Allow remote overrides for http options

Author: Byron

git-repository/src/config/mod.rs

@@ -110,6 +110,8 @@ pub mod checkout_options {
 ///
 pub mod transport {
     use crate::bstr;
+    use crate::bstr::BStr;
+    use std::borrow::Cow;
 
     /// The error produced when configuring a transport for a particular protocol.
     #[derive(Debug, thiserror::Error)]
@@ -130,7 +132,7 @@ pub mod transport {
         },
         #[error("Could not decode value at key {key:?} as UTF-8 string")]
         IllformedUtf8 {
-            key: &'static str,
+            key: Cow<'static, BStr>,
             source: bstr::FromUtf8Error,
         },
         #[error("Invalid URL passed for configuration")]
@@ -141,12 +143,15 @@ pub mod transport {
 
     ///
     pub mod http {
+        use crate::bstr::BStr;
+        use std::borrow::Cow;
+
         /// The error produced when configuring a HTTP transport.
         #[derive(Debug, thiserror::Error)]
         #[allow(missing_docs)]
         pub enum Error {
-            #[error("The proxy authentication method name {value:?} is invalid")]
-            InvalidProxyAuthMethod { value: String },
+            #[error("The proxy authentication method name {value:?} found at key `{key}` is invalid")]
+            InvalidProxyAuthMethod { value: String, key: Cow<'static, BStr> },
             #[error("Could not configure the credential helpers for the authenticated proxy url")]
             ConfigureProxyAuthenticate(#[from] crate::config::snapshot::credential_helpers::Error),
         }

git-repository/src/remote/connection/ref_map.rs

@@ -161,14 +161,14 @@ where
         };
 
         if self.transport_options.is_none() {
-            self.transport_options =
-                self.remote
-                    .repo
-                    .transport_options(url.as_ref())
-                    .map_err(|err| Error::GatherTransportConfig {
-                        source: err,
-                        url: url.into_owned(),
-                    })?;
+            self.transport_options = self
+                .remote
+                .repo
+                .transport_options(url.as_ref(), self.remote.name().map(|n| n.as_bstr()))
+                .map_err(|err| Error::GatherTransportConfig {
+                    source: err,
+                    url: url.into_owned(),
+                })?;
         }
         if let Some(config) = self.transport_options.as_ref() {
             self.transport.configure(&**config)?;

git-repository/src/repository/config/transport.rs

@@ -5,19 +5,18 @@ use crate::bstr::BStr;
 impl crate::Repository {
     /// Produce configuration suitable for `url`, as differentiated by its protocol/scheme, to be passed to a transport instance via
     /// [configure()][git_transport::client::TransportWithoutIO::configure()] (via `&**config` to pass the contained `Any` and not the `Box`).
-    /// `None` is returned if there is no known configuration.
+    /// `None` is returned if there is no known configuration. If `remote_name` is not `None`, the remote's name may contribute to
+    /// configuration overrides, typically for the HTTP transport.
     ///
     /// Note that the caller may cast the instance themselves to modify it before passing it on.
     ///
-    ///
-    // let (mut cascade, _action_with_normalized_url, prompt_opts) =
-    // self.remote.repo.config_snapshot().credential_helpers(url)?;
-    // Ok(Box::new(move |action| cascade.invoke(action, prompt_opts.clone())) as AuthenticateFn<'_>)
-    /// For transports that support proxy authentication, the authentication
-    /// [default authentication method](crate::config::Snapshot::credential_helpers()) will be used with the url of the proxy.
+    /// For transports that support proxy authentication, the
+    /// [default authentication method](crate::config::Snapshot::credential_helpers()) will be used with the url of the proxy
+    /// if it contains a user name.
     pub fn transport_options<'a>(
         &self,
         url: impl Into<&'a BStr>,
+        remote_name: Option<&BStr>,
     ) -> Result<Option<Box<dyn Any>>, crate::config::transport::Error> {
         let url = git_url::parse(url.into())?;
         use git_url::Scheme::*;
@@ -49,12 +48,15 @@ impl crate::Repository {
                     fn try_cow_to_string(
                         v: Cow<'_, BStr>,
                         lenient: bool,
-                        key: &'static str,
+                        key: impl Into<Cow<'static, BStr>>,
                     ) -> Result<Option<String>, crate::config::transport::Error> {
                         Vec::from(v.into_owned())
                             .into_string()
                             .map(Some)
-                            .map_err(|err| crate::config::transport::Error::IllformedUtf8 { source: err, key })
+                            .map_err(|err| crate::config::transport::Error::IllformedUtf8 {
+                                source: err,
+                                key: key.into(),
+                            })
                             .with_leniency(lenient)
                     }
 
