5416: Use http://foo:bar@host:port/ instead of credential helper.

author Tom Clegg <tom@curoverse.com>

Thu, 16 Apr 2015 19:52:20 +0000 (15:52 -0400)

committer Tom Clegg <tom@curoverse.com>

Mon, 20 Apr 2015 20:58:51 +0000 (16:58 -0400)
author Tom Clegg <tom@curoverse.com>
Thu, 16 Apr 2015 19:52:20 +0000 (15:52 -0400)
committer Tom Clegg <tom@curoverse.com>
Mon, 20 Apr 2015 20:58:51 +0000 (16:58 -0400)
diff --git a/services/arv-git-httpd/auth_handler.go b/services/arv-git-httpd/auth_handler.go

index ef16acbd6f20975896f3cba1dd819be200a3e4ab..df2d8d61109d710a1532e8dbc8d9c303d0af881d 100644 (file)
--- a/services/arv-git-httpd/auth_handler.go
+++ b/services/arv-git-httpd/auth_handler.go
@@ -52,7 +52,7 @@ func (h *authHandler) ServeHTTP(wOrig http.ResponseWriter, r *http.Request) {
                         w.WriteHeader(statusCode)
                         w.Write([]byte(statusText))
                 }
-               log.Println(quoteStrings(r.RemoteAddr, username, password, wroteStatus, statusText, repoName, r.URL.Path)...)
+               log.Println(quoteStrings(r.RemoteAddr, username, password, wroteStatus, statusText, repoName, r.Method, r.URL.Path)...)
         }()
  
         // HTTP request username is logged, but unused. Password is an
@@ -87,7 +87,7 @@ func (h *authHandler) ServeHTTP(wOrig http.ResponseWriter, r *http.Request) {
         arv.ApiToken = password
         reposFound := arvadosclient.Dict{}
         if err := arv.List("repositories", arvadosclient.Dict{
-               "filters": [][]string{[]string{"name", "=", repoName}},
+               "filters": [][]string{{"name", "=", repoName}},
         }, &reposFound); err != nil {
                 statusCode, statusText = http.StatusInternalServerError, err.Error()
                 return
diff --git a/services/arv-git-httpd/server_test.go b/services/arv-git-httpd/server_test.go

index 82d71ae76bf4d23993e706f314aebdb8cc2b0ae9..d773dd9e02ac760ce2e36a54e054b198f69cc1e4 100644 (file)
--- a/services/arv-git-httpd/server_test.go
+++ b/services/arv-git-httpd/server_test.go
@@ -14,6 +14,12 @@ import (
  
  var _ = check.Suite(&IntegrationSuite{})
  
+const (
+       spectatorToken = "zw2f4gwx8hw8cjre7yp6v1zylhrhn3m5gvjq73rtpwhmknrybu"
+       activeToken    = "3kg6k6lzmp9kj5cpkcoxie963cmvjahbt2fod9zru30k1jqdmi"
+       anonymousToken = "4kg6k6lzmp9kj4cpkcoxie964cmvjahbt4fod9zru44k4jqdmi"
+)
+
  // IntegrationSuite tests need an API server and an arv-git-httpd server
  type IntegrationSuite struct {
         tmpRepoRoot string
@@ -23,55 +29,43 @@ type IntegrationSuite struct {
  
  func (s *IntegrationSuite) TestPathVariants(c *check.C) {
         s.makeArvadosRepo(c)
-       // Spectator token
-       os.Setenv("ARVADOS_API_TOKEN", "zw2f4gwx8hw8cjre7yp6v1zylhrhn3m5gvjq73rtpwhmknrybu")
         for _, repo := range []string{"active/foo.git", "active/foo/.git", "arvados.git", "arvados/.git"} {
-               err := s.runGit(c, "fetch", repo)
+               err := s.runGit(c, spectatorToken, "fetch", repo)
                 c.Assert(err, check.Equals, nil)
         }
  }
  
  func (s *IntegrationSuite) TestReadonly(c *check.C) {
-       // Spectator token
-       os.Setenv("ARVADOS_API_TOKEN", "zw2f4gwx8hw8cjre7yp6v1zylhrhn3m5gvjq73rtpwhmknrybu")
-       err := s.runGit(c, "fetch", "active/foo.git")
+       err := s.runGit(c, spectatorToken, "fetch", "active/foo.git")
         c.Assert(err, check.Equals, nil)
-       err = s.runGit(c, "push", "active/foo.git", "master:newbranchfail")
+       err = s.runGit(c, spectatorToken, "push", "active/foo.git", "master:newbranchfail")
         c.Assert(err, check.ErrorMatches, `.*HTTP code = 403.*`)
         _, err = os.Stat(s.tmpRepoRoot + "/zzzzz-s0uqq-382brsig8rp3666/.git/refs/heads/newbranchfail")
         c.Assert(err, check.FitsTypeOf, &os.PathError{})
  }
  
