Merge pull request #9 from mjcheetham/generic-provider

Add a generic provider supporting basic and WIA

Author: mjcheetham

src/Microsoft.Git.CredentialManager/Authentication/BasicAuthentication.cs

@@ -0,0 +1,65 @@
+// Copyright (c) Microsoft Corporation. All rights reserved.
+// Licensed under the MIT license.
+using System;
+using System.Text;
+
+namespace Microsoft.Git.CredentialManager.Authentication
+{
+    public interface IBasicAuthentication
+    {
+        GitCredential GetCredentials(string resource, string userName);
+    }
+
+    public static class BasicAuthenticationExtensions
+    {
+        public static GitCredential GetCredentials(this IBasicAuthentication basicAuth, string resource)
+        {
+            return basicAuth.GetCredentials(resource, null);
+        }
+    }
+
+    public class TtyPromptBasicAuthentication : IBasicAuthentication
+    {
+        private readonly ICommandContext _context;
+
+        public TtyPromptBasicAuthentication(ICommandContext context)
+        {
+            EnsureArgument.NotNull(context, nameof(context));
+
+            _context = context;
+        }
+
+        public GitCredential GetCredentials(string resource, string userName)
+        {
+            EnsureArgument.NotNullOrWhiteSpace(resource, nameof(resource));
+
+            // Are terminal prompt disabled?
+            if (_context.TryGetEnvironmentVariable(
+                         Constants.EnvironmentVariables.GitTerminalPrompts, out string envarPrompts)
+                     && envarPrompts == "0")
+            {
+                _context.Trace.WriteLine($"{Constants.EnvironmentVariables.GitTerminalPrompts} is 0; terminal prompts have been disabled.");
+
+                throw new InvalidOperationException("Cannot show basic credential prompt because terminal prompts have been disabled.");
+            }
+
+            _context.StdError.WriteLine("Enter credentials for '{0}':", resource);
+
+            if (!string.IsNullOrWhiteSpace(userName))
+            {
+                // Don't need to prompt for the username if it has been specified already
+                _context.StdError.WriteLine("Username: {0}", userName);
+            }
+            else
+            {
+                // Prompt for username
+                userName = _context.Prompt("Username");
+            }
+
+            // Prompt for password
+            string password = _context.PromptSecret("Password");
+
+            return new GitCredential(userName, password);
+        }
+    }
+}

src/Microsoft.Git.CredentialManager/Authentication/WindowsIntegratedAuthentication.cs

@@ -0,0 +1,60 @@
+// Copyright (c) Microsoft Corporation. All rights reserved.
+// Licensed under the MIT license.
+using System;
+using System.Net.Http;
+using System.Net.Http.Headers;
+using System.Threading.Tasks;
+
+namespace Microsoft.Git.CredentialManager.Authentication
+{
+    public interface IWindowsIntegratedAuthentication
+    {
+        Task<bool> GetIsSupportedAsync(Uri uri);
+    }
+
+    public class WindowsIntegratedAuthentication : IWindowsIntegratedAuthentication
+    {
+        private readonly ICommandContext _context;
+        private readonly IHttpClientFactory _httpFactory;
+
+        public WindowsIntegratedAuthentication(ICommandContext context)
+            : this(context, new HttpClientFactory()) { }
+
+        public WindowsIntegratedAuthentication(ICommandContext context, IHttpClientFactory httpFactory)
+        {
+            _context = context;
+            _httpFactory = httpFactory;
+        }
+
+        public async Task<bool> GetIsSupportedAsync(Uri uri)
+        {
+            EnsureArgument.AbsoluteUri(uri, nameof(uri));
+
+            bool supported = false;
+
+            _context.Trace.WriteLine($"HTTP HEAD {uri}");
+            using (HttpClient client = _httpFactory.GetClient())
+            using (HttpResponseMessage response = await client.HeadAsync(uri))
+            {
+                _context.Trace.WriteLine("HTTP Response - Ignoring response code");
+
+                _context.Trace.WriteLine("Inspecting WWW-Authenticate headers...");
+                foreach (AuthenticationHeaderValue wwwHeader in response.Headers.WwwAuthenticate)
+                {
+                    if (StringComparer.OrdinalIgnoreCase.Equals(wwwHeader.Scheme, Constants.WwwAuthenticateNegotiateScheme))
+                    {
+                        _context.Trace.WriteLine("Found WWW-Authenticate header for Negotiate");
+                        supported = true;
+                    }
+                    else if (StringComparer.OrdinalIgnoreCase.Equals(wwwHeader.Scheme, Constants.WwwAuthenticateNtlmScheme))
+                    {
+                        _context.Trace.WriteLine("Found WWW-Authenticate header for NTLM");
+                        supported = true;
+                    }
+                }
+            }
+
+            return supported;
+        }
+    }
+}

