Merge pull request #91 from mjcheetham/nointeractive

Add GCM_INTERACTIVE/credential.interactive setting

Author: mjcheetham

docs/configuration.md

@@ -22,6 +22,37 @@ For the complete list of settings GCM Core understands, see the list below.
 
 ## Available settings
 
+### credential.interactive
+
+Permit or disable GCM Core from interacting with the user (showing GUI or TTY prompts). If interaction is required but has been disabled, an error is returned.
+
+This can be helpful when using GCM Core in headless and unattended environments, such as build servers, where it would be preferable to fail than to hang indefinately waiting for a non-existent user.
+
+To disable interactivity set this to `false` or `0`.
+
+#### Compatibility
+
+In previous versions of GCM this setting had a different behavior and accepted other values.
+The following table summarizes the change in behavior and the mapping of older values such as `never`:
+
+Value(s)|Old meaning|New meaning
+-|-|-
+`auto`|Prompt if required – use cached credentials if possible|_(unchanged)_
+`never`,<br/>`false`| Never prompt – fail if interaction is required|_(unchanged)_
+`always`,<br/>`force`,<br/>`true`|Always prompt – don't use cached credentials|Prompt if required (same as the old `auto` value)
+
+#### Example
+
+```shell
+git config --global credential.interactive false
+```
+
+Defaults to enabled.
+
+**Also see: [GCM_INTERACTIVE](environment.md#GCM_INTERACTIVE)**
+
+---
+
 ### credential.provider
 
 Define the host provider to use when authenticating.

docs/environment.md

@@ -121,6 +121,45 @@ _No configuration equivalent._
 
 ---
 
+### GCM_INTERACTIVE
+
+Permit or disable GCM Core from interacting with the user (showing GUI or TTY prompts). If interaction is required but has been disabled, an error is returned.
+
+This can be helpful when using GCM Core in headless and unattended environments, such as build servers, where it would be preferable to fail than to hang indefinately waiting for a non-existent user.
+
+To disable interactivity set this to `false` or `0`.
+
+#### Compatibility
+
+In previous versions of GCM this setting had a different behavior and accepted other values.
+The following table summarizes the change in behavior and the mapping of older values such as `never`:
+
+Value(s)|Old meaning|New meaning
+-|-|-
+`auto`|Prompt if required – use cached credentials if possible|_(unchanged)_
+`never`,<br/>`false`| Never prompt – fail if interaction is required|_(unchanged)_
+`always`,<br/>`force`,<br/>`true`|Always prompt – don't use cached credentials|Prompt if required (same as the old `auto` value)
+
+#### Example
+
+##### Windows
+
+```batch
+SET GCM_INTERACTIVE=0
+```
+
+##### macOS/Linux
+
+```bash
+export GCM_INTERACTIVE=0
+```
+
+Defaults to enabled.
+
+**Also see: [credential.interactive](configuration.md#credentialinteractive)**
+
+---
+
 ### GCM_PROVIDER
 
 Define the host provider to use when authenticating.

src/osx/Microsoft.Authentication.Helper.Mac/Source/main.m

@@ -28,7 +28,8 @@ int main(int argc, const char * argv[]) {
 
     @autoreleasepool {
         int exitCode;
-        NSError* error;
+        NSError *error;
+        NSString *output;
 
         AHLogger *logger = [[AHLogger alloc] init];
 
@@ -97,24 +98,32 @@ int main(int argc, const char * argv[]) {
         NSString* clientId    = [configs objectForKey:@"clientId"];
         NSString* resource    = [configs objectForKey:@"resource"];
         NSString* redirectUri = [configs objectForKey:@"redirectUri"];
+        NSString* interactive = [configs objectForKey:@"interactive"];
 
-        NSString *accessToken = [AHGenerateAccessToken generateAccessTokenWithAuthority:authority
-                                                                               clientId:clientId
-                                                                               resource:resource
-                                                                            redirectUri:redirectUri
-                                                                                  error:&error
-                                                                                 logger:logger];
-
-        NSString* output;
-
-        if (error == nil && accessToken != nil)
+        // We only perform interactive flows
+        if (isTruthy(interactive))
         {
-            output = [NSString stringWithFormat:@"accessToken=%@\n", accessToken];
-            exitCode = 0;
+            NSString *accessToken = [AHGenerateAccessToken generateAccessTokenWithAuthority:authority
+                                                                                   clientId:clientId
+                                                                                   resource:resource
+                                                                                redirectUri:redirectUri
+                                                                                      error:&error
+                                                                                     logger:logger];
+
+            if (error == nil && accessToken != nil)
+            {
+                output = [NSString stringWithFormat:@"accessToken=%@\n", accessToken];
+                exitCode = 0;
+            }
+            else
+            {
+                output = [NSString stringWithFormat:@"error=%@\n", [error description]];
+                exitCode = -1;
+            }
         }
         else
         {
-            output = [NSString stringWithFormat:@"error=%@\n", [error description]];
+            output = @"error=Interactivity is required but has been disabled.\n";
             exitCode = -1;
         }
 

src/shared/GitHub/GitHubAuthentication.cs

@@ -31,6 +31,8 @@ public async Task<ICredential> GetCredentialsAsync(Uri targetUri)
         {
             string userName, password;
 
