Merge branch 'master' into net5.0

Author: NN---

docs/configuration.md

@@ -201,6 +201,7 @@ Value|Credential Store
 _(unset)_|(error)
 `secretservice`|[freedesktop.org Secret Service API](https://specifications.freedesktop.org/secret-service/) via [libsecret](https://wiki.gnome.org/Projects/Libsecret) (requires a graphical interface to unlock secret collections).
 `gpg`|Use GPG to store encrypted files that are compatible with the [`pass` utility](https://www.passwordstore.org/) (requires GPG and `pass` to initialize the store).
+`cache`|Git's built-in [credential cache](https://git-scm.com/docs/git-credential-cache).
 `plaintext`|Store credentials in plaintext files (**UNSECURE**). Customize the plaintext store location with [`credential.plaintextStorePath`](#credentialplaintextstorepath).
 
 ##### Example
@@ -213,6 +214,28 @@ git config --global credential.credentialStore gpg
 
 ---
 
+### credential.cacheOptions
+
+Pass [options](https://git-scm.com/docs/git-credential-cache#_options)
+to the Git credential cache when
+[`credential.credentialStore`](#credentialcredentialstore)
+is set to `cache`. This allows you to select a different amount
+of time to cache credentials (the default is 900 seconds) by passing
+`"--timeout <seconds>"`. Use of other options like `--socket` is untested
+and unsupported, but there's no reason it shouldn't work.
+
+Defaults to empty.
+
+#### Example
+
+```shell
+git config --global credential.cacheOptions "--timeout 300"
+```
+
+**Also see: [GCM_CREDENTIAL_CACHE_OPTIONS](environment.md#GCM_CREDENTIAL_CACHE_OPTIONS)**
+
+---
+
 ### credential.plaintextStorePath
 
 Specify a custom directory to store plaintext credential files in when [`credential.credentialStore`](#credentialcredentialstore) is set to `plaintext`.

docs/environment.md

@@ -348,6 +348,7 @@ Value|Credential Store
 _(unset)_|(error)
 `secretservice`|[freedesktop.org Secret Service API](https://specifications.freedesktop.org/secret-service/) via [libsecret](https://wiki.gnome.org/Projects/Libsecret) (requires a graphical interface to unlock secret collections).
 `gpg`|Use GPG to store encrypted files that are compatible with the [`pass` utility](https://www.passwordstore.org/) (requires GPG and `pass` to initialize the store).
+`cache`|Git's built-in [credential cache](https://git-scm.com/docs/git-credential-cache).
 `plaintext`|Store credentials in plaintext files (**UNSECURE**). Customize the plaintext store location with [`GCM_PLAINTEXT_STORE_PATH`](#GCM_PLAINTEXT_STORE_PATH).
 
 ##### Linux
@@ -360,6 +361,27 @@ export GCM_CREDENTIAL_STORE="gpg"
 
 ---
 
+### GCM_CREDENTIAL_CACHE_OPTIONS
+
+Pass [options](https://git-scm.com/docs/git-credential-cache#_options)
+to the Git credential cache when [`GCM_CREDENTIAL_STORE`](#GCM_CREDENTIAL_STORE)
+is set to `cache`. This allows you to select a different amount
+of time to cache credentials (the default is 900 seconds) by passing
+`"--timeout <seconds>"`. Use of other options like `--socket` is untested
+and unsupported, but there's no reason it shouldn't work.
+
+Defaults to empty.
+
+#### Linux
+
+```shell
+export GCM_CREDENTIAL_CACHE_OPTIONS="--timeout 300"
+```
+
+**Also see: [credential.cacheOptions](configuration.md#credentialcacheoptions)**
+
+---
+
 ### GCM_PLAINTEXT_STORE_PATH
 
 Specify a custom directory to store plaintext credential files in when [`GCM_CREDENTIAL_STORE`](#GCM_CREDENTIAL_STORE) is set to `plaintext`.

docs/linuxcredstores.md

@@ -1,11 +1,12 @@
 # Credential stores on Linux
 
-There are currently three options for storing credentials that Git Credential
+There are four options for storing credentials that Git Credential
 Manager Core (GCM Core) manages on Linux platforms:
 
 1. [freedesktop.org Secret Service API](https://specifications.freedesktop.org/secret-service/)
 2. GPG/[`pass`](https://www.passwordstore.org/) compatible files
-3. Plaintext files
+3. Git's built-in [credential cache](https://git-scm.com/docs/git-credential-cache)
+4. Plaintext files
 
 By default, GCM Core comes unconfigured. You can select which credential store
 to use by setting the [`GCM_CREDENTIAL_STORE`](environment.md#GCM_CREDENTIAL_STORE)
@@ -87,7 +88,37 @@ export GPG_TTY=$(tty)
 **Note:** Using `/dev/tty` does not appear to work here - you must use the real
 TTY device path, as returned by the `tty` utility.
 
