getCreds fills the authorization header for the given request if possible, from the following sources: 1. NTLM access is handled elsewhere. 2. Existing Authorization or ?token query tells LFS that the request is ready. 3. Netrc based on the hostname. 4. URL authentication on the Endpoint URL or the
(remote string, access creds.Access, req *http.Request)
| 149 | // This URL is used for the Git Credential Helper. This way existing https |
| 150 | // Git remote credentials can be re-used for LFS. |
| 151 | func (c *Client) getCreds(remote string, access creds.Access, req *http.Request) (creds.CredentialHelperWrapper, error) { |
| 152 | ef := c.Endpoints |
| 153 | if ef == nil { |
| 154 | ef = defaultEndpointFinder |
| 155 | } |
| 156 | |
| 157 | operation := getReqOperation(req) |
| 158 | apiEndpoint := ef.Endpoint(operation, remote) |
| 159 | |
| 160 | if access.Mode() != creds.NegotiateAccess { |
| 161 | if requestHasAuth(req) || access.Mode() == creds.NoneAccess { |
| 162 | return creds.CredentialHelperWrapper{CredentialHelper: creds.NullCreds, Input: nil, Url: nil, Creds: nil}, nil |
| 163 | } |
| 164 | |
| 165 | credsURL, err := getCredURLForAPI(ef, operation, remote, apiEndpoint, req) |
| 166 | if err != nil { |
| 167 | return creds.CredentialHelperWrapper{CredentialHelper: creds.NullCreds, Input: nil, Url: nil, Creds: nil}, errors.Wrap(err, tr.Tr.Get("credentials")) |
| 168 | } |
| 169 | |
| 170 | if credsURL == nil { |
| 171 | return creds.CredentialHelperWrapper{CredentialHelper: creds.NullCreds, Input: nil, Url: nil, Creds: nil}, nil |
| 172 | } |
| 173 | |
| 174 | credWrapper := c.getGitCredsWrapper(ef, req, credsURL) |
| 175 | err = credWrapper.FillCreds() |
| 176 | if err == nil { |
| 177 | tracerx.Printf("Filled credentials for %s", credsURL) |
| 178 | setRequestAuthWithCreds(req, credWrapper.Creds) |
| 179 | } |
| 180 | return credWrapper, err |
| 181 | } |
| 182 | |
| 183 | // Negotiate only |
| 184 | |
| 185 | credsURL, err := url.Parse(apiEndpoint.Url) |
| 186 | if err != nil { |
| 187 | return creds.CredentialHelperWrapper{CredentialHelper: creds.NullCreds, Input: nil, Url: nil, Creds: nil}, errors.Wrap(err, tr.Tr.Get("credentials")) |
| 188 | } |
| 189 | |
| 190 | // NTLM uses creds to create the session |
| 191 | credWrapper := c.getGitCredsWrapper(ef, req, credsURL) |
| 192 | return credWrapper, err |
| 193 | } |
| 194 | |
| 195 | func (c *Client) getGitCredsWrapper(ef EndpointFinder, req *http.Request, u *url.URL) creds.CredentialHelperWrapper { |
| 196 | return c.credContext.GetCredentialHelper(c.Credentials, u) |