From 0c792a678b6f354ca0d00ed13d000a7a3cf390fc Mon Sep 17 00:00:00 2001
From: Christian Ihle <blurpy@gmail.com>
Date: Tue, 17 Jan 2023 14:35:10 +0100
Subject: [PATCH] Add some quick tests of basic auth in client.validateUrl()

Signed-off-by: Christian Ihle <blurpy@gmail.com>
---
 git/gogit/client_test.go | 63 ++++++++++++++++++++++++++++++++++++++++
 1 file changed, 63 insertions(+)

diff --git a/git/gogit/client_test.go b/git/gogit/client_test.go
index 50b804335..f0d691e07 100644
--- a/git/gogit/client_test.go
+++ b/git/gogit/client_test.go
@@ -653,3 +653,66 @@ func TestHead(t *testing.T) {
 	g.Expect(err).ToNot(HaveOccurred())
 	g.Expect(hash.String()).To(Equal(cc))
 }
+
+func TestValidateUrl(t *testing.T) {
+	tests := []struct {
+		name                string
+		transport           git.TransportType
+		username            string
+		password            string
+		url                 string
+		credentialsOverHttp bool
+		expectedError       string
+	}{
+		{
+			name:          "blocked: basic auth over http",
+			transport:     git.HTTP,
+			username:      "user",
+			password:      "pass",
+			url:           "http://url",
+			expectedError: "basic auth cannot be sent over HTTP",
+		},
+		{
+			name:                "allowed: basic auth over http with insecure enabled",
+			transport:           git.HTTP,
+			username:            "user",
+			password:            "pass",
+			url:                 "http://url",
+			credentialsOverHttp: true,
+		},
+		{
+			name:      "allowed: basic auth over https",
+			transport: git.HTTPS,
+			username:  "user",
+			password:  "pass",
+			url:       "https://url",
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			g := NewWithT(t)
+
+			opts := []ClientOption{WithDiskStorage()}
+			if tt.credentialsOverHttp {
+				opts = append(opts, WithInsecureCredentialsOverHTTP())
+			}
+
+			ggc, err := NewClient(t.TempDir(), &git.AuthOptions{
+				Transport: tt.transport,
+				Username:  tt.username,
+				Password:  tt.password,
+			}, opts...)
+			g.Expect(err).ToNot(HaveOccurred())
+
+			err = ggc.validateUrl(tt.url)
+
+			if tt.expectedError == "" {
+				g.Expect(err).To(BeNil())
+			} else {
+				g.Expect(err).ToNot(BeNil())
+				g.Expect(err.Error()).To(ContainSubstring(tt.expectedError))
+			}
+		})
+	}
+}