Merge pull request #43 from desktop/releases/0.9.11

Bump version to 0.9.11

.github/workflows/ci.yml

@@ -13,41 +13,47 @@ jobs:
     name: ${{ matrix.friendlyName }}
     runs-on: ${{ matrix.os }}
     timeout-minutes: 10
+
     strategy:
       fail-fast: false
       matrix:
-        node: [12.14.1]
-        os: [macos-10.14, windows-2019, ubuntu-18.04]
+        node: [20.12.2]
+        os: [macos-latest, windows-latest, ubuntu-latest]
         include:
-          - os: macos-10.14
+          - os: macos-latest
             friendlyName: macOS
-          - os: windows-2019
+          - os: windows-latest
             friendlyName: Windows
-          - os: ubuntu-18.04
+          - os: ubuntu-20.04
             friendlyName: Linux
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v4
         with:
           submodules: recursive
       - name: Use Node.js ${{ matrix.node }}
-        uses: actions/setup-node@v1
+        uses: actions/setup-node@v4
         with:
           node-version: ${{ matrix.node }}
+      - name: Install Python setup tools
+        run: |
+          python -m pip install --upgrade setuptools packaging
       - name: Install and build
-        run: yarn
+        run: |
+          yarn install
+          yarn build
       - name: Lint
         run: yarn lint
       - name: Test
         run: yarn test
         shell: bash
-      - name: Prebuild Node x64
-        run: yarn prebuild-node
-      - name: Prebuild Electron x64
-        run: yarn prebuild-electron
-      - name: Prebuild Electron arm64
-        run: yarn prebuild-electron-arm64
+      - name: Prebuild (x64)
+        run: npm run prebuild-napi-x64
+      - name: Prebuild (arm64)
+        run: npm run prebuild-napi-arm64
+        if: ${{ matrix.os != 'ubuntu-latest' }}
+      - name: Prebuild (Windows x86)
+        run: npm run prebuild-napi-ia32
+        if: ${{ matrix.os == 'windows-latest' }}
       - name: Publish
         if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags/')
-        run: yarn upload
-        env:
-          GITHUB_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: yarn prebuild --upload-all ${{ secrets.GITHUB_TOKEN }}

.node-version

@@ -1 +1 @@
-12.14.1
+20.12.2

README.md

@@ -2,7 +2,7 @@
 
 A cross-platform no-dependency C executable trampoline which lets GitHub Desktop
 intercede in order to provide Git with any additional info it needs (like
-credentials through `GIT_ASKPASS`).
+credentials through `GIT_ASKPASS` or `SSH_ASKPASS`).
 
 The intention is to support the same platforms that
 [Electron supports](https://www.electronjs.org/docs/tutorial/support#supported-platforms).
@@ -60,7 +60,7 @@ The equivalent Bash shell code looks like this:
 
 ```sh
   # environment variable
-  GIT_ASKPASS="C:/some/path/to/desktop-trampoline.exe" \
+  GIT_ASKPASS="C:/some/path/to/desktop-askpass-trampoline.exe" \
   # ensure Git doesn't block the process waiting for the user to provide input
   GIT_TERMINAL_PROMPT=0 \
   git \
@@ -125,3 +125,15 @@ Thanks to this, with only one generic trampoline that forwards everything via
 that TCP socket, the implementation for every possible protocol like
 `GIT_ASKPASS` can live within the GitHub Desktop codebase instead of having
 multiple trampoline executables.
+
+## SSH Wrapper
+
+Along with the trampoline, an SSH wrapper is provided for macOS. The reason for
+this is macOS before Monterey include an "old" version of OpenSSH that will
+ignore the `SSH_ASKPASS` variable unless it's unable to write to a tty.
+
+This SSH wrapper achieves exactly that: just runs whatever `ssh` exists in the
+path in a way that will use `SSH_ASKPASS` when necessary.
+
+More recent versions of OpenSSH (starting with 8.3) don't require this wrapper,
+since they added support for a new `SSH_ASKPASS_REQUIRE` environment variable.

