From f7f9dd4deb3b92bf175a0411dac60e7b6fdd9cfa Mon Sep 17 00:00:00 2001
From: Josip Sokcevic <sokcevic@chromium.org>
Date: Thu, 3 Oct 2024 20:32:04 +0000
Subject: [PATCH] project: Handle git sso auth failures as repo exit

If a user is not authenticated, repo continues execution and it will
likely result in more of the same errors being printed. A user is also
likely to SIGTERM the process resulting in more errors.

This change stops repo sync if any of repositories can't be fetched to
Git authentcation using sso helper. We could extend this to all Git
authentication

Change-Id: I9e471e063450c0a51f25a5e7f12a83064dfb170c
Reviewed-on: https://gerrit-review.googlesource.com/c/git-repo/+/438522
Reviewed-by: Gavin Mak <gavinmak@google.com>
Tested-by: Josip Sokcevic <sokcevic@google.com>
Commit-Queue: Josip Sokcevic <sokcevic@google.com>
---
 error.py   |  4 ++++
 project.py | 15 +++++++++++++++
 2 files changed, 19 insertions(+)

diff --git a/error.py b/error.py
index 7958a0a1..36bc2129 100644
--- a/error.py
+++ b/error.py
@@ -107,6 +107,10 @@ class GitError(RepoError):
         return self.message
 
 
+class GitAuthError(RepoExitError):
+    """Cannot talk to remote due to auth issue."""
+
+
 class GitcUnsupportedError(RepoExitError):
     """Gitc no longer supported."""
 
diff --git a/project.py b/project.py
index b29e604f..88dd747b 100644
--- a/project.py
+++ b/project.py
@@ -32,6 +32,7 @@ import urllib.parse
 
 from color import Coloring
 from error import DownloadError
+from error import GitAuthError
 from error import GitError
 from error import ManifestInvalidPathError
 from error import ManifestInvalidRevisionError
@@ -2713,6 +2714,20 @@ class Project:
                     file=output_redir,
                 )
                 break
+            elif (
+                ret == 128
+                and gitcmd.stdout
+                and "remote helper 'sso' aborted session" in gitcmd.stdout
+            ):
+                # User needs to be authenticated, and Git wants to prompt for
+                # username and password.
+                print(
+                    "git requires authentication, but repo cannot perform "
+                    "interactive authentication.",
+                    file=output_redir,
+                )
+                raise GitAuthError(gitcmd.stdout)
+                break
             elif current_branch_only and is_sha1 and ret == 128:
                 # Exit code 128 means "couldn't find the ref you asked for"; if
                 # we're in sha1 mode, we just tried sync'ing from the upstream