Add support for httpCookieFile (#1251)

Add [`httpCookieFile`](https://git-scm.com/docs/git-config#Documentation/git-config.txt-httpcookieFile) support.
If `httpCookieFile` is set in `gitconfig`, GCM will add cookie headers to requests, such as OAuth2 requests.

This does not add support for [`http.saveCookies`](https://git-scm.com/docs/git-config#Documentation/git-config.txt-httpsaveCookies).

Author: mjcheetham

src/shared/Core.Tests/CurlCookieTests.cs

@@ -0,0 +1,133 @@
+using System;
+using System.Collections.Generic;
+using System.Net;
+using GitCredentialManager;
+using GitCredentialManager.Tests.Objects;
+using Xunit;
+
+namespace Core.Tests;
+
+public class CurlCookieParserTests
+{
+    [Fact]
+    public void CurlCookieParser_EmptyFile_ReturnsNoCookies()
+    {
+        const string content = "";
+
+        var trace = new NullTrace();
+        var parser = new CurlCookieParser(trace);
+
+        IList<Cookie> actual = parser.Parse(content);
+
+        Assert.Empty(actual);
+    }
+
+    [Fact]
+    public void CurlCookieParser_Parse_MissingFields_SkipsInvalidLines()
+    {
+        const string content =
+            // Valid cookie
+            ".example.com\tTRUE\t/path/here\tTRUE\t0\tcookie1\tvalue1\n" +
+
+            // Missing several fields - not a valid cookie so should be skipped
+            ".example.com\tTRUE\tTRUE\tcookie1\tvalue1\n";
+
+        var trace = new NullTrace();
+        var parser = new CurlCookieParser(trace);
+
+        IList<Cookie> actual = parser.Parse(content);
+
+        Assert.Equal(1, actual.Count);
+        AssertCookie(actual[0], ".example.com", "/path/here", true, 0, "cookie1", "value1");
+    }
+
+    [Fact]
+    public void CurlCookieParser_Parse_MissingFields_ReturnsValidCookiesWithDefaults()
+    {
+        const string content =
+            // Empty path field (default "/")
+            ".example.com\tTRUE\t\tTRUE\t852852\tcookie1\tvalue1\n" +
+
+            // Empty expiration field (default 0)
+            ".example.com\tTRUE\t/path/here\tTRUE\t\tcookie1\tvalue1";
+
+        var trace = new NullTrace();
+        var parser = new CurlCookieParser(trace);
+
+        IList<Cookie> actual = parser.Parse(content);
+
+        Assert.Equal(2, actual.Count);
+        AssertCookie(actual[0], ".example.com", "/", true, 852852, "cookie1", "value1");
+        AssertCookie(actual[1], ".example.com", "/path/here", true, 0, "cookie1", "value1");
+    }
+
+    [Fact]
+    public void CurlCookieParser_Parse_ValidFields_ReturnsValidCookies()
+    {
+        const string content =
+            ".example.com\tTRUE\t/path\tTRUE\t0\tcookie1\tvalue1\n" +
+            ".example.com\tfAlSe\t/path\ttRuE\t0\tcookie1\tvalue1\n" +
+            ".example.com\tTRUE\t/path\tTRUE\t0\tcookie1 with spaces\tvalue1 with spaces\n" +
+            ".example.com\tFALSE\t/path\tTRUE\t0\tcookie1\tvalue1\n" +
