From c0428b4d6dd0e4f585ea0736ba2945be744c5cc6 Mon Sep 17 00:00:00 2001
From: epriestley <git@epriestley.com>
Date: Wed, 13 Apr 2016 17:09:19 -0700
Subject: [PATCH] Make Git prompt for passwords when the user provides a
 username but not a password

Summary: Fixes T10797. This seems to fix things on my local system.

Test Plan:
  - Cloned with a username, got prompted for a password.
  - Cloned with a username + password.
  - Cloned with a username + bad password (error).

Reviewers: chad

Reviewed By: chad

Subscribers: Grimeh

Maniphest Tasks: T10797

Differential Revision: https://secure.phabricator.com/D15706
---
 .../diffusion/controller/DiffusionServeController.php    | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/src/applications/diffusion/controller/DiffusionServeController.php b/src/applications/diffusion/controller/DiffusionServeController.php
index a5871ca074..cac05b46b9 100644
--- a/src/applications/diffusion/controller/DiffusionServeController.php
+++ b/src/applications/diffusion/controller/DiffusionServeController.php
@@ -164,7 +164,14 @@ final class DiffusionServeController extends DiffusionController {
 
     // If authentication credentials have been provided, try to find a user
     // that actually matches those credentials.
-    if (isset($_SERVER['PHP_AUTH_USER']) && isset($_SERVER['PHP_AUTH_PW'])) {
+
+    // We require both the username and password to be nonempty, because Git
+    // won't prompt users who provide a username but no password otherwise.
+    // See T10797 for discussion.
+
+    $have_user = strlen(idx($_SERVER, 'PHP_AUTH_USER'));
+    $have_pass = strlen(idx($_SERVER, 'PHP_AUTH_PW'));
+    if ($have_user && $have_pass) {
       $username = $_SERVER['PHP_AUTH_USER'];
       $password = new PhutilOpaqueEnvelope($_SERVER['PHP_AUTH_PW']);