src/Microsoft.Git.CredentialManager/CommandContext.cs

@@ -4,7 +4,6 @@
 using System.Collections;
 using System.Collections.Generic;
 using System.IO;
-using System.Linq;
 using System.Text;
 using Microsoft.Git.CredentialManager.SecureStorage;
 
@@ -30,6 +29,25 @@ public interface ICommandContext
         /// </summary>
         TextWriter StdError { get; }
 
+        /// <summary>
+        /// Shows a prompt and reads input.
+        /// </summary>
+        /// <param name="prompt">The prompt text to show.</param>
+        /// <returns>The result from the prompt.</returns>
+        string Prompt(string prompt);
+
+        /// <summary>
+        /// Shows a prompt for capturing secret/sensitive information such as passwords, suppresses key echo,
+        /// and reads the input.
+        /// </summary>
+        /// <param name="prompt">The prompt text to show.</param>
+        /// <returns>The result from the prompt.</returns>
+        /// <exception cref="T:System.InvalidOperationException">
+        /// If <see cref="echo"/> is false, and the <see cref="System.Console.In"/> property is redirected from some
+        /// stream other than the console.
+        /// </exception>
+        string PromptSecret(string prompt);
+
         /// <summary>
         /// Application tracing system.
         /// </summary>
@@ -114,6 +132,46 @@ public TextWriter StdError
             }
         }
 
+        public string Prompt(string prompt)
+        {
+            StdError.Write($"{prompt}: ");
+
+            return StdIn.ReadLine();
+        }
+
+        public string PromptSecret(string prompt)
+        {
+            StdError.Write($"{prompt}: ");
+
+            var value = new StringBuilder();
+            bool done = false;
+
+            do
+            {
+                // TODO: Can & should we directly disable 'stdin echo' and then just use a
+                // inStream/StdIn.ReadLine() call rather than needing to use Console.ReadKey?
+                ConsoleKeyInfo keyInfo = Console.ReadKey(intercept: true);
+                switch (keyInfo.Key)
+                {
+                    case ConsoleKey.Enter:
+                        done = true;
+                        StdError.WriteLine();
+                        break;
+                    case ConsoleKey.Backspace:
+                        if (value.Length > 0)
+                        {
+                            value.Remove(value.Length - 1, 1);
+                        }
+                        break;
+                    default:
+                        value.Append(keyInfo.KeyChar);
+                        break;
+                }
+            } while (!done);
+
+            return value.ToString();
+        }
+
         public ITrace Trace { get; } = new Trace();
 
         public IFileSystem FileSystem { get; } = new FileSystem();

src/Microsoft.Git.CredentialManager/Commands/StoreCommand.cs

@@ -19,12 +19,23 @@ protected override Task ExecuteInternalAsync(ICommandContext context, InputArgum
             // Create the credential based on Git's input
             string userName = input.UserName;
             string password = input.Password;
-            var credential = new GitCredential(userName, password);
 
-            // Add or update the credential in the store.
-            context.Trace.WriteLine("Storing credential...");
-            context.CredentialStore.AddOrUpdate(credentialKey, credential);
-            context.Trace.WriteLine("Credential was successfully stored.");
+            // NTLM-authentication is signaled to Git as an empty username/password pair
+            // and we will get called to 'store' these NTLM credentials.
+            // We avoid storing empty credentials.
+            if (string.IsNullOrWhiteSpace(userName) && string.IsNullOrWhiteSpace(password))
+            {
+                context.Trace.WriteLine("Not storing empty credential.");
+            }
+            else
+            {
+                var credential = new GitCredential(userName, password);
+
+                // Add or update the credential in the store.
+                context.Trace.WriteLine("Storing credential...");
+                context.CredentialStore.AddOrUpdate(credentialKey, credential);
+                context.Trace.WriteLine("Credential was successfully stored.");
+            }
 
             return Task.CompletedTask;
         }

src/Microsoft.Git.CredentialManager/Constants.cs

@@ -9,11 +9,15 @@ public static class Constants
         public const string GcmVersion = "1.0";
         public const string PersonalAccessTokenUserName = "PersonalAccessToken";
 
