12 "github.com/stretchr/testify/assert"
13 "github.com/stretchr/testify/require"
16 type redirectTest struct {
20 func TestClientRedirect(t *testing.T) {
21 var srv3Https, srv3Http string
26 srv3 := httptest.NewTLSServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
27 atomic.AddUint32(&called3, 1)
28 t.Logf("srv3 req %s %s", r.Method, r.URL.Path)
29 assert.Equal(t, "POST", r.Method)
33 assert.Equal(t, "auth", r.Header.Get("Authorization"))
34 assert.Equal(t, "1", r.Header.Get("A"))
35 w.Header().Set("Location", srv3Https+"/upgraded")
38 // Since srv3 listens on both a TLS-enabled socket and a
39 // TLS-disabled one, they are two different hosts.
40 // Ensure that, even though this is a "secure" upgrade,
41 // the authorization header is stripped.
42 assert.Equal(t, "", r.Header.Get("Authorization"))
43 assert.Equal(t, "1", r.Header.Get("A"))
46 assert.Equal(t, "auth", r.Header.Get("Authorization"))
47 assert.Equal(t, "1", r.Header.Get("A"))
48 w.Header().Set("Location", srv3Http+"/404")
56 srv2 := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
57 atomic.AddUint32(&called2, 1)
58 t.Logf("srv2 req %s %s", r.Method, r.URL.Path)
59 assert.Equal(t, "POST", r.Method)
63 assert.Equal(t, "", r.Header.Get("Authorization"))
64 assert.Equal(t, "1", r.Header.Get("A"))
65 body := &redirectTest{}
66 err := json.NewDecoder(r.Body).Decode(body)
68 assert.Equal(t, "External", body.Test)
76 srv1 := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
77 atomic.AddUint32(&called1, 1)
78 t.Logf("srv1 req %s %s", r.Method, r.URL.Path)
79 assert.Equal(t, "POST", r.Method)
83 w.Header().Set("Location", "/ok")
86 w.Header().Set("Location", srv2.URL+"/ok")
89 assert.Equal(t, "auth", r.Header.Get("Authorization"))
90 assert.Equal(t, "1", r.Header.Get("A"))
91 body := &redirectTest{}
92 err := json.NewDecoder(r.Body).Decode(body)
94 assert.Equal(t, "Local", body.Test)
105 srv3InsecureListener, err := net.Listen("tcp", "127.0.0.1:0")
108 go http.Serve(srv3InsecureListener, srv3.Config.Handler)
109 defer srv3InsecureListener.Close()
112 srv3Http = fmt.Sprintf("http://%s", srv3InsecureListener.Addr().String())
114 c, err := NewClient(NewContext(nil, nil, map[string]string{
115 fmt.Sprintf("http.%s.sslverify", srv3Https): "false",
116 fmt.Sprintf("http.%s/.sslverify", srv3Https): "false",
117 fmt.Sprintf("http.%s.sslverify", srv3Http): "false",
118 fmt.Sprintf("http.%s/.sslverify", srv3Http): "false",
119 fmt.Sprintf("http.sslverify"): "false",
124 req, err := http.NewRequest("POST", srv1.URL+"/local", nil)
126 req.Header.Set("Authorization", "auth")
127 req.Header.Set("A", "1")
129 require.Nil(t, MarshalToRequest(req, &redirectTest{Test: "Local"}))
131 res, err := c.Do(req)
133 assert.Equal(t, 200, res.StatusCode)
134 assert.EqualValues(t, 2, called1)
135 assert.EqualValues(t, 0, called2)
138 req, err = http.NewRequest("POST", srv1.URL+"/external", nil)
140 req.Header.Set("Authorization", "auth")
141 req.Header.Set("A", "1")
143 require.Nil(t, MarshalToRequest(req, &redirectTest{Test: "External"}))
147 assert.Equal(t, 200, res.StatusCode)
148 assert.EqualValues(t, 3, called1)
149 assert.EqualValues(t, 1, called2)
151 // http -> https (secure upgrade)
153 req, err = http.NewRequest("POST", srv3Http+"/upgrade", nil)
155 req.Header.Set("Authorization", "auth")
156 req.Header.Set("A", "1")
158 require.Nil(t, MarshalToRequest(req, &redirectTest{Test: "http->https"}))
