# This test exercises the GOAUTH mechanism for specifying
# credentials passed in HTTPS requests to VCS servers.
# See golang.org/issue/26232

[short] skip

env GOPROXY=direct
env GOSUMDB=off

# GOAUTH should default to netrc behavior.
# Without credentials, downloading a module from a path that requires HTTPS
# basic auth should fail.
# Override default location of $HOME/.netrc
env NETRC=$WORK/empty
! go get vcs-test.golang.org/auth/or401
stderr '^\tserver response: ACCESS DENIED, buddy$'

# With credentials from a netrc file, it should succeed.
env NETRC=$WORK/netrc
go get vcs-test.golang.org/auth/or401

# GOAUTH=off should result in failures.
env GOAUTH='off'
# Without credentials, downloading a module from a path that requires HTTPS
# basic auth should fail.
env NETRC=$WORK/empty
! go get vcs-test.golang.org/auth/or401
stderr '^\tserver response: ACCESS DENIED, buddy$'

# GOAUTH='off' should ignore credentials from a valid netrc file.
env GOAUTH='off'
env NETRC=$WORK/netrc
! go get vcs-test.golang.org/auth/or401
stderr '^\tserver response: ACCESS DENIED, buddy$'

# GOAUTH=off cannot be combined with other authentication commands
env GOAUTH='off; netrc'
env NETRC=$WORK/netrc
! go get vcs-test.golang.org/auth/or401
stderr 'GOAUTH=off cannot be combined with other authentication commands \(GOAUTH=off; netrc\)'

# An unset GOAUTH should default to netrc.
env GOAUTH=
# Without credentials, downloading a module from a path that requires HTTPS
# basic auth should fail.
env NETRC=$WORK/empty
! go get vcs-test.golang.org/auth/or401
stderr '^\tserver response: ACCESS DENIED, buddy$'

# With credentials from a netrc file, it should succeed.
env NETRC=$WORK/netrc
go get vcs-test.golang.org/auth/or401

# A missing file should be fail as well.
env NETRC=$WORK/missing
! go get vcs-test.golang.org/auth/or401
stderr '^\tserver response: ACCESS DENIED, buddy$'

-- go.mod --
module private.example.com
-- $WORK/empty --
-- $WORK/netrc --
machine vcs-test.golang.org
	login aladdin
	password opensesame