binding.gyp

@@ -1,13 +1,10 @@
   {
-    'targets': [
-      {
-        'target_name': 'desktop-trampoline',
-        'type': 'executable',
-        'sources': [
-          'src/desktop-trampoline.c',
-          'src/socket.c'
+    'target_defaults': {
+        'defines': [
+          "NAPI_VERSION=<(napi_build_version)",
         ],
         'include_dirs': [
+          '<!(node -p "require(\'node-addon-api\').include_dir")',
           'include'
         ],
         'xcode_settings': {
@@ -27,20 +24,61 @@
           '-pie',
           '-D_FORTIFY_SOURCE=1',
           '-fstack-protector-strong',
-          '-Werror=format-security'
+          '-Werror=format-security',
+          '-fno-exceptions'
         ],
+        'cflags_cc!': [ '-fno-exceptions' ],
         'ldflags!': [
           '-z relro',
           '-z now'
         ],
+        'msvs_settings': {
+          'VCCLCompilerTool': { 'ExceptionHandling': 1 },
+        },
+        'conditions': [
+          ['OS=="win"', { 'defines': [ 'WINDOWS' ] }]
+        ]
+    },
+    'targets': [
+      {
+        'target_name': 'desktop-askpass-trampoline',
+        'type': 'executable',
+        'sources': [
+          'src/desktop-trampoline.c',
+          'src/socket.c'
+        ],
         'conditions': [
           ['OS=="win"', {
-            'defines': [ 'WINDOWS' ],
             'link_settings': {
               'libraries': [ 'Ws2_32.lib' ]
             }
           }]
         ]
       },
+      {
+        'target_name': 'desktop-credential-helper-trampoline',
+        'type': 'executable',
+        'defines': [
+          'CREDENTIAL_HELPER'
+        ],
+        'sources': [
+          'src/desktop-trampoline.c',
+          'src/socket.c'
+        ],
+        'conditions': [
+          ['OS=="win"', {
+            'link_settings': {
+              'libraries': [ 'Ws2_32.lib' ]
+            }
+          }]
+        ]
+      },
+      {
+        'target_name': 'ssh-wrapper',
+        'type': 'executable',
+        'sources': [
+          'src/ssh-wrapper.c'
+        ],
+      },
     ],
   }

index.d.ts

@@ -1,2 +1,8 @@
-export function getDesktopTrampolinePath(): string
-export function getDesktopTrampolineFilename(): string
+export function getDesktopAskpassTrampolinePath(): string
+export function getDesktopAskpassTrampolineFilename(): string
+
+export function getDesktopCredentialHelperTrampolinePath(): string
+export function getDesktopCredentialHelperTrampolineFilename(): string
+
+export function getSSHWrapperPath(): string
+export function getSSHWrapperFilename(): string

index.js

@@ -1,21 +1,48 @@
 const Path = require('path')
 
-function getDesktopTrampolinePath() {
+function getDesktopAskpassTrampolinePath() {
   return Path.join(
     __dirname,
     'build',
     'Release',
-    getDesktopTrampolineFilename()
+    getDesktopAskpassTrampolineFilename()
   )
 }
 
-function getDesktopTrampolineFilename() {
+function getDesktopAskpassTrampolineFilename() {
   return process.platform === 'win32'
-    ? 'desktop-trampoline.exe'
-    : 'desktop-trampoline'
+    ? 'desktop-askpass-trampoline.exe'
+    : 'desktop-askpass-trampoline'
+}
+
+function getDesktopCredentialHelperTrampolinePath() {
+  return Path.join(
+    __dirname,
+    'build',
+    'Release',
+    getDesktopCredentialHelperTrampolineFilename()
+  )
+}
+
+function getDesktopCredentialHelperTrampolineFilename() {
+  return process.platform === 'win32'
+    ? 'desktop-credential-helper-trampoline.exe'
+    : 'desktop-credential-helper-trampoline'
+}
+
+function getSSHWrapperPath() {
+  return Path.join(__dirname, 'build', 'Release', getSSHWrapperFilename())
+}
+
+function getSSHWrapperFilename() {
