Add CompositeAuthorizationProvider

Author: yim-lee

Sources/Basics/AuthorizationProvider.swift

@@ -53,7 +53,7 @@ extension Foundation.URL {
 // MARK: - netrc
 
 public struct NetrcAuthorizationProvider: AuthorizationProvider {
-    private let path: AbsolutePath
+    let path: AbsolutePath
     private let fileSystem: FileSystem
 
     private var underlying: TSCUtility.Netrc?
@@ -248,3 +248,34 @@ public struct KeychainAuthorizationProvider: AuthorizationProvider {
     }
 }
 #endif
+
+// MARK: - Composite
+
+public struct CompositeAuthorizationProvider: AuthorizationProvider {
+    private let providers: [AuthorizationProvider]
+    
+    public init(_ providers: AuthorizationProvider...) {
+        self.init(providers)
+    }
+    
+    public init(_ providers: [AuthorizationProvider]) {
+        self.providers = providers
+    }
+    
+    public func authentication(for url: Foundation.URL) -> (user: String, password: String)? {
+        for provider in self.providers {
+            if let authentication = provider.authentication(for: url) {
+                switch provider {
+                case let provider as NetrcAuthorizationProvider:
+                    ObservabilitySystem.topScope.emit(info: "Credentials for \(url) found in netrc file at \(provider.path)")
+                case is KeychainAuthorizationProvider:
+                    ObservabilitySystem.topScope.emit(info: "Credentials for \(url) found in keychain")
+                default:
+                    ObservabilitySystem.topScope.emit(info: "Credentials for \(url) found in \(provider)")
+                }
+                return authentication
+            }
+        }
+        return nil
+    }
+}

Sources/Workspace/WorkspaceConfiguration.swift

@@ -350,7 +350,13 @@ extension Workspace.Configuration {
         }
 
         private static func load(_ path: AbsolutePath, fileSystem: FileSystem) throws -> AuthorizationProvider {
-            return try NetrcAuthorizationProvider(path: path, fileSystem: fileSystem)
+            var providers = [AuthorizationProvider]()
+            // netrc file has higher specificity than keychain so use it first
+            providers.append(try NetrcAuthorizationProvider(path: path, fileSystem: fileSystem))
+#if canImport(Security)
+            providers.append(KeychainAuthorizationProvider())
+#endif
+            return CompositeAuthorizationProvider(providers)
         }
     }
 }

Tests/BasicsTests/AuthorizationProviderTests.swift

@@ -16,14 +16,6 @@ import TSCTestSupport
 
 final class AuthorizationProviderTests: XCTestCase {
     func testBasicAPIs() {
-        struct TestProvider: AuthorizationProvider {
-            let map: [URL: (user: String, password: String)]
-
-            func authentication(for url: URL) -> (user: String, password: String)? {
-                return self.map[url]
-            }
-        }
-
         let url = URL(string: "http://\(UUID().uuidString)")!
         let user = UUID().uuidString
         let password = UUID().uuidString
@@ -98,10 +90,47 @@ final class AuthorizationProviderTests: XCTestCase {
         #endif
     }
 
+    func testComposite() throws {
+        let url = URL(string: "http://\(UUID().uuidString)")!
+        let user = UUID().uuidString
+        let passwordOne = UUID().uuidString
+        let passwordTwo = UUID().uuidString
+        
+        let providerOne = TestProvider(map: [url: (user: user, password: passwordOne)])
+        let providerTwo = TestProvider(map: [url: (user: user, password: passwordTwo)])
+        
+        do {
+            // providerOne's password is returned first
+            let provider = CompositeAuthorizationProvider(providerOne, providerTwo)
+            self.assertAuthentication(provider, for: url, expected: (user, passwordOne))
+        }
+        
+        do {
+            // providerTwo's password is returned first
+            let provider = CompositeAuthorizationProvider(providerTwo, providerOne)
+            self.assertAuthentication(provider, for: url, expected: (user, passwordTwo))
+        }
+        
+        do {
+            // Neither has password
+            let unknownURL = URL(string: "http://\(UUID().uuidString)")!
+            let provider = CompositeAuthorizationProvider(providerOne, providerTwo)
+            XCTAssertNil(provider.authentication(for: unknownURL))
+        }
+    }
+    
     private func assertAuthentication(_ provider: AuthorizationProvider, for url: Foundation.URL, expected: (user: String, password: String)) {
         let authentication = provider.authentication(for: url)
         XCTAssertEqual(authentication?.user, expected.user)
         XCTAssertEqual(authentication?.password, expected.password)
         XCTAssertEqual(provider.httpAuthorizationHeader(for: url), "Basic " + "\(expected.user):\(expected.password)".data(using: .utf8)!.base64EncodedString())
     }
 }
+
+private struct TestProvider: AuthorizationProvider {
+    let map: [URL: (user: String, password: String)]
+
+    func authentication(for url: URL) -> (user: String, password: String)? {
+        return self.map[url]
+    }
+}