From 6835b92505cf00a6185e5536366693b2351f6a09 Mon Sep 17 00:00:00 2001
From: Greg McCullough <gmccullo@redhat.com>
Date: Tue, 17 Apr 2018 08:49:19 -0400
Subject: [PATCH] Merge pull request #14889 from mkanoor/bad_credentials

Use credential callback to set credentials
(cherry picked from commit 2dd64f87eadf69294a4706a4082bc08d6c9bbb11)

Fixes https://bugzilla.redhat.com/show_bug.cgi?id=1568603
Fixes https://bugzilla.redhat.com/show_bug.cgi?id=1568605
---
 app/models/git_repository.rb       |  4 ++--
 lib/git_worktree.rb                | 16 +++++++++++++---
 lib/git_worktree_exception.rb      |  1 +
 spec/lib/git_worktree_spec.rb      | 12 ++++++++++++
 spec/models/git_repository_spec.rb |  3 +++
 5 files changed, 31 insertions(+), 5 deletions(-)

diff --git a/app/models/git_repository.rb b/app/models/git_repository.rb
index 15cc58d1a61..73ef82fac3a 100644
--- a/app/models/git_repository.rb
+++ b/app/models/git_repository.rb
@@ -104,8 +104,8 @@ def repo_params
     params = {:path => directory_name}
     params[:certificate_check] = method(:self_signed_cert_cb) if verify_ssl == OpenSSL::SSL::VERIFY_NONE
     if authentications.any?
-      params[:username] = authentications.first.userid
-      params[:password] = authentications.first.password
+      params[:username] = default_authentication.userid
+      params[:password] = default_authentication.password
     end
     params
   end
diff --git a/lib/git_worktree.rb b/lib/git_worktree.rb
index 71bdeacec6d..645f59c0afb 100644
--- a/lib/git_worktree.rb
+++ b/lib/git_worktree.rb
@@ -19,6 +19,7 @@ def initialize(options = {})
     @remote_name   = 'origin'
     @cred          = Rugged::Credentials::UserPassword.new(:username => @username,
                                                            :password => @password)
+    @credentials_set = false
     @base_name = File.basename(@path)
     @certificate_check_cb = options[:certificate_check]
     process_repo(options)
@@ -166,6 +167,12 @@ def mv_dir(old_dir, new_dir)
     current_index.remove_dir(old_dir)
   end
 
+  def credentials_cb(url, _username, _types)
+    raise GitWorktreeException::InvalidCredentials, "Invalid credentials for URL #{url}" if @credentials_set
+    @credentials_set = true
+    @cred
+  end
+
   private
 
   def current_branch
@@ -187,7 +194,8 @@ def fetch_and_merge
   end
 
   def fetch
-    options = {:credentials => @cred, :certificate_check => @certificate_check_cb}
+    @credentials_set = false
+    options = {:credentials => method(:credentials_cb), :certificate_check => @certificate_check_cb}
     @repo.fetch(@remote_name, options)
   end
 
@@ -201,7 +209,8 @@ def merge_and_push(commit)
       @saved_cid = @repo.ref(local_ref).target.oid
       merge(commit, rebase)
       rebase = true
-      @repo.push(@remote_name, [local_ref], :credentials => @cred)
+      @credentials_set = false
+      @repo.push(@remote_name, [local_ref], :credentials => method(:credentials_cb))
     end
   end
 
@@ -254,7 +263,8 @@ def open_repo
   end
 
   def clone(url)
-    options = {:credentials => @cred, :bare => true, :remote => @remote_name, :certificate_check => @certificate_check_cb}
+    @credentials_set = false
+    options = {:credentials => method(:credentials_cb), :bare => true, :remote => @remote_name, :certificate_check => @certificate_check_cb}
     @repo = Rugged::Repository.clone_at(url, @path, options)
   end
 
diff --git a/lib/git_worktree_exception.rb b/lib/git_worktree_exception.rb
index 249e37c639d..00a7b514779 100644
--- a/lib/git_worktree_exception.rb
+++ b/lib/git_worktree_exception.rb
@@ -12,4 +12,5 @@ class GitRepositoryMissing < RuntimeError; end
   class DirectoryAlreadyExists < RuntimeError; end
   class BranchMissing < RuntimeError; end
   class TagMissing < RuntimeError; end
+  class InvalidCredentials < RuntimeError; end
 end
diff --git a/spec/lib/git_worktree_spec.rb b/spec/lib/git_worktree_spec.rb
index a7dc216b6a7..c8dfd77204c 100644
--- a/spec/lib/git_worktree_spec.rb
+++ b/spec/lib/git_worktree_spec.rb
@@ -323,4 +323,16 @@ def open_existing_repo
       end
     end
   end
+
+  describe 'credentials_cb' do
+    let(:git_repo_path) { Rails.root.join("spec", "fixtures", "git_repos", "branch_and_tag.git") }
+    let(:test_repo) { GitWorktree.new(:path => git_repo_path.to_s) }
+
+    describe "#credentials_cb" do
+      it "call the credentials callback" do
+        expect(test_repo.credentials_cb("url", nil, nil).class).to eq(Rugged::Credentials::UserPassword)
+        expect { test_repo.credentials_cb("url", nil, nil) }.to raise_exception(GitWorktreeException::InvalidCredentials)
+      end
+    end
+  end
 end
diff --git a/spec/models/git_repository_spec.rb b/spec/models/git_repository_spec.rb
index c0d374c6066..c8c5f0c41a3 100644
--- a/spec/models/git_repository_spec.rb
+++ b/spec/models/git_repository_spec.rb
@@ -64,7 +64,10 @@
       it "userid and password is set" do
         repo.update_authentication(:default => {:userid => userid, :password => password})
         expect(GitWorktree).to receive(:new).with(args).and_return(gwt)
+
         repo.refresh
+        expect(repo.default_authentication.userid).to eq(userid)
+        expect(repo.default_authentication.password).to eq(password)
       end
 
       context "self signed certifcate" do