fix(git): Pass the full URL to the Authenticator

oheger-bosch · mnonnenmacher · commit d4fcd27bab80 · 2025-07-22T11:29:12.000+02:00
When querying the credentials for the current repository provide the
complete URL, not only host, port, and scheme. This gives the
`Authenticator` more context to select the best-fitting credentials.

Signed-off-by: Oliver Heger &lt;oliver.heger@bosch.com&gt;
diff --git a/plugins/version-control-systems/git/src/main/kotlin/Git.kt b/plugins/version-control-systems/git/src/main/kotlin/Git.kt
@@ -54,6 +54,7 @@ import org.ossreviewtoolkit.utils.common.CommandLineTool
 import org.ossreviewtoolkit.utils.common.Os
 import org.ossreviewtoolkit.utils.common.collectMessages
 import org.ossreviewtoolkit.utils.common.safeMkdirs
+import org.ossreviewtoolkit.utils.common.toUri
 import org.ossreviewtoolkit.utils.common.withoutPrefix
 import org.ossreviewtoolkit.utils.ort.requestPasswordAuthentication
 import org.ossreviewtoolkit.utils.ort.showStackTrace
@@ -352,9 +353,11 @@ internal object AuthenticatorCredentialsProvider : CredentialsProvider() {
         }
 
     override fun get(uri: URIish, vararg items: CredentialItem): Boolean {
-        logger.debug { "JGit queries credentials ${items.map { it.javaClass.simpleName }} for '${uri.host}'." }
+        logger.debug { "JGit queries credentials ${items.map { it.javaClass.simpleName }} for '$uri'." }
 
-        val auth = requestPasswordAuthentication(uri.host, uri.port, uri.scheme) ?: return false
+        val url = uri.toString().toUri { it.toURL() }.getOrNull()
+        val auth = requestPasswordAuthentication(uri.host.orEmpty(), uri.port, uri.scheme.orEmpty(), url)
+            ?: return false
 
         logger.debug { "Passing credentials for '${uri.host}' to JGit." }
 
diff --git a/plugins/version-control-systems/git/src/test/kotlin/GitTest.kt b/plugins/version-control-systems/git/src/test/kotlin/GitTest.kt
@@ -115,7 +115,31 @@ class GitTest : WordSpec({
 
             val credentialProvider = CredentialsProvider.getDefault()
 
-            credentialProvider.get(TestUri, userCredential, passwordCredential) shouldBe true
+            credentialProvider.get(testUri, userCredential, passwordCredential) shouldBe true
+
+            verify {
+                userCredential.value = user
+                passwordCredential.value = password
+            }
+        }
+
+        "handle an invalid URL" {
+            val user = "scott"
+            val password = "tiger".toCharArray()
+            val userCredential = mockk<CredentialItem.Username>()
+            val passwordCredential = mockk<CredentialItem.Password>()
+            val invalidUri = URIish("foo")
+
+            every { userCredential.value = any() } just runs
+            every { passwordCredential.value = any() } just runs
+            mockAuthentication(null)
+            every {
+                requestPasswordAuthentication("", invalidUri.port, "", null)
+            } returns PasswordAuthentication(user, password)
+
+            val credentialProvider = CredentialsProvider.getDefault()
+
+            credentialProvider.get(invalidUri, userCredential, passwordCredential) shouldBe true
 
             verify {
                 userCredential.value = user
@@ -131,7 +155,7 @@ class GitTest : WordSpec({
 
             val credentialProvider = CredentialsProvider.getDefault()
 
-            credentialProvider.get(TestUri, userCredential, passwordCredential) shouldBe false
+            credentialProvider.get(testUri, userCredential, passwordCredential) shouldBe false
         }
 
         "throw for unsupported credential types" {
@@ -142,7 +166,7 @@ class GitTest : WordSpec({
             val credentialProvider = CredentialsProvider.getDefault()
 
             shouldThrow<UnsupportedCredentialItem> {
-                credentialProvider.get(TestUri, otherCredential)
+                credentialProvider.get(testUri, otherCredential)
             }
         }
 
@@ -154,13 +178,16 @@ class GitTest : WordSpec({
     }
 })
 
-private val TestUri = URIish(URI("https://www.example.org:8080/foo").toURL())
+private val testUri = URIish(URI("https://www.example.org:8080/foo").toURL())
+private val testUriAsUrl = URI.create(testUri.toString()).toURL()
 
 /**
  * Mocks the utility function to query password authentication for the test URI. Return the [result] provided.
  */
 private fun mockAuthentication(result: PasswordAuthentication?) {
     mockkStatic("org.ossreviewtoolkit.utils.ort.UtilsKt")
 
-    every { requestPasswordAuthentication(TestUri.host, TestUri.port, TestUri.scheme) } returns result
+    every {
+        requestPasswordAuthentication(testUri.host, testUri.port, testUri.scheme, testUriAsUrl)
+    } returns result
 }