+  return process.platform === 'win32' ? 'ssh-wrapper.exe' : 'ssh-wrapper'
 }
 
 module.exports = {
-  getDesktopTrampolinePath,
-  getDesktopTrampolineFilename,
+  getDesktopAskpassTrampolinePath,
+  getDesktopAskpassTrampolineFilename,
+  getDesktopCredentialHelperTrampolinePath,
+  getDesktopCredentialHelperTrampolineFilename,
+  getSSHWrapperPath,
+  getSSHWrapperFilename,
 }

package.json

@@ -1,6 +1,6 @@
 {
   "name": "desktop-trampoline",
-  "version": "0.9.4",
+  "version": "0.9.11",
   "main": "index.js",
   "keywords": [],
   "author": "",
@@ -15,10 +15,10 @@
     "test": "jest",
     "lint": "prettier -c **/*.js **/*.md",
     "lint:fix": "prettier --write **/*.js **/*.md",
-    "prebuild-node": "prebuild -t 10.11.0 -t 11.9.0 -t 12.0.0 -t 14.8.0 --strip --include-regex \"desktop-trampoline(\\.exe)?$\"",
-    "prebuild-electron": "prebuild -t 7.0.0 -t 8.0.0 -t 9.0.0 -t 10.0.0 -t 11.0.0 -r electron --strip --include-regex \"desktop-trampoline(\\.exe)?$\"",
-    "prebuild-electron-arm64": "prebuild -t 7.0.0 -t 8.0.0 -t 9.0.0 -t 10.0.0 -t 11.0.0 -r electron -a arm64 --strip --include-regex \"desktop-trampoline(\\.exe)?$\"",
-    "prebuild-all": "yarn prebuild-node && yarn prebuild-electron && yarn prebuild-electron-arm64",
+    "prebuild-napi-x64": "prebuild -t 3 -r napi -a x64 --strip --include-regex \"(desktop-(askpass|credential-helper)-trampoline|ssh-wrapper)(\\.exe)?$\"",
+    "prebuild-napi-ia32": "prebuild -t 3 -r napi -a ia32 --strip --include-regex \"(desktop-(askpass|credential-helper)-trampoline|ssh-wrapper)(\\.exe)?$\"",
+    "prebuild-napi-arm64": "prebuild -t 3 -r napi -a arm64 --strip --include-regex \"(desktop-(askpass|credential-helper)-trampoline|ssh-wrapper)(\\.exe)?$\"",
+    "prebuild-all": "yarn prebuild-napi-x64 && yarn prebuild-napi-ia32 && yarn prebuild-napi-arm64",
     "upload": "node ./script/upload.js"
   },
   "repository": {
@@ -29,11 +29,24 @@
     "url": "https://github.com/desktop/desktop-trampoline/issues"
   },
   "homepage": "https://github.com/desktop/desktop-trampoline#readme",
+  "dependencies": {
+    "node-addon-api": "^4.3.0",
+    "prebuild-install": "^7.1.2"
+  },
   "devDependencies": {
-    "jest": "^26.4.2",
-    "node-gyp": "^7.1.0",
-    "prebuild": "^10.0.1",
-    "prettier": "^2.1.2",
-    "split2": "^3.2.2"
+    "jest": "^27.5.0",
+    "node-gyp": "^10.1.0",
+    "prebuild": "^13.0.1",
+    "prettier": "^2.5.1",
+    "split2": "^4.1.0"
+  },
+  "binary": {
+    "napi_versions": [
+      3
+    ]
+  },
+  "config": {
+    "runtime": "napi",
+    "target": 3
   }
 }

script/upload.js

@@ -1,14 +0,0 @@
-// to ensure that env not in the CI server log
-
-const path = require('path')
-const { spawnSync } = require('child_process')
-
-spawnSync(
-  path.join(
-    __dirname,
-    '../node_modules/.bin/prebuild' +
-      (process.platform === 'win32' ? '.cmd' : '')
-  ),
-  ['--upload-all', process.env.GITHUB_AUTH_TOKEN],
-  { stdio: 'inherit' }
-)

src/desktop-trampoline.c

@@ -1,7 +1,5 @@
 #include <errno.h>
-#include <fcntl.h>
 #include <stdarg.h>
-#include <stdint.h>
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
@@ -11,6 +9,13 @@
 #define BUFFER_LENGTH 4096
 #define MAXIMUM_NUMBER_LENGTH 33
 
+#ifdef CREDENTIAL_HELPER
+  #define DESKTOP_TRAMPOLINE_IDENTIFIER "CREDENTIALHELPER"
+#else
+  #define DESKTOP_TRAMPOLINE_IDENTIFIER "ASKPASS"
+#endif
+
+
 #define WRITE_STRING_OR_EXIT(dataName, dataString) \
 if (writeSocket(socket, dataString, strlen(dataString) + 1) != 0) { \
   printSocketError("ERROR: Couldn't send " dataName); \
@@ -19,12 +24,9 @@ if (writeSocket(socket, dataString, strlen(dataString) + 1) != 0) { \
 
 // This is a list of valid environment variables that GitHub Desktop might
 // send or expect to receive.