@@ -71,6 +73,7 @@ impl crate::Repository {
                     {
                         Ok(integer_opt(config, lenient, key, kind, filter)?.unwrap_or(default))
                     }
+
                     fn integer_opt<T>(
                         config: &git_config::File<'static>,
                         lenient: bool,
@@ -103,6 +106,55 @@ impl crate::Repository {
                             .transpose()
                             .with_leniency(lenient)
                     }
+
+                    fn proxy_auth_method(
+                        value_and_key: Option<(Cow<'_, BStr>, Cow<'static, BStr>)>,
+                        lenient: bool,
+                    ) -> Result<ProxyAuthMethod, crate::config::transport::Error> {
+                        let value = value_and_key
+                            .and_then(|(v, k)| {
+                                try_cow_to_string(v, lenient, k.clone())
+                                    .map(|v| v.map(|v| (v, k)))
+                                    .transpose()
+                            })
+                            .transpose()?
+                            .map(|(method, key)| {
+                                Ok(match method.as_str() {
+                                    "anyauth" => ProxyAuthMethod::AnyAuth,
+                                    "basic" => ProxyAuthMethod::Basic,
+                                    "digest" => ProxyAuthMethod::Digest,
+                                    "negotiate" => ProxyAuthMethod::Negotiate,
+                                    "ntlm" => ProxyAuthMethod::Ntlm,
+                                    _ => {
+                                        return Err(crate::config::transport::http::Error::InvalidProxyAuthMethod {
+                                            value: method,
+                                            key,
+                                        })
+                                    }
+                                })
+                            })
+                            .transpose()?
+                            .unwrap_or_default();
+                        Ok(value)
+                    }
+
+                    fn proxy(
+                        value: Option<(Cow<'_, BStr>, Cow<'static, BStr>)>,
+                        lenient: bool,
+                    ) -> Result<Option<String>, crate::config::transport::Error> {
+                        Ok(value
+                            .and_then(|(v, k)| try_cow_to_string(v, lenient, k.clone()).transpose())
+                            .transpose()?
+                            .map(|mut proxy| {
+                                if !proxy.trim().is_empty() && !proxy.contains("://") {
+                                    proxy.insert_str(0, "http://");
+                                    proxy
+                                } else {
+                                    proxy
+                                }
+                            }))
+                    }
+
                     let mut opts = http::Options::default();
                     let config = &self.config.resolved;
                     let mut trusted_only = self.filter_config_section();
@@ -113,7 +165,7 @@ impl crate::Repository {
                             .strings_filter("http", None, "extraHeader", &mut trusted_only)
                             .unwrap_or_default()
                             .into_iter()
-                            .map(|v| try_cow_to_string(v, lenient, "http.extraHeader"))
+                            .map(|v| try_cow_to_string(v, lenient, Cow::Borrowed("http.extraHeader".into())))
                         {
                             let header = header?;
                             if let Some(header) = header {
@@ -149,38 +201,34 @@ impl crate::Repository {
                         integer(config, lenient, "http.lowSpeedTime", "u64", trusted_only, 0)?;
                     opts.low_speed_limit_bytes_per_second =
                         integer(config, lenient, "http.lowSpeedLimit", "u32", trusted_only, 0)?;