+        public const string WwwAuthenticateNegotiateScheme = "Negotiate";
+        public const string WwwAuthenticateNtlmScheme      = "NTLM";
+
         public static class EnvironmentVariables
         {
-            public const string GcmTrace        = "GCM_TRACE";
-            public const string GcmTraceSecrets = "GCM_TRACE_SECRETS";
-            public const string GcmDebug        = "GCM_DEBUG";
+            public const string GcmTrace           = "GCM_TRACE";
+            public const string GcmTraceSecrets    = "GCM_TRACE_SECRETS";
+            public const string GcmDebug           = "GCM_DEBUG";
+            public const string GitTerminalPrompts = "GIT_TERMINAL_PROMPT";
         }
 
         /// <summary>

src/Microsoft.Git.CredentialManager/GenericHostProvider.cs

@@ -0,0 +1,91 @@
+using System;
+using System.Threading.Tasks;
+using Microsoft.Git.CredentialManager.Authentication;
+
+namespace Microsoft.Git.CredentialManager
+{
+    public class GenericHostProvider : HostProvider
+    {
+        private readonly IBasicAuthentication _basicAuth;
+        private readonly IWindowsIntegratedAuthentication _winAuth;
+
+        public GenericHostProvider(ICommandContext context)
+            : this(context, new TtyPromptBasicAuthentication(context), new WindowsIntegratedAuthentication(context)) { }
+
+        public GenericHostProvider(ICommandContext context,
+                                   IBasicAuthentication basicAuth,
+                                   IWindowsIntegratedAuthentication winAuth)
+            : base(context)
+        {
+            EnsureArgument.NotNull(basicAuth, nameof(basicAuth));
+            EnsureArgument.NotNull(winAuth, nameof(winAuth));
+
+            _basicAuth = basicAuth;
+            _winAuth = winAuth;
+        }
+
+        #region HostProvider
+
+        public override string Name => "Generic";
+
+        public override bool IsSupported(InputArguments input)
+        {
+            return input != null && (StringComparer.OrdinalIgnoreCase.Equals(input.Protocol, "http") ||
+                                     StringComparer.OrdinalIgnoreCase.Equals(input.Protocol, "https"));
+        }
+
+        public override string GetCredentialKey(InputArguments input)
+        {
+            return GetUriFromInput(input).AbsoluteUri;
+        }
+
+        public override async Task<GitCredential> CreateCredentialAsync(InputArguments input)
+        {
+            Uri uri = GetUriFromInput(input);
+
+            // Determine the if the host supports Windows Integration Authentication (WIA)
+            if (PlatformUtils.IsWindows())
+            {
+                Context.Trace.WriteLine($"Checking host '{uri.AbsoluteUri}' for Windows Integrated Authentication...");
+                bool isWiaSupported = await _winAuth.GetIsSupportedAsync(uri);
+
+                if (!isWiaSupported)
+                {
+                    Context.Trace.WriteLine("Host does not support WIA.");
+                }
+                else
+                {
+                    Context.Trace.WriteLine($"Host supports WIA - generating empty credential...");
+
+                    // WIA is signaled to Git using an empty username/password
+                    return new GitCredential(string.Empty, string.Empty);
+                }
+            }
+            else
+            {
+                string osType = PlatformUtils.GetPlatformInformation().OperatingSystemType;
+                Context.Trace.WriteLine($"Skipping check for Windows Integrated Authentication on {osType}.");
+            }
+
+            Context.Trace.WriteLine("Prompting for basic credentials...");
+            return _basicAuth.GetCredentials(uri.AbsoluteUri, uri.UserInfo);
+        }
+
+        #endregion
+
+        #region Helpers
+
+        private static Uri GetUriFromInput(InputArguments input)
+        {
+            return new UriBuilder
+            {
+                Scheme   = input.Protocol,
+                UserName = input.UserName,
+                Host     = input.Host,
+                Path     = input.Path
+            }.Uri;
+        }
+
+        #endregion
+    }
+}

src/git-credential-manager/Application.cs

@@ -65,7 +65,7 @@ public static async Task<int> RunAsync(string[] args)
 
             // Register all supported host providers
             HostProviderRegistry.Register(
-                // TODO
+                new GenericHostProvider(context)
             );
 
             // Trace the current version and program arguments