From 94b57902775c4aaa02cb7532f07415729ef353df Mon Sep 17 00:00:00 2001 From: Tom Clegg Date: Thu, 16 Apr 2015 15:52:20 -0400 Subject: [PATCH 1/1] 5416: Use http://foo:bar@host:port/ instead of credential helper. --- services/arv-git-httpd/auth_handler.go | 4 +- services/arv-git-httpd/server_test.go | 51 +++++++++----------------- 2 files changed, 19 insertions(+), 36 deletions(-) diff --git a/services/arv-git-httpd/auth_handler.go b/services/arv-git-httpd/auth_handler.go index ef16acbd6f..df2d8d6110 100644 --- a/services/arv-git-httpd/auth_handler.go +++ b/services/arv-git-httpd/auth_handler.go @@ -52,7 +52,7 @@ func (h *authHandler) ServeHTTP(wOrig http.ResponseWriter, r *http.Request) { w.WriteHeader(statusCode) w.Write([]byte(statusText)) } - log.Println(quoteStrings(r.RemoteAddr, username, password, wroteStatus, statusText, repoName, r.URL.Path)...) + log.Println(quoteStrings(r.RemoteAddr, username, password, wroteStatus, statusText, repoName, r.Method, r.URL.Path)...) }() // HTTP request username is logged, but unused. Password is an @@ -87,7 +87,7 @@ func (h *authHandler) ServeHTTP(wOrig http.ResponseWriter, r *http.Request) { arv.ApiToken = password reposFound := arvadosclient.Dict{} if err := arv.List("repositories", arvadosclient.Dict{ - "filters": [][]string{[]string{"name", "=", repoName}}, + "filters": [][]string{{"name", "=", repoName}}, }, &reposFound); err != nil { statusCode, statusText = http.StatusInternalServerError, err.Error() return diff --git a/services/arv-git-httpd/server_test.go b/services/arv-git-httpd/server_test.go index 82d71ae76b..d773dd9e02 100644 --- a/services/arv-git-httpd/server_test.go +++ b/services/arv-git-httpd/server_test.go @@ -14,6 +14,12 @@ import ( var _ = check.Suite(&IntegrationSuite{}) +const ( + spectatorToken = "zw2f4gwx8hw8cjre7yp6v1zylhrhn3m5gvjq73rtpwhmknrybu" + activeToken = "3kg6k6lzmp9kj5cpkcoxie963cmvjahbt2fod9zru30k1jqdmi" + anonymousToken = "4kg6k6lzmp9kj4cpkcoxie964cmvjahbt4fod9zru44k4jqdmi" +) + // IntegrationSuite tests need an API server and an arv-git-httpd server type IntegrationSuite struct { tmpRepoRoot string @@ -23,55 +29,43 @@ type IntegrationSuite struct { func (s *IntegrationSuite) TestPathVariants(c *check.C) { s.makeArvadosRepo(c) - // Spectator token - os.Setenv("ARVADOS_API_TOKEN", "zw2f4gwx8hw8cjre7yp6v1zylhrhn3m5gvjq73rtpwhmknrybu") for _, repo := range []string{"active/foo.git", "active/foo/.git", "arvados.git", "arvados/.git"} { - err := s.runGit(c, "fetch", repo) + err := s.runGit(c, spectatorToken, "fetch", repo) c.Assert(err, check.Equals, nil) } } func (s *IntegrationSuite) TestReadonly(c *check.C) { - // Spectator token - os.Setenv("ARVADOS_API_TOKEN", "zw2f4gwx8hw8cjre7yp6v1zylhrhn3m5gvjq73rtpwhmknrybu") - err := s.runGit(c, "fetch", "active/foo.git") + err := s.runGit(c, spectatorToken, "fetch", "active/foo.git") c.Assert(err, check.Equals, nil) - err = s.runGit(c, "push", "active/foo.git", "master:newbranchfail") + err = s.runGit(c, spectatorToken, "push", "active/foo.git", "master:newbranchfail") c.Assert(err, check.ErrorMatches, `.*HTTP code = 403.