Also provide prompt configuration to allow Cascade::invoke() to be called with all arguments (#450)

Author: Byron

git-repository/src/config/cache/init.rs

@@ -24,6 +24,7 @@ impl Cache {
             git_prefix,
             home: home_env,
             xdg_config_home: xdg_config_home_env,
+            ssh_prefix: _,
         }: repository::permissions::Environment,
         repository::permissions::Config {
             system: use_system,

git-repository/src/config/snapshot/credential_helpers.rs

@@ -20,9 +20,9 @@ mod error {
 }
 
 impl Snapshot<'_> {
-    /// Returns the configuration for all git-credential helpers that apply to the given `url` along with an action
-    /// preconfigured to invoke the cascade with. This includes `url` which may be altered to contain a user-name
-    /// as configured.
+    /// Returns the configuration for all git-credential helpers from trusted configuration that apply
+    /// to the given `url` along with an action preconfigured to invoke the cascade with.
+    /// This includes `url` which may be altered to contain a user-name as configured.
     ///
     /// These can be invoked to obtain credentials. Note that the `url` is expected to be the one used
     /// to connect to a remote, and thus should already have passed the url-rewrite engine.
@@ -39,7 +39,14 @@ impl Snapshot<'_> {
     pub fn credential_helpers(
         &self,
         mut url: git_url::Url,
-    ) -> Result<(git_credentials::helper::Cascade, git_credentials::helper::Action), Error> {
+    ) -> Result<
+        (
+            git_credentials::helper::Cascade,
+            git_credentials::helper::Action,
+            git_prompt::Options<'static>,
+        ),
+        Error,
+    > {
         let mut programs = Vec::new();
         let mut use_http_path = false;
         let url_had_user_initially = url.user().is_some();
@@ -110,13 +117,18 @@ impl Snapshot<'_> {
             }
         }
 
+        let allow_git_env = *self.repo.options.permissions.env.git_prefix == git_sec::Permission::Allow;
+        let allow_ssh_env = *self.repo.options.permissions.env.ssh_prefix == git_sec::Permission::Allow;
+        let prompt_options =
+            git_prompt::Options::default().apply_environment(allow_git_env, allow_ssh_env, allow_git_env);
         Ok((
             git_credentials::helper::Cascade {
                 programs,
                 use_http_path,
                 ..Default::default()
             },
             git_credentials::helper::Action::get_for_url(url.to_bstring()),
+            prompt_options,
         ))
     }
 }

git-repository/src/repository/permissions.rs

@@ -66,6 +66,8 @@ pub struct Environment {
     pub home: permission::env_var::Resource,
     /// Control if resources pointed to by `GIT_*` prefixed environment variables can be used.
     pub git_prefix: permission::env_var::Resource,
+    /// Control if resources pointed to by `SSH_*` prefixed environment variables can be used (like `SSH_ASKPASS`)
+    pub ssh_prefix: permission::env_var::Resource,
 }
 
 impl Environment {
@@ -75,6 +77,7 @@ impl Environment {
             xdg_config_home: Access::resource(git_sec::Permission::Allow),
             home: Access::resource(git_sec::Permission::Allow),
             git_prefix: Access::resource(git_sec::Permission::Allow),
+            ssh_prefix: Access::resource(git_sec::Permission::Allow),
         }
     }
 }
@@ -116,6 +119,7 @@ impl Permissions {
                 Environment {
                     xdg_config_home: deny.clone(),
                     home: deny.clone(),
+                    ssh_prefix: deny.clone(),
                     git_prefix: deny,
                 }
             },

git-repository/tests/repository/config/config_snapshot/credential_helpers.rs

@@ -1,3 +1,5 @@
+use git_testtools::Env;
+
 mod baseline {
     use crate::remote;
     use git_object::bstr::BString;
@@ -64,11 +66,20 @@ mod baseline {
 
     fn agrees_with_inner(url: &str, ignore_expected_prompt_port: bool, lowercase_prompt_host: bool) {
         let repo = remote::repo("credential-helpers");
-        let (cascade, mut action) = repo
+        let (cascade, mut action, prompt_options) = repo
             .config_snapshot()
             .credential_helpers(git::url::parse(url.into()).expect("valid input URL"))
             .unwrap();
 
+        assert_ne!(
+            prompt_options.mode,
+            git_prompt::Mode::Disable,
+            "isolated repos may show prompts"
+        );
+        assert!(
+            prompt_options.askpass.is_none(),
+            "isolation does not allow environment variables to be read"
+        );
         let actual_helpers: Vec<BString> = cascade
             .programs
             .iter()
@@ -162,15 +173,19 @@ fn subdomain_globs_match_on_their_level() {
 }
 
 #[test]
+#[serial_test::serial]
 fn http_urls_match_the_host_without_path_as_well() {
+    let _env = Env::new().set("GIT_ASKPASS", "foo");
     baseline::agrees_with("http://example.com:8080/other/path");
     baseline::agrees_with_but_drops_default_port_in_prompt("http://example.com:80/");
     baseline::agrees_with_but_drops_default_port_in_prompt("http://example.com:80");
     baseline::agrees_with("http://example.com");
 }
 
 #[test]
+#[serial_test::serial]
 fn user_rules_only_match_urls_with_user() {
+    let _env = Env::new().set("SSH_ASKPASS", "foo");
     baseline::agrees_with("https://[email protected]/with-user");
     baseline::agrees_with("https://example.com/with-user");
     baseline::agrees_with("ssh://user@host/with-user");