-                    opts.proxy = config
-                        .string_filter("http", None, "proxy", &mut trusted_only)
-                        .and_then(|v| try_cow_to_string(v, lenient, "http.proxy").transpose())
-                        .transpose()?
-                        .map(|mut proxy| {
-                            if !proxy.trim().is_empty() && !proxy.contains("://") {
-                                proxy.insert_str(0, "http://");
-                                proxy
-                            } else {
-                                proxy
-                            }
-                        });
-                    opts.proxy_auth_method = config
-                        .string_filter("http", None, "proxyAuthMethod", &mut trusted_only)
-                        .and_then(|v| try_cow_to_string(v, lenient, "http.proxyAuthMethod").transpose())
-                        .transpose()?
-                        .map(|method| {
-                            Ok(match method.as_str() {
-                                "anyauth" => ProxyAuthMethod::AnyAuth,
-                                "basic" => ProxyAuthMethod::Basic,
-                                "digest" => ProxyAuthMethod::Digest,
-                                "negotiate" => ProxyAuthMethod::Negotiate,
-                                "ntlm" => ProxyAuthMethod::Ntlm,
-                                _ => {
-                                    return Err(crate::config::transport::http::Error::InvalidProxyAuthMethod {
-                                        value: method,
-                                    })
-                                }
+                    opts.proxy = proxy(
+                        remote_name
+                            .and_then(|name| {
+                                config
+                                    .string_filter("remote", Some(name), "proxy", &mut trusted_only)
+                                    .map(|v| (v, Cow::Owned(format!("remote.{name}.proxy").into())))
                             })
-                        })
-                        .transpose()?
-                        .unwrap_or_default();
+                            .or_else(|| {
+                                config
+                                    .string_filter("http", None, "proxy", &mut trusted_only)
+                                    .map(|v| (v, Cow::Borrowed("http.proxy".into())))
+                            }),
+                        lenient,
+                    )?;
+                    opts.proxy_auth_method = proxy_auth_method(
+                        remote_name
+                            .and_then(|name| {
+                                config
+                                    .string_filter("remote", Some(name), "proxyAuthMethod", &mut trusted_only)
+                                    .map(|v| (v, Cow::Owned(format!("remote.{name}.proxyAuthMethod").into())))
+                            })
+                            .or_else(|| {
+                                config
+                                    .string_filter("http", None, "proxyAuthMethod", &mut trusted_only)
+                                    .map(|v| (v, Cow::Borrowed("http.proxyAuthMethod".into())))
+                            }),
+                        lenient,
+                    )?;
                     opts.proxy_authenticate = opts
                         .proxy
                         .as_deref()
@@ -202,7 +250,7 @@ impl crate::Repository {
                             .map(std::time::Duration::from_millis);
                     opts.user_agent = config
                         .string_filter("http", None, "userAgent", &mut trusted_only)
-                        .and_then(|v| try_cow_to_string(v, lenient, "http.userAgent").transpose())
+                        .and_then(|v| try_cow_to_string(v, lenient, Cow::Borrowed("http.userAgent".into())).transpose())
                         .transpose()?
                         .or_else(|| Some(crate::env::agent().into()));
 