+            ThrowIfUserInteractionDisabled();
+
             if (TryFindHelperExecutablePath(out string helperPath))
             {
                 IDictionary<string, string> resultDict = await InvokeHelperAsync(helperPath, "--prompt userpass", null);
@@ -47,7 +49,7 @@ public async Task<ICredential> GetCredentialsAsync(Uri targetUri)
             }
             else
             {
-                EnsureTerminalPromptsEnabled();
+                ThrowIfTerminalPromptsDisabled();
 
                 Context.Terminal.WriteLine("Enter GitHub credentials for '{0}'...", targetUri);
 
@@ -57,8 +59,11 @@ public async Task<ICredential> GetCredentialsAsync(Uri targetUri)
 
             return new GitCredential(userName, password);
         }
+
         public async Task<string> GetAuthenticationCodeAsync(Uri targetUri, bool isSms)
         {
+            ThrowIfUserInteractionDisabled();
+
             if (TryFindHelperExecutablePath(out string helperPath))
             {
                 IDictionary<string, string> resultDict = await InvokeHelperAsync(helperPath, "--prompt authcode", null);
@@ -72,7 +77,7 @@ public async Task<string> GetAuthenticationCodeAsync(Uri targetUri, bool isSms)
             }
             else
             {
-                EnsureTerminalPromptsEnabled();
+                ThrowIfTerminalPromptsDisabled();
 
                 Context.Terminal.WriteLine("Two-factor authentication is enabled and an authentication code is required.");
 

src/shared/Microsoft.Git.CredentialManager.Tests/Authentication/BasicAuthenticationTests.cs

@@ -55,6 +55,21 @@ public void BasicAuthentication_GetCredentials_Resource_UserPassPromptReturnsCre
             Assert.Equal(testPassword, credential.Password);
         }
 
+        [Fact]
+        public void BasicAuthentication_GetCredentials_NoInteraction_ThrowsException()
+        {
+            const string testResource = "https://example.com";
+
+            var context = new TestCommandContext
+            {
+                Settings = {IsInteractionAllowed = false},
+            };
+
+            var basicAuth = new BasicAuthentication(context);
+
+            Assert.Throws<InvalidOperationException>(() => basicAuth.GetCredentials(testResource));
+        }
+
         [Fact]
         public void BasicAuthentication_GetCredentials_NoTerminalPrompts_ThrowsException()
         {

src/shared/Microsoft.Git.CredentialManager.Tests/Authentication/MicrosoftAuthenticationTests.cs

@@ -0,0 +1,33 @@
+// Copyright (c) Microsoft Corporation. All rights reserved.
+// Licensed under the MIT license.
+using System;
+using Microsoft.Git.CredentialManager.Authentication;
+using Microsoft.Git.CredentialManager.Tests.Objects;
+using Xunit;
+
+namespace Microsoft.Git.CredentialManager.Tests.Authentication
+{
+    public class MicrosoftAuthenticationTests
+    {
+        [Fact]
+        public async System.Threading.Tasks.Task MicrosoftAuthentication_GetAccessTokenAsync_NoInteraction_ThrowsException()
+        {
+            const string authority = "https://login.microsoftonline.com/common";
+            const string clientId = "C9E8FDA6-1D46-484C-917C-3DBD518F27C3";
+            Uri redirectUri = new Uri("https://localhost");
+            const string resource = "https://graph.microsoft.com";
+            Uri remoteUri = new Uri("https://example.com");
+            const string userName = null; // No user to ensure we do not use an existing token
+
+            var context = new TestCommandContext
+            {
+                Settings = {IsInteractionAllowed = false},
+            };
+
+            var msAuth = new MicrosoftAuthentication(context);
+
+            await Assert.ThrowsAsync<InvalidOperationException>(
+                () => msAuth.GetAccessTokenAsync(authority, clientId, redirectUri, resource, remoteUri, userName));
+        }
+    }
+}

src/shared/Microsoft.Git.CredentialManager.Tests/SettingsTests.cs

@@ -87,6 +87,135 @@ public void Settings_IsTerminalPromptsEnabled_EnvarFalsey_ReturnsFalse()
             Assert.False(settings.IsTerminalPromptsEnabled);
         }
 