+            "example.com\tFALSE\t/path\tTRUE\t0\tcookie1\tvalue1\n" +
+            "example.com\tTRUE\t/path\tTRUE\t0\tcookie1\tvalue1\n" +
+            ".example.com\tTRUE\t/path\tFALSE\t0\tcookie1\tvalue1\n" +
+            ".example.com\tTRUE\t/path\tFALSE\t401654\tcookie1\tvalue1\n";
+
+        var trace = new NullTrace();
+        var parser = new CurlCookieParser(trace);
+
+        IList<Cookie> actual = parser.Parse(content);
+
+        Assert.Equal(8, actual.Count);
+        AssertCookie(actual[0], ".example.com", "/path", true, 0, "cookie1", "value1");
+        AssertCookie(actual[1], "example.com", "/path", true, 0, "cookie1", "value1");
+        AssertCookie(actual[2], ".example.com", "/path", true, 0, "cookie1 with spaces", "value1 with spaces");
+        AssertCookie(actual[3], "example.com", "/path", true, 0, "cookie1", "value1");
+        AssertCookie(actual[4], "example.com", "/path", true, 0, "cookie1", "value1");
+        AssertCookie(actual[5], "example.com", "/path", true, 0, "cookie1", "value1");
+        AssertCookie(actual[6], ".example.com", "/path", false, 0, "cookie1", "value1");
+        AssertCookie(actual[7], ".example.com", "/path", false, 401654, "cookie1", "value1");
+    }
+
+    [Fact]
+    public void CurlCookieParser_Parse_Comments_ReturnsCookies()
+    {
+        const string content =
+            // Comment block
+            "# This is a cookie file with various comments!\n" +
+            "# Lines starting with # are comments, except those that\n" +
+            "# start with exactly '#HttpOnly_'.. two #s is a comment still!\n" +
+
+            // This is still a comment!
+            "##HttpOnly_ <-- this is a comment still!\n" +
+
+            // Valid line
+            ".example.com\tTRUE\t/\tTRUE\t0\tcookie1\tvalue1\n" +
+
+            // Commented out cookie line
+            "#.example.com\tTRUE\t/\tTRUE\t0\tcookie1\tvalue1\n" +
+
+            // Valid cookie but HTTP only
+            "#HttpOnly_.example.com\tTRUE\t/\tTRUE\t0\tcookie1\tvalue1\n";
+
+        var trace = new NullTrace();
+        var parser = new CurlCookieParser(trace);
+
+        IList<Cookie> actual = parser.Parse(content);
+
+        Assert.Equal(2, actual.Count);
+        AssertCookie(actual[0], ".example.com", "/", true, 0, "cookie1", "value1");
+        AssertCookie(actual[1], ".example.com", "/", true, 0, "cookie1", "value1");
+    }
+
+    private static void AssertCookie(Cookie cookie, string domain, string path, bool secureOnly, long expires, string name, string value)
+    {
+        Assert.Equal(name, cookie.Name);
+        Assert.Equal(value, cookie.Value);
+        Assert.Equal(domain, cookie.Domain);
+        Assert.Equal(path, cookie.Path);
+        Assert.Equal(secureOnly, cookie.Secure);
+        Assert.Equal(expires, cookie.Expires.Subtract(DateTime.UnixEpoch).TotalSeconds);
+    }
+}