162 assert.Equal(t, 200, res.StatusCode)
163 assert.EqualValues(t, 2, atomic.LoadUint32(&called3))
165 // https -> http (insecure downgrade)
167 req, err = http.NewRequest("POST", srv3Https+"/downgrade", nil)
169 req.Header.Set("Authorization", "auth")
170 req.Header.Set("A", "1")
172 require.Nil(t, MarshalToRequest(req, &redirectTest{Test: "https->http"}))
175 assert.EqualError(t, err, "lfsapi/client: refusing insecure redirect, https->http")
178 func TestNewClient(t *testing.T) {
179 c, err := NewClient(NewContext(nil, nil, map[string]string{
180 "lfs.dialtimeout": "151",
181 "lfs.keepalive": "152",
182 "lfs.tlstimeout": "153",
183 "lfs.concurrenttransfers": "154",
187 assert.Equal(t, 151, c.DialTimeout)
188 assert.Equal(t, 152, c.KeepaliveTimeout)
189 assert.Equal(t, 153, c.TLSTimeout)
190 assert.Equal(t, 154, c.ConcurrentTransfers)
193 func TestNewClientWithGitSSLVerify(t *testing.T) {
194 c, err := NewClient(nil)
196 assert.False(t, c.SkipSSLVerify)
198 for _, value := range []string{"true", "1", "t"} {
199 c, err = NewClient(NewContext(nil, nil, map[string]string{
200 "http.sslverify": value,
202 t.Logf("http.sslverify: %q", value)
204 assert.False(t, c.SkipSSLVerify)
207 for _, value := range []string{"false", "0", "f"} {
208 c, err = NewClient(NewContext(nil, nil, map[string]string{
209 "http.sslverify": value,
211 t.Logf("http.sslverify: %q", value)
213 assert.True(t, c.SkipSSLVerify)
217 func TestNewClientWithOSSSLVerify(t *testing.T) {
218 c, err := NewClient(nil)
220 assert.False(t, c.SkipSSLVerify)
222 for _, value := range []string{"false", "0", "f"} {
223 c, err = NewClient(NewContext(nil, map[string]string{
224 "GIT_SSL_NO_VERIFY": value,
226 t.Logf("GIT_SSL_NO_VERIFY: %q", value)
228 assert.False(t, c.SkipSSLVerify)
231 for _, value := range []string{"true", "1", "t"} {
232 c, err = NewClient(NewContext(nil, map[string]string{
233 "GIT_SSL_NO_VERIFY": value,
235 t.Logf("GIT_SSL_NO_VERIFY: %q", value)
237 assert.True(t, c.SkipSSLVerify)
241 func TestNewRequest(t *testing.T) {
243 {"https://example.com", "a", "https://example.com/a"},
244 {"https://example.com/", "a", "https://example.com/a"},
245 {"https://example.com/a", "b", "https://example.com/a/b"},
246 {"https://example.com/a/", "b", "https://example.com/a/b"},
249 for _, test := range tests {
250 c, err := NewClient(NewContext(nil, nil, map[string]string{
255 req, err := c.NewRequest("POST", c.Endpoints.Endpoint("", ""), test[1], nil)
257 assert.Equal(t, "POST", req.Method)
258 assert.Equal(t, test[2], req.URL.String(), fmt.Sprintf("endpoint: %s, suffix: %s, expected: %s", test[0], test[1], test[2]))
262 func TestNewRequestWithBody(t *testing.T) {
263 c, err := NewClient(NewContext(nil, nil, map[string]string{
264 "lfs.url": "https://example.com",
271 req, err := c.NewRequest("POST", c.Endpoints.Endpoint("", ""), "body", body)
274 assert.NotNil(t, req.Body)
275 assert.Equal(t, "15", req.Header.Get("Content-Length"))
276 assert.EqualValues(t, 15, req.ContentLength)
279 func TestMarshalToRequest(t *testing.T) {
280 req, err := http.NewRequest("POST", "https://foo/bar", nil)
283 assert.Nil(t, req.Body)
284 assert.Equal(t, "", req.Header.Get("Content-Length"))
285 assert.EqualValues(t, 0, req.ContentLength)
290 require.Nil(t, MarshalToRequest(req, body))
292 assert.NotNil(t, req.Body)
293 assert.Equal(t, "15", req.Header.Get("Content-Length"))
294 assert.EqualValues(t, 15, req.ContentLength)