+        [Fact]
+        public void Settings_IsInteractionAllowed_EnvarUnset_ReturnsTrue()
+        {
+            var envars = new TestEnvironment();
+            var git = new TestGit();
+
+            var settings = new Settings(envars, git);
+
+            Assert.True(settings.IsInteractionAllowed);
+        }
+
+        [Fact]
+        public void Settings_IsInteractionAllowed_EnvarTruthy_ReturnsTrue()
+        {
+            var envars = new TestEnvironment
+            {
+                Variables = {[Constants.EnvironmentVariables.GcmInteractive] = "1"}
+            };
+            var git = new TestGit();
+
+            var settings = new Settings(envars, git);
+
+            Assert.True(settings.IsInteractionAllowed);
+        }
+
+        [Fact]
+        public void Settings_IsInteractionAllowed_EnvarFalsey_ReturnsFalse()
+        {
+            var envars = new TestEnvironment
+            {
+                Variables = {[Constants.EnvironmentVariables.GcmInteractive] = "0"},
+            };
+            var git = new TestGit();
+
+            var settings = new Settings(envars, git);
+
+            Assert.False(settings.IsInteractionAllowed);
+        }
+
+        [Fact]
+        public void Settings_IsInteractionAllowed_ConfigAuto_ReturnsTrue()
+        {
+            const string section = Constants.GitConfiguration.Credential.SectionName;
+            const string property = Constants.GitConfiguration.Credential.Interactive;
+
+            var envars = new TestEnvironment();
+            var git = new TestGit();
+            git.GlobalConfiguration[$"{section}.{property}"] = "auto";
+
+            var settings = new Settings(envars, git);
+
+            Assert.True(settings.IsInteractionAllowed);
+        }
+
+        [Fact]
+        public void Settings_IsInteractionAllowed_ConfigAlways_ReturnsTrue()
+        {
+            const string section = Constants.GitConfiguration.Credential.SectionName;
+            const string property = Constants.GitConfiguration.Credential.Interactive;
+
+            var envars = new TestEnvironment();
+            var git = new TestGit();
+            git.GlobalConfiguration[$"{section}.{property}"] = "always";
+
+            var settings = new Settings(envars, git);
+
+            Assert.True(settings.IsInteractionAllowed);
+        }
+
+        [Fact]
+        public void Settings_IsInteractionAllowed_ConfigNever_ReturnsFalse()
+        {
+            const string section = Constants.GitConfiguration.Credential.SectionName;
+            const string property = Constants.GitConfiguration.Credential.Interactive;
+
+            var envars = new TestEnvironment();
+            var git = new TestGit();
+            git.GlobalConfiguration[$"{section}.{property}"] = "never";
+
+            var settings = new Settings(envars, git);
+
+            Assert.False(settings.IsInteractionAllowed);
+        }
+
+        [Fact]
+        public void Settings_IsInteractionAllowed_ConfigTruthy_ReturnsTrue()
+        {
+            const string section = Constants.GitConfiguration.Credential.SectionName;
+            const string property = Constants.GitConfiguration.Credential.Interactive;
+
+            var envars = new TestEnvironment();
+            var git = new TestGit();
+            git.GlobalConfiguration[$"{section}.{property}"] = "1";
+
+            var settings = new Settings(envars, git);
+
+            Assert.True(settings.IsInteractionAllowed);
+        }
+
+        [Fact]
+        public void Settings_IsInteractionAllowed_ConfigFalsey_ReturnsFalse()
+        {
+            const string section = Constants.GitConfiguration.Credential.SectionName;
+            const string property = Constants.GitConfiguration.Credential.Interactive;
+
+            var envars = new TestEnvironment();
+            var git = new TestGit();
+            git.GlobalConfiguration[$"{section}.{property}"] = "0";
+
+            var settings = new Settings(envars, git);
+
+            Assert.False(settings.IsInteractionAllowed);
+        }
+
+        [Fact]
+        public void Settings_IsInteractionAllowed_ConfigNonBooleanyValue_ReturnsTrue()
+        {
+            const string section = Constants.GitConfiguration.Credential.SectionName;
+            const string property = Constants.GitConfiguration.Credential.Interactive;
+
+            var envars = new TestEnvironment();
+            var git = new TestGit();
+            git.GlobalConfiguration[$"{section}.{property}"] = Guid.NewGuid().ToString();
+
+            var settings = new Settings(envars, git);
+
+            Assert.True(settings.IsInteractionAllowed);
+        }
+
         [Fact]
         public void Settings_IsTracingEnabled_EnvarUnset_ReturnsFalse()
         {