-#define NUMBER_OF_VALID_ENV_VARS 4
+#define NUMBER_OF_VALID_ENV_VARS 1
 static const char *sValidEnvVars[NUMBER_OF_VALID_ENV_VARS] = {
-  "DESKTOP_TRAMPOLINE_IDENTIFIER",
   "DESKTOP_TRAMPOLINE_TOKEN",
-  "DESKTOP_USERNAME",
-  "DESKTOP_ENDPOINT",
 };
 
 /** Returns 1 if a given env variable is valid, 0 otherwise. */
@@ -46,42 +48,6 @@ int isValidEnvVar(char *env) {
   return 0;
 }
 
-/**
- * Reads a string from the socket, reading first 2 bytes to get its length and
- * then the string itself.
- */
-ssize_t readDelimitedString(SOCKET socket, char *buffer, size_t bufferSize) {
-  uint16_t outputLength = 0;
-  if (readSocket(socket, &outputLength, sizeof(uint16_t)) < (int)sizeof(uint16_t)) {
-      printSocketError("ERROR: Error reading from socket");
-      return -1;
-  }
-
-  if (outputLength > bufferSize) {
-    fprintf(stderr, "ERROR: received string is bigger than buffer (%d > %zu)", outputLength, bufferSize);
-    return -1;
-  }
-
-  size_t totalBytesRead = 0;
-  ssize_t bytesRead = 0;
-
-  // Read output from server
-  do {
-    bytesRead = readSocket(socket, buffer + totalBytesRead, outputLength - totalBytesRead);
-
-    if (bytesRead == -1) {
-      printSocketError("ERROR: Error reading from socket");
-      return -1;
-    }
-
-    totalBytesRead += bytesRead;
-  } while (bytesRead > 0);
-
-  buffer[totalBytesRead] = '\0';
-
-  return totalBytesRead;
-}
-
 int runTrampolineClient(SOCKET *outSocket, int argc, char **argv, char **envp) {
   char *desktopPortString;
 
@@ -121,8 +87,9 @@ int runTrampolineClient(SOCKET *outSocket, int argc, char **argv, char **envp) {
   }
 
   // Get the number of environment variables
-  char *validEnvVars[NUMBER_OF_VALID_ENV_VARS];
-  int envc = 0;
+  char *validEnvVars[NUMBER_OF_VALID_ENV_VARS + 1];
+  validEnvVars[0] = "DESKTOP_TRAMPOLINE_IDENTIFIER=" DESKTOP_TRAMPOLINE_IDENTIFIER;
+  int envc = 1;
   for (char **env = envp; *env != 0; env++) {
     if (isValidEnvVar(*env)) {
       validEnvVars[envc] = *env;
@@ -140,57 +107,37 @@ int runTrampolineClient(SOCKET *outSocket, int argc, char **argv, char **envp) {
     WRITE_STRING_OR_EXIT("environment variable", validEnvVars[idx]);
   }
 
+  char stdinBuffer[BUFFER_LENGTH + 1];
+  int stdinBytes = 0;
+
+  #ifdef CREDENTIAL_HELPER
+    stdinBytes = fread(stdinBuffer, sizeof(char), BUFFER_LENGTH, stdin);
+  #endif
+
+  stdinBuffer[stdinBytes] = '\0';
+  WRITE_STRING_OR_EXIT("stdin", stdinBuffer);
+
   char buffer[BUFFER_LENGTH + 1];
-  size_t totalBytesWritten = 0;
-  ssize_t bytesToWrite = 0;
+  size_t totalBytesRead = 0;
+  ssize_t bytesRead = 0;
 
-  // Make stdin reading non-blocking, to prevent getting stuck when no data is
-  // provided via stdin.
