- 10 Jun, 2019 2 commits
-
-
We did not properly support default credentials for proxies, only for destination servers. Refactor the credential handling to support sending either username/password _or_ default credentials to either the proxy or the destination server. This actually shares the authentication logic between proxy servers and destination servers. Due to copy/pasta drift over time, they had diverged. Now they share a common logic which is: first, use credentials specified in the URL (if there were any), treating empty username and password (ie, "http://:@foo.com/") as default credentials, for compatibility with git. Next, call the credential callbacks. Finally, fallback to WinHTTP compatibility layers using built-in authentication like we always have. Allowing default credentials for proxies requires moving the security level downgrade into the credential setting routines themselves. We will update our security level to "high" by default which means that we will never send default credentials without prompting. (A lower setting, like the WinHTTP default of "medium" would allow WinHTTP to handle credentials for us, despite what a user may have requested with their structures.) Now we start with "high" and downgrade to "low" only after a user has explicitly requested default credentials.
Edward Thomson committed -
There's no reason a git repository couldn't be at the root of a server, and URLs should have an implicit path of '/' when one is not specified.
Edward Thomson committed
-
- 05 Jun, 2019 1 commit
-
-
GitHub recently changed their behavior from returning 401s for private or nonexistent repositories on a clone to returning 404s. For our tests that require an auth failure (and 401), move to GitLab to request a missing repository. This lets us continue to test our auth failure case, at least until they decide to mimic that decision.
Edward Thomson committed
-
- 22 Feb, 2019 1 commit
-
-
Update internal usage of `git_transfer_progress` to `git_indexer_progreses`.
Edward Thomson committed
-
- 22 Jan, 2019 1 commit
-
-
Move to the `git_error` name in the internal API for error-related functions.
Edward Thomson committed
-
- 17 Jan, 2019 1 commit
-
-
Update internal usage to use the `git_reference` names for constants.
Edward Thomson committed
-
- 14 Jan, 2019 1 commit
-
-
Jason Haslam committed
-
- 28 Nov, 2018 5 commits
-
-
For testing, we may wish to use a man-in-the-middle proxy that can inspect the CONNECT traffic to our test endpoints. For this, we will need to accept the proxy's certificate, which will not be valid for the true endpoint. Add a new environment variable, GITTEST_REMOTE_SSL_NOVERIFY to disable https certificate validation for the tests.
Edward Thomson committed -
Rename credential callback to proxy_cred_cb to match new cert callback.
Edward Thomson committed -
Give the proxy tests a proxy certificate callback, and allow self-signed certificates when the `GITTEST_REMOTE_PROXY_SELFSIGNED` environment variable is set (to anything). In that case, simply compare the hostname from the callback to the hostname that we connected to.
Edward Thomson committed -
As we want to support HTTPS proxies, support an optional `GITTEST_REMOTE_PROXY_SCHEME` environment variable for tests that will allow for HTTPS support. (When unset, the tests default to HTTP proxies.)
Edward Thomson committed -
Change the `GITTEST_REMOTE_PROXY_URL` environment variable to be `GITTEST_REMOTE_PROXY_HOST`, since it is a host:port combination, not an actual URL. (We cannot use a URL here since we may want to include the username:password combination in the constructed URL.)
Edward Thomson committed
-
- 22 Sep, 2018 1 commit
-
-
Before resetting the url and username, ensure that we free them in case they were set by environment variables.
Edward Thomson committed
-
- 10 Jun, 2018 1 commit
-
-
Patrick Steinhardt committed
-
- 20 Mar, 2018 1 commit
-
-
Update the settings to use a specific read-only token for accessing our test repositories in Bitbucket.
Edward Thomson committed
-
- 19 Mar, 2018 1 commit
-
-
At present, we have three online tests against bitbucket: one which specifies the credentials in the payload, one which specifies the correct credentials in the URL and a final one that specifies the incorrect credentials in the URL. Bitbucket has begun responding to the latter test with a 403, which causes us to fail. Break these three tests into separate tests so that we can skip the latter until this is resolved on Bitbucket's end or until we can change the test to a different provider.
Edward Thomson committed
-
- 28 Feb, 2018 1 commit
-
-
Validate using the http://user:pass@host/ format in HTTP_PROXY and HTTPS_PROXY environment variables.
