Proper handling of credential requests in Git client

src/tl/tl/tlGit.cc

@@ -252,6 +252,14 @@ checkout_branch (git_repository *repo, git_remote *remote, const git_checkout_op
   check (git_checkout_head (repo, co_opts));
 }
 
+int
+credentials_cb (git_credential ** /*out*/, const char * /*url*/, const char * /*username*/, unsigned int /*allowed_types*/, void *)
+{
+  //  no credentials aquired
+  git_error_set_str (GIT_ERROR_NONE, "anonymous access is supported only, but server requests credentials");
+  return GIT_EUSER;
+}
+
 void
 GitObject::read (const std::string &org_url, const std::string &org_filter, const std::string &subfolder, const std::string &branch, double timeout, tl::InputHttpStreamCallback *callback)
 {
@@ -294,6 +302,7 @@ GitObject::read (const std::string &org_url, const std::string &org_filter, cons
   fetch_opts.depth = 1;  // shallow (single commit)
 #endif
   fetch_opts.callbacks.transfer_progress = &fetch_progress;
+  fetch_opts.callbacks.credentials = &credentials_cb;
   fetch_opts.callbacks.payload = (void *) &progress;
 
   //  build refspecs in case they are needed

src/tl/unit_tests/tlGitTests.cc

@@ -27,6 +27,7 @@
 #include "tlFileUtils.h"
 
 static std::string test_url ("https://github.com/klayout/klayout_git_test.git");
+static std::string test_url_invalid ("https://github.com/klayout/doesnotexist.git");
 
 TEST(1_plain)
 {
@@ -201,5 +202,17 @@ TEST(10_invalid_branch)
   }
 }
 
+TEST(11_invalid_url)
+{
+  std::string path = tl::TestBase::tmp_file ("repo");
+  tl::GitObject repo (path);
+  try {
+    repo.read (test_url_invalid, std::string (), std::string (), std::string ("brxxx"));
+    EXPECT_EQ (true, false);
+  } catch (tl::Exception &ex) {
+    EXPECT_EQ (ex.msg (), "Error cloning Git repo: anonymous access is supported only, but server requests credentials");
+  }
+}
+
 #endif