[PATCH] http: attempt updating base URL only if no error

[PATCH] http: attempt updating base URL only if no error

[Jonathan Tan]

http.c supports HTTP redirects of the form

  http://foo/info/refs?service=git-upload-pack
  -> http://anything
  -> http://bar/info/refs?service=git-upload-pack

(that is to say, as long as the Git part of the path and the query
string is preserved in the final redirect destination, the intermediate
steps can have any URL). However, if one of the intermediate steps
results in an HTTP exception, a confusing "unable to update url base
from redirection" message is printed instead of a Curl error message
with the HTTP exception code.

This was introduced by 2 commits. Commit c93c92f ("http: update base
URLs when we see redirects", 2013-09-28) introduced a best-effort
optimization that required checking if only the "base" part of the URL
differed between the initial request and the final redirect destination,
but it performed the check before any HTTP status checking was done. If
something went wrong, the normal code path was still followed, so this
did not cause any confusing error messages until commit 6628eb4 ("http:
always update the base URL for redirects", 2016-12-06), which taught
http to die if the non-"base" part of the URL differed.

Therefore, teach http to check the HTTP status before attempting to
check if only the "base" part of the URL differed. This commit teaches
http_request_reauth to return early without updating options->base_url
upon an error; the only invoker of this function that passes a non-NULL
"options" is remote-curl.c (through "http_get_strbuf"), which only uses
options->base_url for an informational message in the situations that
this commit cares about (that is, when the return value is not HTTP_OK).

The included test checks that the redirect scheme at the beginning of
this commit message works, and that returning a 502 in the middle of the
redirect scheme produces the correct result. Note that this is different
from the test in commit 6628eb4 ("http: always update the base URL for
redirects", 2016-12-06) in that this commit tests that a Git-shaped URL
(http://.../info/refs?service=git-upload-pack) works, whereas commit
6628eb4 tests that a non-Git-shaped URL
(http://.../info/refs/foo?service=git-upload-pack) does not work (even
though Git is processing that URL) and is an error that is fatal, not
silently swallowed.

Signed-off-by: Jonathan Tan <jonathantanmy@google.com>
---
 http.c                     | 3 +++
 t/lib-httpd/apache.conf    | 9 +++++++++
 t/t5550-http-fetch-dumb.sh | 9 +++++++++
 3 files changed, 21 insertions(+)

diff --git a/http.c b/http.c
index 90a1c0f11..1df186894 100644
--- a/http.c
+++ b/http.c
@@ -1727,6 +1727,9 @@ static int http_request_reauth(const char *url,
 {
 	int ret = http_request(url, result, target, options);
 
+	if (ret != HTTP_OK && ret != HTTP_REAUTH)
+		return ret;
+
 	if (options && options->effective_url && options->base_url) {
 		if (update_url_from_redirect(options->base_url,
 					     url, options->effective_url)) {
diff --git a/t/lib-httpd/apache.conf b/t/lib-httpd/apache.conf
index 69174c6e3..0642ae7e6 100644
--- a/t/lib-httpd/apache.conf
+++ b/t/lib-httpd/apache.conf
@@ -133,6 +133,15 @@ RewriteRule ^/ftp-redir/(.*)$ ftp://localhost:1000/$1 [R=302]
 RewriteRule ^/loop-redir/x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-(.*) /$1 [R=302]
 RewriteRule ^/loop-redir/(.*)$ /loop-redir/x-$1 [R=302]
 
+# redir-to/502/x?y -> really-redir-to?path=502/x&qs=y which returns 502
+# redir-to/x?y -> really-redir-to?path=x&qs=y -> x?y
+RewriteCond %{QUERY_STRING} ^(.*)$
+RewriteRule ^/redir-to/(.*)$ /really-redir-to?path=$1&qs=%1 [R=302]
+RewriteCond %{QUERY_STRING} ^path=502/(.*)&qs=(.*)$
+RewriteRule ^/really-redir-to$ - [R=502,L]
+RewriteCond %{QUERY_STRING} ^path=(.*)&qs=(.*)$
+RewriteRule ^/really-redir-to$ /%1?%2 [R=302]
+
 # The first rule issues a client-side redirect to something
 # that _doesn't_ look like a git repo. The second rule is a
 # server-side rewrite, so that it turns out the odd-looking
diff --git a/t/t5550-http-fetch-dumb.sh b/t/t5550-http-fetch-dumb.sh
index aeb3a63f7..2d3b1e9f9 100755
--- a/t/t5550-http-fetch-dumb.sh
+++ b/t/t5550-http-fetch-dumb.sh
@@ -378,5 +378,14 @@ test_expect_success 'http-alternates triggers not-from-user protocol check' '
 		clone $HTTPD_URL/dumb/evil.git evil-user
 '
 