git-repository/tests/fixtures/generated-archives/make_config_repos.tar.xz

@@ -1,3 +1,3 @@
 version https://git-lfs.github.com/spec/v1
-oid sha256:495e3613b7ee9c5a02101dd307de24d9754e531e2840bedecfed00d55ea656af
-size 10252
+oid sha256:83f5270e487f0364e4a63f82cf4bfb5cb302bee744e9d3df521b7b3f850f3046
+size 10772

git-repository/tests/fixtures/make_config_repos.sh

@@ -16,6 +16,16 @@ git init http-config
   git config gitoxide.http.connectTimeout 60k
 )
 
+git clone --shared http-config http-remote-override
+(cd http-remote-override
+
+  git config http.proxy http://localhost:9090
+  git config http.proxyAuthMethod basic
+
+  git config remote.origin.proxy overridden
+  git config remote.origin.proxyAuthMethod negotiate
+)
+
 git init http-proxy-empty
 (cd http-proxy-empty
   git config http.proxy localhost:9090

git-repository/tests/repository/config/transport_options.rs

@@ -4,22 +4,36 @@
 ))]
 mod http {
     use git_repository as git;
+    use git_transport::client::http::options::{FollowRedirects, ProxyAuthMethod};
 
     pub(crate) fn repo(name: &str) -> git::Repository {
         let dir = git_testtools::scripted_fixture_repo_read_only("make_config_repos.sh").unwrap();
         git::open_opts(dir.join(name), git::open::Options::isolated()).unwrap()
     }
 
-    fn http_options(repo: &git::Repository) -> git_transport::client::http::Options {
+    fn http_options(repo: &git::Repository, remote_name: Option<&str>) -> git_transport::client::http::Options {
         let opts = repo
-            .transport_options("https://example.com/does/not/matter")
+            .transport_options("https://example.com/does/not/matter", remote_name.map(Into::into))
             .expect("valid configuration")
             .expect("configuration available for http");
         opts.downcast_ref::<git_transport::client::http::Options>()
             .expect("http options have been created")
             .to_owned()
     }
 
+    #[test]
+    fn remote_overrides() {
+        let repo = repo("http-remote-override");
+        let git_transport::client::http::Options {
+            proxy,
+            proxy_auth_method,
+            ..
+        } = http_options(&repo, Some("origin"));
+
+        assert_eq!(proxy_auth_method, ProxyAuthMethod::Negotiate);
+        assert_eq!(proxy.as_deref(), Some("http://overridden"));
+    }
+
     #[test]
     fn simple_configuration() {
         let repo = repo("http-config");
@@ -34,28 +48,21 @@ mod http {
             user_agent,
             connect_timeout,
             backend,
-        } = http_options(&repo);
+        } = http_options(&repo, None);
         assert_eq!(
             extra_headers,
             &["ExtraHeader: value2", "ExtraHeader: value3"],
             "it respects empty values to clear prior values"
         );
-        assert_eq!(
-            follow_redirects,
-            git_transport::client::http::options::FollowRedirects::Initial
-        );
+        assert_eq!(follow_redirects, FollowRedirects::Initial);
         assert_eq!(low_speed_limit_bytes_per_second, 5120);
         assert_eq!(low_speed_time_seconds, 10);
         assert_eq!(proxy.as_deref(), Some("http://localhost:9090"),);
         assert!(
             proxy_authenticate.is_none(),
             "no username means no authentication required"
         );
-        assert_eq!(
-            proxy_auth_method,
-            git_transport::client::http::options::ProxyAuthMethod::Basic,
-            "TODO: implement auth"
-        );
+        assert_eq!(proxy_auth_method, ProxyAuthMethod::Basic, "TODO: implement auth");
         assert_eq!(user_agent.as_deref(), Some("agentJustForHttp"));
         assert_eq!(connect_timeout, Some(std::time::Duration::from_millis(60 * 1024)));
         assert!(
@@ -68,7 +75,7 @@ mod http {
     fn http_proxy_with_username() {
         let repo = repo("http-proxy-authenticated");
 
-        let opts = http_options(&repo);
+        let opts = http_options(&repo, None);
         assert_eq!(
             opts.proxy.as_deref(),
             Some("http://user@localhost:9090"),
@@ -84,7 +91,7 @@ mod http {
     fn empty_proxy_string_turns_it_off() {
         let repo = repo("http-proxy-empty");
 
-        let opts = http_options(&repo);
+        let opts = http_options(&repo, None);
         assert_eq!(
             opts.proxy.as_deref(),
             Some(""),
@@ -96,7 +103,7 @@ mod http {
     fn proxy_without_protocol_is_defaulted_to_http() {
         let repo = repo("http-proxy-auto-prefix");
 
-        let opts = http_options(&repo);
+        let opts = http_options(&repo, None);
         assert_eq!(opts.proxy.as_deref(), Some("http://localhost:9090"));
     }
 }