-  int flags = fcntl(STDIN_FILENO, F_GETFL, 0);
-  fcntl(STDIN_FILENO, F_SETFL, flags | O_NONBLOCK);
-
-  // Send stdin data
+  // Read output from server
   do {
-    bytesToWrite = read(0, buffer, BUFFER_LENGTH);
+    bytesRead = readSocket(socket, buffer + totalBytesRead, BUFFER_LENGTH - totalBytesRead);
 
-    if (bytesToWrite == -1) {
-      if (totalBytesWritten == 0) {
-        // No stdin content found, continuing...
-        break;
-      } else {
-        fprintf(stderr, "ERROR: Error reading stdin data");
-        return 1;
-      }
-    }
-
-    if (writeSocket(socket, buffer, bytesToWrite) != 0) {
-      printSocketError("ERROR: Couldn't send stdin data");
+    if (bytesRead == -1) {
+      printSocketError("ERROR: Error reading from socket");
       return 1;
     }
 
-    totalBytesWritten += bytesToWrite;
-  } while (bytesToWrite > 0);
+    totalBytesRead += bytesRead;
+  } while (bytesRead > 0);
 
-  writeSocket(socket, "\0", 1);
-
-  // Read stdout from the server
-  if (readDelimitedString(socket, buffer, BUFFER_LENGTH) == -1) {
-    fprintf(stderr, "ERROR: Couldn't read stdout from socket");
-    return 1;
-  }
+  buffer[totalBytesRead] = '\0';
 
   // Write that output to stdout
   fprintf(stdout, "%s", buffer);
 
-  // Read stderr from the server
-  if (readDelimitedString(socket, buffer, BUFFER_LENGTH) == -1) {
-    fprintf(stderr, "ERROR: Couldn't read stdout from socket");
-    return 1;
-  }
-
-  // Write that output to stderr
-  fprintf(stderr, "%s", buffer);
-
   return 0;
 }
 

src/ssh-wrapper.c

@@ -0,0 +1,37 @@
+#ifdef WINDOWS
+
+int main(int argc, char **argv) {
+  // Not needed on Windows, this will just create a dummy executable
+  return -1;
+}
+
+#else
+
+#include <unistd.h>
+#include <stdio.h>
+
+/**
+ * This is a wrapper for the ssh command. It is used to make sure ssh runs without
+ * a tty on macOS, allowing GitHub Desktop to intercept different prompts from
+ * ssh (e.g. passphrase, adding a host to the list of known hosts...).
+ * This is not necessary on more recent versions of OpenSSH (starting with v8.3)
+ * which include support for the SSH_ASKPASS_REQUIRE environment variable.
+ */
+int main(int argc, char **argv) {
+  pid_t child = fork();
+
+  if (child < 0) {
+    fprintf(stderr, "Failed to fork\n");
+    return -1;
+  }
+
+  if (child != 0) {
+    // This is the parent process. Just exit.
+    return 0;
+  }
+
+  setsid();
+  return execvp("ssh", argv);
+}
+
+#endif

test/desktop-trampoline.test.js

@@ -0,0 +1,153 @@
+const { stat, access } = require('fs').promises
+const { constants } = require('fs')
+const { execFile } = require('child_process')
+const { promisify } = require('util')
+const {
+  getDesktopAskpassTrampolinePath,
+  getDesktopCredentialHelperTrampolinePath,
+} = require('../index')
+const split2 = require('split2')
+const { createServer } = require('net')
+
+const askPassTrampolinePath = getDesktopAskpassTrampolinePath()
+const helperTrampolinePath = getDesktopCredentialHelperTrampolinePath()
+const run = promisify(execFile)
+
+describe('desktop-trampoline', () => {
+  it('exists and is a regular file', async () =>
+    expect((await stat(askPassTrampolinePath)).isFile()).toBe(true))
+
+  it('can be executed by current process', () =>
+    access(askPassTrampolinePath, constants.X_OK))
+
+  it('fails when required environment variables are missing', () =>
+    expect(run(askPassTrampolinePath, ['Username'])).rejects.toThrow())
+
+  const captureSession = () => {
+    const output = []
+    let resolveOutput = null
+
+    const outputPromise = new Promise(resolve => {
+      resolveOutput = resolve
+    })
+
+    const server = createServer(socket => {
+      let timeoutId = null
+      socket.pipe(split2(/\0/)).on('data', data => {
+        output.push(data.toString('utf8'))
+
+        // Hack: consider the session finished after 100ms of inactivity.