+test_expect_success 'can redirect through non-"info/refs?service=git-upload-pack" URL' '
+	git clone "$HTTPD_URL/redir-to/dumb/repo.git"
+'
+
+test_expect_success 'print HTTP error when any intermediate redirect throws error' '
+	test_must_fail git clone "$HTTPD_URL/redir-to/502" 2> stderr &&
+	test_i18ngrep "unable to access.*/redir-to/502" stderr
+'
+
 stop_httpd
 test_done
-- 
2.11.0.483.g087da7b7c-goog

Re: [PATCH] http: attempt updating base URL only if no error

[Jeff King]

On Mon, Feb 27, 2017 at 06:53:11PM -0800, Jonathan Tan wrote:

> http.c supports HTTP redirects of the form
> 
>   http://foo/info/refs?service=git-upload-pack
>   -> http://anything
>   -> http://bar/info/refs?service=git-upload-pack
> 
> (that is to say, as long as the Git part of the path and the query
> string is preserved in the final redirect destination, the intermediate
> steps can have any URL). However, if one of the intermediate steps
> results in an HTTP exception, a confusing "unable to update url base
> from redirection" message is printed instead of a Curl error message
> with the HTTP exception code.

Right, your patch makes sense. A real HTTP error should take precedence
over the url-update trickery.

Acked-by: Jeff King <peff@peff.net>

> Therefore, teach http to check the HTTP status before attempting to
> check if only the "base" part of the URL differed. This commit teaches
> http_request_reauth to return early without updating options->base_url
> upon an error; the only invoker of this function that passes a non-NULL
> "options" is remote-curl.c (through "http_get_strbuf"), which only uses
> options->base_url for an informational message in the situations that
> this commit cares about (that is, when the return value is not HTTP_OK).

Running your included test, we get:

  fatal: unable to access 'http://127.0.0.1:5550/redir-to/502/': The
  requested URL returned error: 502

but the error really happened in the intermediate step. I wonder if we
should show the effective_url in that case, as it's more likely to
pinpoint the problem. OTOH, we do not mention the intermediate redirect
at all, so they might be confused about where that URL came from. If you
really want to debug HTTP confusion, you should use GIT_TRACE_CURL.

At any rate, that's orthogonal to your patch, which is obviously the
right thing to do.

-Peff

Re: [PATCH] http: attempt updating base URL only if no error

[Jonathan Tan]

On 02/28/2017 05:28 AM, Jeff King wrote:
> Right, your patch makes sense. A real HTTP error should take precedence
> over the url-update trickery.
>
> Acked-by: Jeff King <peff@peff.net>

Thanks!

> Running your included test, we get:
>
>   fatal: unable to access 'http://127.0.0.1:5550/redir-to/502/': The
>   requested URL returned error: 502
>
> but the error really happened in the intermediate step. I wonder if we
> should show the effective_url in that case, as it's more likely to
> pinpoint the problem. OTOH, we do not mention the intermediate redirect
> at all, so they might be confused about where that URL came from. If you
> really want to debug HTTP confusion, you should use GIT_TRACE_CURL.

Yeah, if we mention the effective_url, I think that there would need to 
be a lot more explaining to be done (e.g. why does my URL have 
"info/refs?service=git-upload-pack" tacked on at the end). It might be 
better to just recommend GIT_TRACE_CURL.

Re: [PATCH] http: attempt updating base URL only if no error

[Jeff King]

On Tue, Feb 28, 2017 at 10:48:52AM -0800, Jonathan Tan wrote:

> > Running your included test, we get:
> > 
> >   fatal: unable to access 'http://127.0.0.1:5550/redir-to/502/': The
> >   requested URL returned error: 502
> > 
> > but the error really happened in the intermediate step. I wonder if we
> > should show the effective_url in that case, as it's more likely to
> > pinpoint the problem. OTOH, we do not mention the intermediate redirect
> > at all, so they might be confused about where that URL came from. If you
> > really want to debug HTTP confusion, you should use GIT_TRACE_CURL.
> 
> Yeah, if we mention the effective_url, I think that there would need to be a
> lot more explaining to be done (e.g. why does my URL have
> "info/refs?service=git-upload-pack" tacked on at the end). It might be
> better to just recommend GIT_TRACE_CURL.

Indeed. Your comment made me realize that my suggestion was the exact
opposite of the earlier d5ccbe4df (remote-curl: consistently report repo
url for http errors, 2013-04-05). :)

Given that we don't see a lot of questions on the list about this,
either it doesn't come up much, or they are capable of finding
GIT_TRACE_CURL or GIT_CURL_VERBOSE on their own. So I think we can leave
the message as-is.

-Peff