ssl_module modules/mod_ssl.so
diff --git a/t/t5551-http-fetch.sh b/t/t5551-http-fetch.sh
index 55a866af8..1b71bb515 100755
--- a/t/t5551-http-fetch.sh
+++ b/t/t5551-http-fetch.sh
@@ -113,6 +113,10 @@ test_expect_success 'follow redirects (302)' '
git clone $HTTPD_URL/smart-redir-temp/repo.git --quiet repo-t
'
+test_expect_success 'redirects re-root further requests' '
+ git clone $HTTPD_URL/smart-redir-limited/repo.git repo-redir-limited
+'
+
test_expect_success 'clone from password-protected repository' '
echo two >expect &&
set_askpass user@host &&
@@ -146,6 +150,13 @@ test_expect_success 'no-op half-auth fetch does not require a password' '
expect_askpass none
'
+test_expect_success 'redirects send auth to new location' '
+ set_askpass user@host &&
+ git -c credential.useHttpPath=true \
+ clone $HTTPD_URL/smart-redir-auth/repo.git repo-redir-auth &&
+ expect_askpass both user@host auth/smart/repo.git
+'
+
test_expect_success 'disable dumb http on server' '
git --git-dir="$HTTPD_DOCUMENT_ROOT_PATH/repo.git" \
config http.getanyfile false