src/shared/Core.Tests/HttpClientFactoryTests.cs

@@ -311,6 +311,36 @@ public void HttpClientFactory_GetClient_ChecksCertBundleOnlyIfEnabled(string cus
             fileSystemMock.Verify(fs => fs.FileExists(It.IsAny<string>()), expectBundleChecked ? Times.Once : Times.Never);
         }
 
+        [Theory]
+        [InlineData(null, false, null)]
+        [InlineData("~/.git-cookie", true, "# Netscape HTTP Cookie File\n" +
+                          "# https://curl.haxx.se/rfc/cookie_spec.html\n" +
+                          "# This is a generated file! Do not edit.\n" +
+                          "\n" +
+                          ".example.com\tTRUE\t/\tTRUE\t0\tcookie1\tvalue1\n" +
+                          ".example.com\tTRUE\t/\tTRUE\t0\tcookie2\tvalue2\n" +
+                          "#HttpOnly_.example.com\tTRUE\t/\tTRUE\t0\tcookie3\tvalue3\n")]
+        public void HttpClientFactory_GetClient_SetCookieOnlyIfEnabled(string cookieFilePath, bool expectCookieChecked, string cookieFileContent)
+        {
+            var fileSystemMock = new Mock<IFileSystem>();
+            fileSystemMock.Setup(fs => fs.FileExists(It.IsAny<string>())).Returns(true);
+            if (!string.IsNullOrWhiteSpace(cookieFileContent))
+            {
+                fileSystemMock.Setup(fs => fs.ReadAllText(cookieFilePath)).Returns(cookieFileContent);
+            }
+
+            var settings = new TestSettings()
+            {
+                CustomCookieFilePath = cookieFilePath
+            };
+
+            var factory = new HttpClientFactory(fileSystemMock.Object, Mock.Of<ITrace>(), Mock.Of<ITrace2>(), settings, new TestStandardStreams());
+
+            HttpClient client = factory.CreateClient();
+
+            fileSystemMock.Verify(fs => fs.FileExists(It.IsAny<string>()), expectCookieChecked ? Times.AtLeastOnce : Times.Never);
+        }
+
         private static void AssertDefaultCredentials(ICredentials credentials)
         {
             var netCred = (NetworkCredential) credentials;

src/shared/Core/Constants.cs

@@ -171,6 +171,7 @@ public static class Http
                 public const string SslVerify = "sslVerify";
                 public const string SslCaInfo = "sslCAInfo";
                 public const string SslAutoClientCert = "sslAutoClientCert";
+                public const string CookieFile = "cookieFile";
             }
 
             public static class Remote

src/shared/Core/CurlCookie.cs

@@ -0,0 +1,83 @@
+using System;
+using System.Collections.Generic;
+using System.Net;
+using GitCredentialManager;
+
+namespace GitCredentialManager
+{
+    public class CurlCookieParser
+    {
+        private readonly ITrace _trace;
+
+        public CurlCookieParser(ITrace trace)
+        {
+            _trace = trace;
+        }
+
+        public IList<Cookie> Parse(string content)
+        {
+            if (string.IsNullOrWhiteSpace(content))
+            {
+                return Array.Empty<Cookie>();
+            }
+
+            const string HttpOnlyPrefix = "#HttpOnly_";
+
+            var cookies = new List<Cookie>();
+
+            // Parse the cookie file content
+            var lines = content.Split(new[] { '\r', '\n' }, StringSplitOptions.RemoveEmptyEntries);
+            foreach (var line in lines)
+            {
+                var parts = line.Split(new[] { '\t' }, StringSplitOptions.None);
+                if (parts.Length >= 7 && (!parts[0].StartsWith("#") || parts[0].StartsWith(HttpOnlyPrefix)))
+                {
+                    var domain = parts[0].StartsWith(HttpOnlyPrefix) ? parts[0].Substring(HttpOnlyPrefix.Length) : parts[0];
+                    var includeSubdomains = StringComparer.OrdinalIgnoreCase.Equals(parts[1], "TRUE");
+                    if (!includeSubdomains)
+                    {
+                        domain = domain.TrimStart('.');
+                    }
+                    var path = string.IsNullOrWhiteSpace(parts[2]) ? "/" : parts[2];
+                    var secureOnly = parts[3].Equals("TRUE", StringComparison.OrdinalIgnoreCase);
+                    var expires = ParseExpires(parts[4]);
+                    var name = parts[5];
+                    var value = parts[6];
+
+                    cookies.Add(new Cookie()
+                    {
+                        Domain = domain,
+                        Path = path,
+                        Expires = expires,
+                        HttpOnly = true,
+                        Secure = secureOnly,
+                        Name = name,
+                        Value = value,
+                    });
+                }
+                else
+                {
+                    _trace.WriteLine($"Invalid cookie line: {line}");
+                }
+            }
+
+            return cookies;
+        }
+
+        private static DateTime ParseExpires(string expires)
+        {
+#if NETFRAMEWORK
+            DateTime epoch = new DateTime(1970, 01, 01, 0, 0, 0, DateTimeKind.Utc);
+#else
+            DateTime epoch = DateTime.UnixEpoch;
+#endif
+
+            if (long.TryParse(expires, out long i))
+            {
+                return epoch.AddSeconds(i);
+            }
+
+            return epoch;
+        }
+    }
+}