+        // In a real-world scenario, you'd have to parse the data to know when
+        // the session is finished.
+        if (timeoutId !== null) {
+          clearTimeout(timeoutId)
+          timeoutId = null
+        }
+        timeoutId = setTimeout(() => {
+          resolveOutput(output)
+          socket.end()
+          server.close()
+        }, 100)
+      })
+    })
+
+    const serverPortPromise = new Promise((resolve, reject) => {
+      server.on('error', e => reject(e))
+      server.listen(0, '127.0.0.1', () => {
+        resolve(server.address().port)
+      })
+    })
+
+    return [serverPortPromise, outputPromise]
+  }
+
+  it('forwards arguments and valid environment variables correctly', async () => {
+    const [portPromise, outputPromise] = captureSession()
+    const port = await portPromise
+
+    const env = {
+      DESKTOP_TRAMPOLINE_TOKEN: '123456',
+      DESKTOP_PORT: port,
+      INVALID_VARIABLE: 'foo bar',
+    }
+    const opts = { env }
+
+    await run(askPassTrampolinePath, ['baz'], opts)
+
+    const output = await outputPromise
+    const outputArguments = output.slice(1, 2)
+    expect(outputArguments).toStrictEqual(['baz'])
+    // output[2] is the number of env variables
+    const envc = parseInt(output[2])
+    const outputEnv = output.slice(3, 3 + envc)
+    expect(outputEnv).toHaveLength(2)
+    expect(outputEnv).toContain('DESKTOP_TRAMPOLINE_TOKEN=123456')
+    expect(outputEnv).toContain('DESKTOP_TRAMPOLINE_IDENTIFIER=ASKPASS')
+  })
+
+  it('forwards stdin when running in credential-helper mode', async () => {
+    const [portPromise, outputPromise] = captureSession()
+    const port = await portPromise
+
+    const cp = run(helperTrampolinePath, ['get'], {
+      env: { DESKTOP_PORT: port },
+    })
+    cp.child.stdin.end('oh hai\n')
+
+    await cp
+
+    const output = await outputPromise
+    expect(output.at(-1)).toBe('oh hai\n')
+  })
+
+  it("doesn't forward stdin when running in askpass mode", async () => {
+    const [portPromise, outputPromise] = captureSession()
+    const port = await portPromise
+
+    const cp = run(askPassTrampolinePath, ['get'], {
+      env: { DESKTOP_PORT: port },
+    })
+    cp.child.stdin.end('oh hai\n')
+
+    await cp
+
+    const output = await outputPromise
+    expect(output.at(-1)).toBe('')
+  })
+
+  it('askpass handler ignores the DESKTOP_TRAMPOLINE_IDENTIFIER env var', async () => {
+    const [portPromise, outputPromise] = captureSession()
+    const port = await portPromise
+
+    const cp = run(askPassTrampolinePath, ['get'], {
+      env: { DESKTOP_PORT: port, DESKTOP_TRAMPOLINE_IDENTIFIER: 'foo' },
+    })
+    cp.child.stdin.end('oh hai\n')
+
+    await cp
+
+    const output = await outputPromise
+    const envc = parseInt(output[2])
+    const outputEnv = output.slice(3, 3 + envc)
+    expect(outputEnv).toContain('DESKTOP_TRAMPOLINE_IDENTIFIER=ASKPASS')
+  })
+
+  it('credential handler ignores the DESKTOP_TRAMPOLINE_IDENTIFIER env var', async () => {
+    const [portPromise, outputPromise] = captureSession()
+    const port = await portPromise
+
+    const cp = run(helperTrampolinePath, ['get'], {
+      env: { DESKTOP_PORT: port, DESKTOP_TRAMPOLINE_IDENTIFIER: 'foo' },
+    })
+    cp.child.stdin.end('oh hai\n')
+
+    await cp
+
+    const output = await outputPromise
+    const envc = parseInt(output[2])
+    const outputEnv = output.slice(3, 3 + envc)
+    expect(outputEnv).toContain(
+      'DESKTOP_TRAMPOLINE_IDENTIFIER=CREDENTIALHELPER'
+    )
+  })
+})

test/index.test.js

@@ -1,183 +0,0 @@
