From ce48375951bd82bbc5f5ce7cb29cb7f0d4afde55 Mon Sep 17 00:00:00 2001
From: epriestley <git@epriestley.com>
Date: Tue, 5 Nov 2013 15:24:58 -0800
Subject: [PATCH] Don't throw when user tries to use an empty password via HTTP
 auth

Summary: Fixes T4064. See discussion there.

Test Plan: Tried `git clone http://...` with empty password, got 403. Retried with actual password, got a clone.

Reviewers: jamesr, btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T4064

Differential Revision: https://secure.phabricator.com/D7508
---
 .../diffusion/controller/DiffusionController.php   | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/src/applications/diffusion/controller/DiffusionController.php b/src/applications/diffusion/controller/DiffusionController.php
index 0d03487769..6e9ebb6293 100644
--- a/src/applications/diffusion/controller/DiffusionController.php
+++ b/src/applications/diffusion/controller/DiffusionController.php
@@ -8,6 +8,8 @@ abstract class DiffusionController extends PhabricatorController {
     $request = $this->getRequest();
     $uri = $request->getRequestURI();
 
+    $user_agent = idx($_SERVER, 'HTTP_USER_AGENT');
+
     // Check if this is a VCS request, e.g. from "git clone", "hg clone", or
     // "svn checkout". If it is, we jump off into repository serving code to
     // process the request.
@@ -27,6 +29,8 @@ abstract class DiffusionController extends PhabricatorController {
         //
         // ...to get a human-readable error.
         $vcs = $request->getExists('__vcs__');
+      } else if (strncmp($user_agent, "git/", 4) === 0) {
+        $vcs = PhabricatorRepositoryType::REPOSITORY_TYPE_GIT;
       } else if ($request->getExists('service')) {
         $service = $request->getStr('service');
         // We get this initially for `info/refs`.
@@ -541,6 +545,16 @@ abstract class DiffusionController extends PhabricatorController {
       return null;
     }
 
+    if (!strlen($username)) {
+      // No username.
+      return null;
+    }
+
+    if (!strlen($password->openEnvelope())) {
+      // No password.
+      return null;
+    }
+
     $user = id(new PhabricatorPeopleQuery())
       ->setViewer(PhabricatorUser::getOmnipotentUser())
       ->withUsernames(array($username))