-## 3. Plaintext files
+## 3. Git's built-in [credential cache](https://git-scm.com/docs/git-credential-cache)
+
+```shell
+export GCM_CREDENTIAL_STORE=cache
+# or
+git config --global credential.credentialStore cache
+```
+
+This credential store uses Git's built-in ephemeral
+[in-memory credential cache](https://git-scm.com/docs/git-credential-cache).
+This helps you reduce the number of times you have to authenticate but
+doesn't require storing credentials on persistent storage. It's good for
+scenarios like [Azure Cloud Shell](https://docs.microsoft.com/azure/cloud-shell/overview) or [AWS CloudShell](https://aws.amazon.com/cloudshell/), where you
+don't want to leave credentials on disk but also don't want to re-authenticate
+on every Git operation.
+
+By default, `git credential-cache` stores your credentials for 900 seconds.
+That, and any other
+[options it accepts](https://git-scm.com/docs/git-credential-cache#_options),
+may be altered by setting them in the environment variable
+`GCM_CREDENTIAL_CACHE_OPTIONS` or the Git config value
+`credential.cacheOptions`. (Using the `--socket` option is untested
+and unsupported, but there's no reason it shouldn't work.)
+
+```shell
+export GCM_CREDENTIAL_CACHE_OPTIONS="--timeout 300"
+# or
+git config --global credential.cacheOptions "--timeout 300"
+```
+
+## 4. Plaintext files
 
 ```shell
 export GCM_CREDENTIAL_STORE=plaintext

src/shared/Microsoft.Git.CredentialManager/CommandContext.cs

@@ -131,7 +131,7 @@ public CommandContext()
                                             Environment.LocateExecutable("gpg"),
                                             SessionManager
                                         );
-                CredentialStore   = new LinuxCredentialStore(FileSystem, Settings, SessionManager, gpg, Environment);
+                CredentialStore   = new LinuxCredentialStore(FileSystem, Settings, SessionManager, gpg, Environment, Git);
             }
             else
             {

src/shared/Microsoft.Git.CredentialManager/Constants.cs

@@ -53,6 +53,7 @@ public static class EnvironmentVariables
             public const string MsAuthFlow            = "GCM_MSAUTH_FLOW";
             public const string GcmCredNamespace      = "GCM_NAMESPACE";
             public const string GcmCredentialStore    = "GCM_CREDENTIAL_STORE";
+            public const string GcmCredCacheOptions   = "GCM_CREDENTIAL_CACHE_OPTIONS";
             public const string GcmPlaintextStorePath = "GCM_PLAINTEXT_STORE_PATH";
             public const string GitExecutablePath     = "GIT_EXEC_PATH";
         }
@@ -83,6 +84,7 @@ public static class Credential
                 public const string MsAuthFlow  = "msauthFlow";
                 public const string CredNamespace = "namespace";
                 public const string CredentialStore = "credentialStore";
+                public const string CredCacheOptions = "cacheOptions";
                 public const string PlaintextStorePath = "plaintextStorePath";
             }
 

src/shared/Microsoft.Git.CredentialManager/CredentialCacheStore.cs

@@ -0,0 +1,88 @@
+// Copyright (c) Microsoft Corporation. All rights reserved.
+// Licensed under the MIT license.
+using System.Collections.Generic;
+
+namespace Microsoft.Git.CredentialManager
+{
+    public class CredentialCacheStore : ICredentialStore
+    {
+        readonly IGit _git;
+        readonly string _options;
+
+        public CredentialCacheStore(IGit git, string options)
+        {
+            _git = git;
+            if (string.IsNullOrEmpty(options))
+            {
+                _options = string.Empty;
+            }
+            else
+            {
+                _options = options;
+            }
+        }
+
+        #region ICredentialStore
+
+        public ICredential Get(string service, string account)
+        {
+            var input = MakeGitCredentialsEntry(service, account);
+
+            var result = _git.InvokeHelperAsync(
+                $"credential-cache get {_options}",
+                input
+            ).GetAwaiter().GetResult();
+
+            if (result.ContainsKey("username") && result.ContainsKey("password"))
+            {
+                return new GitCredential(result["username"], result["password"]);
+            }
+
+            return null;
+        }
+
+        public void AddOrUpdate(string service, string account, string secret)
+        {
+            var input = MakeGitCredentialsEntry(service, account);
+            input["password"] = secret;
+
+            // per https://git-scm.com/docs/gitcredentials :