-const { stat, access } = require('fs').promises
-const { constants } = require('fs')
-const { execFile } = require('child_process')
-const { promisify } = require('util')
-const { getDesktopTrampolinePath } = require('../index')
-const split2 = require('split2')
-const { createServer } = require('net')
-
-const trampolinePath = getDesktopTrampolinePath()
-const run = promisify(execFile)
-
-async function startTrampolineServer(output, stdout = '', stderr = '') {
-  const server = createServer(socket => {
-    socket.pipe(split2(/\0/)).on('data', data => {
-      output.push(data.toString('utf8'))
-    })
-
-    const buffer = Buffer.alloc(2, 0)
-
-    // Send stdout
-    buffer.writeUInt16LE(stdout.length, 0)
-    socket.write(buffer)
-    socket.write(stdout)
-
-    // Send stderr
-    buffer.writeUInt16LE(stderr.length, 0)
-    socket.write(buffer)
-    socket.write(stderr)
-
-    // Close the socket
-    socket.end()
-  })
-  server.unref()
-
-  const startServer = async () => {
-    return new Promise((resolve, reject) => {
-      server.on('error', e => reject(e))
-      server.listen(0, '127.0.0.1', () => {
-        resolve(server.address().port)
-      })
-    })
-  }
-
-  return {
-    server,
-    port: await startServer(),
-  }
-}
-
-describe('desktop-trampoline', () => {
-  it('exists and is a regular file', async () =>
-    expect((await stat(trampolinePath)).isFile()).toBe(true))
-
-  it('can be executed by current process', () =>
-    access(trampolinePath, constants.X_OK))
-
-  it('fails when required environment variables are missing', () =>
-    expect(run(trampolinePath, ['Username'])).rejects.toThrow())
-
-  describe('with a trampoline server', () => {
-    let server = null
-    let output = []
-    let baseEnv = {}
-
-    async function configureTrampolineServer(stdout = '', stderr = '') {
-      output = []
-      const serverInfo = await startTrampolineServer(output, stdout, stderr)
-      server = serverInfo.server
-      baseEnv = {
-        DESKTOP_PORT: serverInfo.port,
-      }
-    }
-
-    afterEach(() => {
-      server.close()
-    })
-
-    it('forwards arguments and valid environment variables correctly without stdin', async () => {
-      await configureTrampolineServer()
-
-      const env = {
-        ...baseEnv,
-        DESKTOP_TRAMPOLINE_IDENTIFIER: '123456',
-        DESKTOP_USERNAME: 'sergiou87',
-        DESKTOP_USERNAME_FAKE: 'fake-user',
-        INVALID_VARIABLE: 'foo bar',
-      }
-      const opts = { env }
-
-      await run(trampolinePath, ['baz'], opts)
-
-      const outputArguments = output.slice(1, 2)
-      expect(outputArguments).toStrictEqual(['baz'])
-      // output[2] is the number of env variables
-      const outputEnv = output.slice(3, output.length - 1)
-      expect(outputEnv).toHaveLength(2)
-      expect(outputEnv).toContain('DESKTOP_TRAMPOLINE_IDENTIFIER=123456')
-      expect(outputEnv).toContain(`DESKTOP_USERNAME=sergiou87`)
-
-      expect(output[output.length - 1]).toStrictEqual('')
-    })
-
-    it('forwards arguments, environment variables and stdin correctly', async () => {
-      await configureTrampolineServer()
-
-      const env = {
-        ...baseEnv,
-        DESKTOP_TRAMPOLINE_IDENTIFIER: '123456',
-        DESKTOP_USERNAME: 'sergiou87',
-      }
-      const opts = {
-        env,
-        stdin: 'This is a test\nWith a multiline\nStandard input text',
-      }
-
-      const run = new Promise((resolve, reject) => {
-        const process = execFile(trampolinePath, ['baz'], opts, function (
-          err,
-          stdout,
-          stderr
-        ) {