  func (s *IntegrationSuite) TestReadwrite(c *check.C) {
-       // Active user token
-       os.Setenv("ARVADOS_API_TOKEN", "3kg6k6lzmp9kj5cpkcoxie963cmvjahbt2fod9zru30k1jqdmi")
-       err := s.runGit(c, "fetch", "active/foo.git")
+       err := s.runGit(c, activeToken, "fetch", "active/foo.git")
         c.Assert(err, check.Equals, nil)
-       err = s.runGit(c, "push", "active/foo.git", "master:newbranch")
+       err = s.runGit(c, activeToken, "push", "active/foo.git", "master:newbranch")
         c.Assert(err, check.Equals, nil)
         _, err = os.Stat(s.tmpRepoRoot + "/zzzzz-s0uqq-382brsig8rp3666/.git/refs/heads/newbranch")
         c.Assert(err, check.Equals, nil)
  }
  
  func (s *IntegrationSuite) TestNonexistent(c *check.C) {
-       // Spectator token
-       os.Setenv("ARVADOS_API_TOKEN", "zw2f4gwx8hw8cjre7yp6v1zylhrhn3m5gvjq73rtpwhmknrybu")
-       err := s.runGit(c, "fetch", "thisrepodoesnotexist.git")
+       err := s.runGit(c, spectatorToken, "fetch", "thisrepodoesnotexist.git")
         c.Assert(err, check.ErrorMatches, `.* not found.*`)
  }
  
  func (s *IntegrationSuite) TestMissingGitdirReadableRepository(c *check.C) {
-       // Active user token
-       os.Setenv("ARVADOS_API_TOKEN", "3kg6k6lzmp9kj5cpkcoxie963cmvjahbt2fod9zru30k1jqdmi")
-       err := s.runGit(c, "fetch", "active/foo2.git")
+       err := s.runGit(c, activeToken, "fetch", "active/foo2.git")
         c.Assert(err, check.ErrorMatches, `.* not found.*`)
  }
  
  func (s *IntegrationSuite) TestNoPermission(c *check.C) {
-       // Anonymous token
-       os.Setenv("ARVADOS_API_TOKEN", "4kg6k6lzmp9kj4cpkcoxie964cmvjahbt4fod9zru44k4jqdmi")
         for _, repo := range []string{"active/foo.git", "active/foo/.git"} {
-               err := s.runGit(c, "fetch", repo)
+               err := s.runGit(c, anonymousToken, "fetch", repo)
                 c.Assert(err, check.ErrorMatches, `.* not found.*`)
         }
  }
@@ -107,18 +101,7 @@ func (s *IntegrationSuite) SetUpTest(c *check.C) {
  
         // Clear ARVADOS_API_TOKEN after starting up the server, to
         // make sure arv-git-httpd doesn't use it.
-       os.Setenv("ARVADOS_API_TOKEN", "")
-
-       _, err = exec.Command("git", "config",
-               "--file", s.tmpWorkdir+"/.git/config",
-               "credential.http://"+s.testServer.Addr+"/.helper",
-               "!cred(){ echo password=$ARVADOS_API_TOKEN; };cred").Output()
-       c.Assert(err, check.Equals, nil)
-       _, err = exec.Command("git", "config",
-               "--file", s.tmpWorkdir+"/.git/config",
-               "credential.http://"+s.testServer.Addr+"/.username",
-               "none").Output()
-       c.Assert(err, check.Equals, nil)
+       os.Setenv("ARVADOS_API_TOKEN", "unused-token-placates-client-library")
  }
  
  func (s *IntegrationSuite) TearDownTest(c *check.C) {
@@ -137,14 +120,14 @@ func (s *IntegrationSuite) TearDownTest(c *check.C) {
         }
  }
  
-func (s *IntegrationSuite) runGit(c *check.C, gitCmd, repo string, args ...string) error {
+func (s *IntegrationSuite) runGit(c *check.C, token, gitCmd, repo string, args ...string) error {
         cwd, err := os.Getwd()
         c.Assert(err, check.Equals, nil)
         defer os.Chdir(cwd)
         os.Chdir(s.tmpWorkdir)
  
         gitargs := append([]string{
-               gitCmd, "http://" + s.testServer.Addr + "/" + repo,
+               gitCmd, "http://none:" + token + "@" + s.testServer.Addr + "/" + repo,
         }, args...)
         cmd := exec.Command("git", gitargs...)
         w, err := cmd.StdinPipe()
author	Tom Clegg <tom@curoverse.com>
	Thu, 16 Apr 2015 19:52:20 +0000 (15:52 -0400)
committer	Tom Clegg <tom@curoverse.com>
	Mon, 20 Apr 2015 20:58:51 +0000 (16:58 -0400)
services/arv-git-httpd/auth_handler.go		patch \| blob \| history
services/arv-git-httpd/server_test.go		patch \| blob \| history