+            // For a store or erase operation, the helper’s output is ignored.
+            _git.InvokeHelperAsync(
+                $"credential-cache store {_options}",
+                input
+            ).GetAwaiter().GetResult();
+        }
+
+        public bool Remove(string service, string account)
+        {
+            var input = MakeGitCredentialsEntry(service, account);
+
+            // per https://git-scm.com/docs/gitcredentials :
+            // For a store or erase operation, the helper’s output is ignored.
+            _git.InvokeHelperAsync(
+                $"credential-cache erase {_options}",
+                input
+            ).GetAwaiter().GetResult();
+
+            // the credential cache doesn't tell us whether anything was erased
+            // but we're optimistic sorts
+            return true;
+        }
+
+        #endregion
+
+        private Dictionary<string, string> MakeGitCredentialsEntry(string service, string account)
+        {
+            var result = new Dictionary<string, string>();
+
+            result["url"] = service;
+            if (!string.IsNullOrEmpty(account))
+            {
+                result["username"] = account;
+            }
+
+            return result;
+        }
+    }
+}

src/shared/Microsoft.Git.CredentialManager/Git.cs

@@ -1,6 +1,9 @@
 // Copyright (c) Microsoft Corporation. All rights reserved.
 // Licensed under the MIT license.
+using System;
+using System.Collections.Generic;
 using System.Diagnostics;
+using System.Threading.Tasks;
 
 namespace Microsoft.Git.CredentialManager
 {
@@ -12,6 +15,14 @@ public interface IGit
         /// <param name="level">Configuration level filter.</param>
         /// <returns>Git configuration.</returns>
         IGitConfiguration GetConfiguration(GitConfigurationLevel level);
+
+        /// <summary>
+        /// Run a Git helper process which expects and returns key-value maps
+        /// </summary>
+        /// <param name="args">Arguments to the executable</param>
+        /// <param name="standardInput">key-value map to pipe into stdin</param>
+        /// <returns>stdout from helper executable as key-value map</returns>
+        Task<IDictionary<string, string>> InvokeHelperAsync(string args, IDictionary<string, string> standardInput);
     }
 
     public class GitProcess : IGit
@@ -47,6 +58,55 @@ public Process CreateProcess(string args)
 
             return new Process {StartInfo = psi};
         }
+
+        // This code was originally copied from 
+        // src/shared/Microsoft.Git.CredentialManager/Authentication/AuthenticationBase.cs
+        // That code is for GUI helpers in this codebase, while the below is for
+        // communicating over Git's stdin/stdout helper protocol. The GUI helper
+        // protocol will one day use a different IPC mechanism, whereas this code
+        // has to follow what upstream Git does.
+        public async Task<IDictionary<string, string>> InvokeHelperAsync(string args, IDictionary<string, string> standardInput = null)
+        {
+            var procStartInfo = new ProcessStartInfo(_gitPath)
+            {
+                Arguments = args,
+                RedirectStandardInput = true,
+                RedirectStandardOutput = true,
+                RedirectStandardError = false, // Do not redirect stderr as tracing might be enabled
+                UseShellExecute = false
+            };
+
+            var process = Process.Start(procStartInfo);
+            if (process is null)
+            {
+                throw new Exception($"Failed to start Git helper '{args}'");
+            }
+
+            if (!(standardInput is null))
+            {
+                await process.StandardInput.WriteDictionaryAsync(standardInput);
+                // some helpers won't continue until they see EOF
+                // cf git-credential-cache
+                process.StandardInput.Close();
+            }
+
+            IDictionary<string, string> resultDict = await process.StandardOutput.ReadDictionaryAsync(StringComparer.OrdinalIgnoreCase);
+
+            await Task.Run(() => process.WaitForExit());
+            int exitCode = process.ExitCode;
+
+            if (exitCode != 0)
+            {
+                if (!resultDict.TryGetValue("error", out string errorMessage))
+                {
+                    errorMessage = "Unknown";
+                }
+
+                throw new Exception($"helper error ({exitCode}): {errorMessage}");
+            }
+
+            return resultDict;
+        }
     }
 
     public static class GitExtensions