-          if (!err) {
-            resolve({ stdout, stderr, exitCode: 0 })
-            return
-          }
-
-          reject(err)
-        })
-
-        process.stdin.end(
-          'This is a test\nWith a multiline\nStandard input text',
-          'utf-8'
-        )
-      })
-      await run
-
-      const outputArguments = output.slice(1, 2)
-      expect(outputArguments).toStrictEqual(['baz'])
-      // output[2] is the number of env variables
-      const outputEnv = output.slice(3, output.length - 1)
-      expect(outputEnv).toHaveLength(2)
-      expect(outputEnv).toContain('DESKTOP_TRAMPOLINE_IDENTIFIER=123456')
-      expect(outputEnv).toContain(`DESKTOP_USERNAME=sergiou87`)
-
-      expect(output[output.length - 1]).toBe(
-        'This is a test\nWith a multiline\nStandard input text'
-      )
-    })
-
-    it('outputs the same stdout received from the server, when no stderr is specified', async () => {
-      await configureTrampolineServer('This is the command stdout', '')
-
-      const opts = { env: baseEnv }
-      const result = await run(trampolinePath, ['baz'], opts)
-
-      expect(result.stdout).toStrictEqual('This is the command stdout')
-      expect(result.stderr).toStrictEqual('')
-    })
-
-    it('outputs the same stderr received from the server, when no stdout is specified', async () => {
-      await configureTrampolineServer('', 'This is the command stderr')
-
-      const opts = { env: baseEnv }
-      const result = await run(trampolinePath, ['baz'], opts)
-
-      expect(result.stdout).toStrictEqual('')
-      expect(result.stderr).toStrictEqual('This is the command stderr')
-    })
-
-    it('outputs the same stdout and stderr received from the server, when both are specified', async () => {
-      await configureTrampolineServer(
-        'This is the command stdout',
-        'This is the command stderr'
-      )
-
-      const opts = { env: baseEnv }
-      const result = await run(trampolinePath, ['baz'], opts)
-
-      expect(result.stdout).toStrictEqual('This is the command stdout')
-      expect(result.stderr).toStrictEqual('This is the command stderr')
-    })
-  })
-})

test/ssh-wrapper.test.js

@@ -0,0 +1,42 @@
+const { stat, access } = require('fs').promises
+const { constants } = require('fs')
+const { execFile } = require('child_process')
+const { promisify } = require('util')
+const { getSSHWrapperPath } = require('../index')
+
+const sshWrapperPath = getSSHWrapperPath()
+const run = promisify(execFile)
+
+describe('ssh-wrapper', () => {
+  it('exists and is a regular file', async () =>
+    expect((await stat(sshWrapperPath)).isFile()).toBe(true))
+
+  // On Windows, the binary generated is just useless, so no point to test it.
+  // Also, this won't be used on Linux (for now at least), so don't bother to
+  // run the tests there.
+  if (process.platform !== 'darwin') {
+    return
+  }
+
+  it('can be executed by current process', () =>
+    access(sshWrapperPath, constants.X_OK))
+
+  it('attempts to use ssh-askpass program', async () => {
+    // Try to connect to github.com with a non-existent known_hosts file to force
+    // ssh to prompt the user and use askpass.
+    const result = await run(
+      sshWrapperPath,
+      ['-o', 'UserKnownHostsFile=/path/to/fake/known_hosts', 'git@github.com'],
+      {
+        env: {
+          SSH_ASKPASS: '/path/to/fake/ssh-askpass',
+          DISPLAY: '.',
+        },
+      }
+    )
+
+    expect(result.stderr).toMatch(
+      /ssh_askpass: exec\(\/path\/to\/fake\/ssh-askpass\): No such file or directory/
+    )
+  })
+})