From 19ba2256e67eaa1e9834c1525bed802dac00dc6d Mon Sep 17 00:00:00 2001 From: Christian Ihle Date: Tue, 3 Jan 2023 10:12:56 +0100 Subject: [PATCH] Support specifying bearerToken for git http token authentication. As an alternative to username and password with http basic authentication. Signed-off-by: Christian Ihle --- git/gogit/transport.go | 4 ++++ git/gogit/transport_test.go | 24 ++++++++++++++++++++++++ git/options.go | 16 +++++++++------- git/options_test.go | 2 ++ 4 files changed, 39 insertions(+), 7 deletions(-) diff --git a/git/gogit/transport.go b/git/gogit/transport.go index 62553c6c3..50eddecbc 100644 --- a/git/gogit/transport.go +++ b/git/gogit/transport.go @@ -43,6 +43,10 @@ func transportAuth(opts *git.AuthOptions, fallbackToDefaultKnownHosts bool) (tra Username: opts.Username, Password: opts.Password, }, nil + } else if opts.BearerToken != "" { + return &http.TokenAuth{ + Token: opts.BearerToken, + }, nil } return nil, nil case git.SSH: diff --git a/git/gogit/transport_test.go b/git/gogit/transport_test.go index b5708a727..d722bd6a3 100644 --- a/git/gogit/transport_test.go +++ b/git/gogit/transport_test.go @@ -111,6 +111,18 @@ func Test_transportAuth(t *testing.T) { })) }, }, + { + name: "HTTP bearer token", + opts: &git.AuthOptions{ + Transport: git.HTTP, + BearerToken: "http-token", + }, + wantFunc: func(g *WithT, t transport.AuthMethod, opts *git.AuthOptions) { + g.Expect(t).To(Equal(&http.TokenAuth{ + Token: opts.BearerToken, + })) + }, + }, { name: "HTTPS basic auth", opts: &git.AuthOptions{ @@ -125,6 +137,18 @@ func Test_transportAuth(t *testing.T) { })) }, }, + { + name: "HTTPS bearer token", + opts: &git.AuthOptions{ + Transport: git.HTTPS, + BearerToken: "https-token", + }, + wantFunc: func(g *WithT, t transport.AuthMethod, opts *git.AuthOptions) { + g.Expect(t).To(Equal(&http.TokenAuth{ + Token: opts.BearerToken, + })) + }, + }, { name: "SSH private key", opts: &git.AuthOptions{ diff --git a/git/options.go b/git/options.go index 85b9ca398..dbd090044 100644 --- a/git/options.go +++ b/git/options.go @@ -38,13 +38,14 @@ const ( // AuthOptions are the authentication options for the Transport of // communication with a remote origin. type AuthOptions struct { - Transport TransportType - Host string - Username string - Password string - Identity []byte - KnownHosts []byte - CAFile []byte + Transport TransportType + Host string + Username string + Password string + BearerToken string + Identity []byte + KnownHosts []byte + CAFile []byte } // KexAlgos hosts the key exchange algorithms to be used for SSH connections. @@ -88,6 +89,7 @@ func NewAuthOptions(u url.URL, data map[string][]byte) (*AuthOptions, error) { if len(data) > 0 { opts.Username = string(data["username"]) opts.Password = string(data["password"]) + opts.BearerToken = string(data["bearerToken"]) opts.CAFile = data["caFile"] opts.Identity = data["identity"] opts.KnownHosts = data["known_hosts"] diff --git a/git/options_test.go b/git/options_test.go index e4adff136..8348ddba3 100644 --- a/git/options_test.go +++ b/git/options_test.go @@ -186,6 +186,7 @@ func TestAuthOptionsFromData(t *testing.T) { data: map[string][]byte{ "username": []byte("example"), // This takes precedence over the one from the URL "password": []byte("secret"), + "bearerToken": []byte("token"), "identity": []byte(privateKeyFixture), "known_hosts": []byte(knownHostsFixture), "caFile": []byte("mock"), @@ -194,6 +195,7 @@ func TestAuthOptionsFromData(t *testing.T) { wantFunc: func(g *WithT, opts *AuthOptions) { g.Expect(opts.Username).To(Equal("example")) g.Expect(opts.Password).To(Equal("secret")) + g.Expect(opts.BearerToken).To(Equal("token")) g.Expect(opts.Identity).To(BeEquivalentTo(privateKeyFixture)) g.Expect(opts.KnownHosts).To(BeEquivalentTo(knownHostsFixture)) g.Expect(opts.CAFile).To(BeEquivalentTo("mock"))