src/shared/Core/HttpClientFactory.cs

@@ -197,6 +197,34 @@ public HttpClient CreateClient()
 #endif
             }
 
+            // If CustomCookieFilePath is set, set Cookie header from cookie file, which is written by libcurl
+            if (!string.IsNullOrWhiteSpace(_settings.CustomCookieFilePath) && _fileSystem.FileExists(_settings.CustomCookieFilePath))
+            {
+                // get the filename from gitconfig
+                string cookieFilePath = _settings.CustomCookieFilePath;
+                _trace.WriteLine($"Custom cookie file has been enabled with {cookieFilePath}");
+
+                // get cookie from cookie file
+                string cookieFileContents = _fileSystem.ReadAllText(cookieFilePath);
+
+                var cookieParser = new CurlCookieParser(_trace);
+                var cookies = cookieParser.Parse(cookieFileContents);
+
+                // Set the cookie
+                var cookieContainer = new CookieContainer();
+                foreach (var cookie in cookies)
+                {
+                    var schema = cookie.Secure ? "https" : "http";
+                    var uri = new UriBuilder(schema, cookie.Domain.TrimStart('.')).Uri;
+                    cookieContainer.Add(uri, new Cookie(cookie.Name, cookie.Value));
+                }
+                handler.CookieContainer = cookieContainer;
+                handler.UseCookies = true;
+                
+                _trace.WriteLine("Configured to automatically send cookie header.");
+
+            }
+
             var client = new HttpClient(handler);
 
             // Add default headers

src/shared/Core/Settings.cs

@@ -154,6 +154,12 @@ public interface ISettings : IDisposable
         /// <remarks>The default value is null if unset.</remarks>
         string CustomCertificateBundlePath { get; }
 
+        /// <summary>
+        // Optional path to a file containing one or more cookies.
+        /// </summary>
+        /// <remarks>The default value is null if unset.</remarks>
+        string CustomCookieFilePath { get; }
+
         /// <summary>
         /// The SSL/TLS backend.
         /// </summary>
@@ -626,6 +632,9 @@ public bool IsCertificateVerificationEnabled
         public string CustomCertificateBundlePath =>
             TryGetPathSetting(KnownEnvars.GitSslCaInfo, KnownGitCfg.Http.SectionName, KnownGitCfg.Http.SslCaInfo, out string value) ? value : null;
 
+        public string CustomCookieFilePath =>
+            TryGetPathSetting(null, KnownGitCfg.Http.SectionName, KnownGitCfg.Http.CookieFile, out string value) ? value : null;
+
         public TlsBackend TlsBackend =>
             TryGetSetting(null, KnownGitCfg.Http.SectionName, KnownGitCfg.Http.SslBackend, out string config)
                 ? (Enum.TryParse(config, true, out TlsBackend backend) ? backend : GitCredentialManager.TlsBackend.Other)

src/shared/TestInfrastructure/Objects/TestSettings.cs

@@ -43,6 +43,8 @@ public class TestSettings : ISettings
 
         public string CustomCertificateBundlePath { get; set; }
 
+        public string CustomCookieFilePath { get; set; }
+
         public TlsBackend TlsBackend { get; set; }
 
         public bool UseCustomCertificateBundleWithSchannel { get; set; }
@@ -175,6 +177,8 @@ ProxyConfiguration ISettings.GetProxyConfiguration()
 
         string ISettings.CustomCertificateBundlePath => CustomCertificateBundlePath;
 
+        string ISettings.CustomCookieFilePath => CustomCookieFilePath;
+
         TlsBackend ISettings.TlsBackend => TlsBackend;
 
         bool ISettings.UseCustomCertificateBundleWithSchannel => UseCustomCertificateBundleWithSchannel;