Edward Thomson committed
-
- 18 Jan, 2018 1 commit
-
-
Patrick Steinhardt committed
-
- 03 Jan, 2018 2 commits
-
-
Right now, we test our credential callback code twice, once via SSH on localhost and once via a non-existent GitHub repository. While the first URL makes sense to be configurable, it does not make sense to hard-code the non-existing repository, which requires us to call tests multiple times. Instead, we can just inline the URL into another set of tests.
Patrick Steinhardt committed -
We support two types of passing credentials to the proxy, either via the URL or explicitly by specifying user and password. We test these types by modifying the proxy URL and executing the tests twice, which is in fact unnecessary and requires us to maintain the list of environment variables and test executions across multiple CI infrastructures. To fix the situation, we can just always pass the host, port, user and password to the tests. The tests can then assemble the complete URL either with or without included credentials, allowing us to test both cases in-process.
Patrick Steinhardt committed
-
- 21 Jun, 2017 1 commit
-
-
All our tests running against a local SSH server usually read the server's URL from environment variables. But online::clone::ssh_cert test fails to do so and instead always connects to "ssh://localhost/foo". This assumption breaks whenever the SSH server is not running on the standard port, e.g. when it is running as a user. Fix the issue by using the URL provided by the environment.
Patrick Steinhardt committed
-
- 21 Apr, 2016 1 commit
-
-
Edward Thomson committed
-
- 19 Apr, 2016 3 commits
-
-
We leave this up to the scheme in the url field. The type should only tell us about whether we want a proxy and whether we want to auto-detect it.
Carlos Martín Nieto committed -
Carlos Martín Nieto committed
-
Carlos Martín Nieto committed
-
- 10 Sep, 2015 1 commit
-
-
Also, *some* custom headers actually are valid.
Matt Burke committed
-
- 02 Jul, 2015 1 commit
-
-
Introduce `git__getenv` which is a UTF-8 aware `getenv` everywhere. Make `cl_getenv` use this to keep consistent memory handling around return values (free everywhere, as opposed to only some platforms).
Edward Thomson committed
-
- 12 Jun, 2015 1 commit
-
-
Carlos Martín Nieto committed
-
- 27 May, 2015 1 commit
-
-
Michał Górny committed
-
- 13 May, 2015 3 commits
-
-
The base refspecs changing can be a cause of confusion as to what is the current base refspec set and complicate saving the remote's configuration. Change `git_remote_add_{fetch,push}()` to update the configuration instead of an instance. This finally makes `git_remote_save()` a no-op, it will be removed in a later commit.
Carlos Martín Nieto committed -
Instead of having it set in a different place from every other callback, put it the main structure. This removes some state from the remote and makes it behave more like clone, where the constructors are passed via the options.
Carlos Martín Nieto committed -
Having the setting be different from calling its actions was not a great idea and made for the sake of the wrong convenience. Instead of that, accept either fetch options, push options or the callbacks when dealing with the remote. The fetch options are currently only the callbacks, but more options will be moved from setters and getters on the remote to the options. This does mean passing the same struct along the different functions but the typical use-case will only call git_remote_fetch() or git_remote_push() and so won't notice much difference.
Carlos Martín Nieto committed
-
- 16 Mar, 2015 1 commit
-
-
When we have an HTTP stream and have set the certificatre check callback, we currently fail as we ask the unencrypted stream for its certificate.
Carlos Martín Nieto committed
-
- 27 Feb, 2015 1 commit
-
-
Edward Thomson committed
-
- 08 Nov, 2014 1 commit
-
-
This brings it in line with the rest of the lookup functions.
Carlos Martín Nieto committed
-
- 09 Oct, 2014 1 commit
-
-
Signed-off-by: Sven Strickroth <email@cs-ware.de>
Sven Strickroth committed
-
- 22 Sep, 2014 1 commit
-
-
Signed-off-by: Sven Strickroth <email@cs-ware.de>
Sven Strickroth committed
-
- 16 Sep, 2014 3 commits
-
-
Skip it before we attempt to clone, as we would exit with -1 on systems which do not have sshd running.
Carlos Martín Nieto committed -
The user may have the data hashed as MD5 or SHA-1, so we should provide both types for consumption.
Carlos Martín Nieto committed -
Instead of using the libssh2 defines, provide our own, which eases usage as we do not need to check whether libgit2 was built with libssh2 or not.
Carlos Martín Nieto committed
-