Revision - 2501aff - http: hoist credential request out of handle_curl_result

Revision 2501aff8b7516115c409cb34cc50305cdde40a47 authored by Jeff King on 28 September 2013, 08:31:45 UTC, committed by Jonathan Nieder on 14 October 2013, 23:55:13 UTC

http: hoist credential request out of handle_curl_result

When we are handling a curl response code in http_request or
in the remote-curl RPC code, we use the handle_curl_result
helper to translate curl's response into an easy-to-use
code. When we see an HTTP 401, we do one of two things:

  1. If we already had a filled-in credential, we mark it as
     rejected, and then return HTTP_NOAUTH to indicate to
     the caller that we failed.

  2. If we didn't, then we ask for a new credential and tell
     the caller HTTP_REAUTH to indicate that they may want
     to try again.

Rejecting in the first case makes sense; it is the natural
result of the request we just made. However, prompting for
more credentials in the second step does not always make
sense. We do not know for sure that the caller is going to
make a second request, and nor are we sure that it will be
to the same URL. Logically, the prompt belongs not to the
request we just finished, but to the request we are (maybe)
about to make.

In practice, it is very hard to trigger any bad behavior.
Currently, if we make a second request, it will always be to
the same URL (even in the face of redirects, because curl
handles the redirects internally). And we almost always
retry on HTTP_REAUTH these days. The one exception is if we
are streaming a large RPC request to the server (e.g., a
pushed packfile), in which case we cannot restart. It's
extremely unlikely to see a 401 response at this stage,
though, as we would typically have seen it when we sent a
probe request, before streaming the data.

This patch drops the automatic prompt out of case 2, and
instead requires the caller to do it. This is a few extra
lines of code, and the bug it fixes is unlikely to come up
in practice. But it is conceptually cleaner, and paves the
way for better handling of credentials across redirects.

Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Jonathan Nieder <jrnieder@gmail.com>

1 parent 1bbcc22

Files
Changes

Permalinks

git-http-push.txt

git-http-push(1)
================

NAME
----
git-http-push - Push objects over HTTP/DAV to another repository


SYNOPSIS
--------
[verse]
'git http-push' [--all] [--dry-run] [--force] [--verbose] <url> <ref> [<ref>...]

DESCRIPTION
-----------
Sends missing objects to remote repository, and updates the
remote branch.

*NOTE*: This command is temporarily disabled if your libcurl
is older than 7.16, as the combination has been reported
not to work and sometimes corrupts repository.

OPTIONS
-------
--all::
	Do not assume that the remote repository is complete in its
	current state, and verify all objects in the entire local
	ref's history exist in the remote repository.

--force::
	Usually, the command refuses to update a remote ref that
	is not an ancestor of the local ref used to overwrite it.
	This flag disables the check.  What this means is that
	the remote repository can lose commits; use it with
	care.

--dry-run::
	Do everything except actually send the updates.

--verbose::
	Report the list of objects being walked locally and the
	list of objects successfully sent to the remote repository.

-d::
-D::
	Remove <ref> from remote repository.  The specified branch
	cannot be the remote HEAD.  If -d is specified the following
	other conditions must also be met:

	- Remote HEAD must resolve to an object that exists locally
	- Specified branch resolves to an object that exists locally
	- Specified branch is an ancestor of the remote HEAD

<ref>...::
	The remote refs to update.


Specifying the Refs
-------------------

A '<ref>' specification can be either a single pattern, or a pair
of such patterns separated by a colon ":" (this means that a ref name
cannot have a colon in it).  A single pattern '<name>' is just a
shorthand for '<name>:<name>'.

Each pattern pair consists of the source side (before the colon)
and the destination side (after the colon).  The ref to be
pushed is determined by finding a match that matches the source
side, and where it is pushed is determined by using the
destination side.

 - It is an error if <src> does not match exactly one of the
   local refs.

 - If <dst> does not match any remote ref, either

   * it has to start with "refs/"; <dst> is used as the
     destination literally in this case.

   * <src> == <dst> and the ref that matched the <src> must not
     exist in the set of remote refs; the ref matched <src>
     locally is used as the name of the destination.

Without '--force', the <src> ref is stored at the remote only if
<dst> does not exist, or <dst> is a proper subset (i.e. an
ancestor) of <src>.  This check, known as "fast-forward check",
is performed in order to avoid accidentally overwriting the
remote ref and lose other peoples' commits from there.

With '--force', the fast-forward check is disabled for all refs.

Optionally, a <ref> parameter can be prefixed with a plus '+' sign
to disable the fast-forward check only on that ref.

GIT
---
Part of the linkgit:git[1] suite

Showing with 0 additions and 0 deletions (0 / 0 diffs computed)

Computing file changes ...