??? t5563: add tests for http.emptyAuth with Negotiate

dscho · Git for Windows Build Agent · commit e1f900cc34ed · 2026-06-04T03:37:37.000Z
The downstream NTLM topic (883674c, "t5563: verify that NTLM authentication works") and upstream commit 7e98eb8 ("t5563: add tests for http.emptyAuth with Negotiate") both added SPNEGO tests to the end of t5563. When both topics landed in shears/seen, the SPNEGO tests were duplicated: the first set appears before the NTLM tests (from upstream), the second set after (from the downstream topic). Since GIT_TRACE_CURL appends to the trace file rather than overwriting it, the second set of tests sees the 401 responses from both runs. Test 21 (auto mode) expects 3 lines in trace-auto but finds 6 (3 + 3), and test 22 (false mode) expects 1 but finds 2 (1 + 1), causing all four macOS CI jobs to fail. Remove the duplicate second set; the first (upstream) copy is sufficient. Assisted-by: Claude Opus 4.6 Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
diff --git a/t/t5563-simple-http-auth.sh b/t/t5563-simple-http-auth.sh
@@ -867,78 +867,4 @@ test_expect_success NTLM 'access using NTLM auth' '
 	git ls-remote "$HTTPD_URL/ntlm_auth/repo.git"
 '
 
-test_lazy_prereq SPNEGO 'curl --version | grep -qi "SPNEGO\|GSS-API\|Kerberos\|negotiate"'
-
-test_expect_success SPNEGO 'http.emptyAuth=auto attempts Negotiate before credential_fill' '
-	test_when_finished "per_test_cleanup" &&
-
-	set_credential_reply get <<-EOF &&
-	username=alice
-	password=secret-passwd
-	EOF
-
-	# Basic base64(alice:secret-passwd)
-	cat >"$HTTPD_ROOT_PATH/custom-auth.valid" <<-EOF &&
-	id=1 creds=Basic YWxpY2U6c2VjcmV0LXBhc3N3ZA==
-	EOF
-
-	cat >"$HTTPD_ROOT_PATH/custom-auth.challenge" <<-EOF &&
-	id=1 status=200
-	id=default response=WWW-Authenticate: Negotiate
-	id=default response=WWW-Authenticate: Basic realm="example.com"
-	EOF
-
-	test_config_global credential.helper test-helper &&
-	GIT_TRACE_CURL="$TRASH_DIRECTORY/trace-auto" \
-		git -c http.emptyAuth=auto \
-		ls-remote "$HTTPD_URL/custom_auth/repo.git" &&
-
-	# In auto mode with a Negotiate+Basic server, there should be
-	# three 401 responses: (1) initial no-auth request, (2) empty-auth
-	# retry where Negotiate fails (no Kerberos ticket), (3) libcurl
-	# internal Negotiate retry. The fourth attempt uses Basic
-	# credentials from credential_fill and succeeds.
-	grep "HTTP/[0-9.]* 401" "$TRASH_DIRECTORY/trace-auto" >actual_401s &&
-	test_line_count = 3 actual_401s &&
-
-	expect_credential_query get <<-EOF
-	capability[]=authtype
-	capability[]=state
-	protocol=http
-	host=$HTTPD_DEST
-	wwwauth[]=Negotiate
-	wwwauth[]=Basic realm="example.com"
-	EOF
-'
-
-test_expect_success SPNEGO 'http.emptyAuth=false skips Negotiate' '
-	test_when_finished "per_test_cleanup" &&
-
-	set_credential_reply get <<-EOF &&
-	username=alice
-	password=secret-passwd
-	EOF
-
-	# Basic base64(alice:secret-passwd)
-	cat >"$HTTPD_ROOT_PATH/custom-auth.valid" <<-EOF &&
-	id=1 creds=Basic YWxpY2U6c2VjcmV0LXBhc3N3ZA==
-	EOF
-
-	cat >"$HTTPD_ROOT_PATH/custom-auth.challenge" <<-EOF &&
-	id=1 status=200
-	id=default response=WWW-Authenticate: Negotiate
-	id=default response=WWW-Authenticate: Basic realm="example.com"
-	EOF
-
-	test_config_global credential.helper test-helper &&
-	GIT_TRACE_CURL="$TRASH_DIRECTORY/trace-false" \
-		git -c http.emptyAuth=false \
-		ls-remote "$HTTPD_URL/custom_auth/repo.git" &&
-
-	# With emptyAuth=false, Negotiate is stripped immediately and
-	# credential_fill is called right away. Only one 401 response.
-	grep "HTTP/[0-9.]* 401" "$TRASH_DIRECTORY/trace-false" >actual_401s &&
-	test_line_count = 1 actual_401s
-'
-
 test_done