*`) _, err = os.Stat(s.tmpRepoRoot + "/zzzzz-s0uqq-382brsig8rp3666/.git/refs/heads/newbranchfail") c.Assert(err, check.FitsTypeOf, &os.PathError{}) } func (s *IntegrationSuite) TestReadwrite(c *check.C) { - // Active user token - os.Setenv("ARVADOS_API_TOKEN", "3kg6k6lzmp9kj5cpkcoxie963cmvjahbt2fod9zru30k1jqdmi") - err := s.runGit(c, "fetch", "active/foo.git") + err := s.runGit(c, activeToken, "fetch", "active/foo.git") c.Assert(err, check.Equals, nil) - err = s.runGit(c, "push", "active/foo.git", "master:newbranch") + err = s.runGit(c, activeToken, "push", "active/foo.git", "master:newbranch") c.Assert(err, check.Equals, nil) _, err = os.Stat(s.tmpRepoRoot + "/zzzzz-s0uqq-382brsig8rp3666/.git/refs/heads/newbranch") c.Assert(err, check.Equals, nil) } func (s *IntegrationSuite) TestNonexistent(c *check.C) { - // Spectator token - os.Setenv("ARVADOS_API_TOKEN", "zw2f4gwx8hw8cjre7yp6v1zylhrhn3m5gvjq73rtpwhmknrybu") - err := s.runGit(c, "fetch", "thisrepodoesnotexist.git") + err := s.runGit(c, spectatorToken, "fetch", "thisrepodoesnotexist.git") c.Assert(err, check.ErrorMatches, `.* not found.*`) } func (s *IntegrationSuite) TestMissingGitdirReadableRepository(c *check.C) { - // Active user token - os.Setenv("ARVADOS_API_TOKEN", "3kg6k6lzmp9kj5cpkcoxie963cmvjahbt2fod9zru30k1jqdmi") - err := s.runGit(c, "fetch", "active/foo2.git") + err := s.runGit(c, activeToken, "fetch", "active/foo2.git") c.Assert(err, check.ErrorMatches, `.* not found.*`) } func (s *IntegrationSuite) TestNoPermission(c *check.C) { - // Anonymous token - os.Setenv("ARVADOS_API_TOKEN", "4kg6k6lzmp9kj4cpkcoxie964cmvjahbt4fod9zru44k4jqdmi") for _, repo := range []string{"active/foo.git", "active/foo/.git"} { - err := s.runGit(c, "fetch", repo) + err := s.runGit(c, anonymousToken, "fetch", repo) c.Assert(err, check.ErrorMatches, `.* not found.*`) } } @@ -107,18 +101,7 @@ func (s *IntegrationSuite) SetUpTest(c *check.C) { // Clear ARVADOS_API_TOKEN after starting up the server, to // make sure arv-git-httpd doesn't use it. - os.Setenv("ARVADOS_API_TOKEN", "") - - _, err = exec.Command("git", "config", - "--file", s.tmpWorkdir+"/.git/config", - "credential.http://"+s.testServer.Addr+"/.helper", - "!cred(){ echo password=$ARVADOS_API_TOKEN; };cred").Output() - c.Assert(err, check.Equals, nil) - _, err = exec.Command("git", "config", - "--file", s.tmpWorkdir+"/.git/config", - "credential.http://"+s.testServer.Addr+"/.username", - "none").Output() - c.Assert(err, check.Equals, nil) + os.Setenv("ARVADOS_API_TOKEN", "unused-token-placates-client-library") } func (s *IntegrationSuite) TearDownTest(c *check.C) { @@ -137,14 +120,14 @@ func (s *IntegrationSuite) TearDownTest(c *check.C) { } } -func (s *IntegrationSuite) runGit(c *check.C, gitCmd, repo string, args ...string) error { +func (s *IntegrationSuite) runGit(c *check.C, token, gitCmd, repo string, args ...string) error { cwd, err := os.Getwd() c.Assert(err, check.Equals, nil) defer os.Chdir(cwd) os.Chdir(s.tmpWorkdir) gitargs := append([]string{ - gitCmd, "http://" + s.testServer.Addr + "/" + repo, + gitCmd, "http://none:" + token + "@" + s.testServer.Addr + "/" + repo, }, args...) cmd := exec.Command("git", gitargs...) w, err := cmd.StdinPipe() -- 2.30.2