make, scripts: Don't unconditionally clone with proactiveAuth=basic

Don't unconditionally add proactiveAuth=basic to Git's config during
clone, but only if cloning happens after authentication.

This saves unauthenticated users funny password prompts. On the other
hand, this makes a server setting persistent which could be changed
on the server.

  URL =~ /api/  (or so) => 401, followed by Basic Auth
  URL !=~ /api/ (or so) => Redirect or free access, depending on resource

Currently all resources, including API, are accessible by either
basic auth or a Cookie, but basic auth needs to be present in the
first request, which throws off some clients (notably Git without
proactiveAuth=basic).

Signed-off-by: Jan Lindemann <jan@janware.com>

scripts/pgit.sh

@@ -91,6 +91,15 @@ commit()
 
 clone()
 {(
+	run_clone() {
+		local url="$1"
+		local p="$2"
+		run_git $GIT_GLOBAL_OPTS clone "$url" "$p"
+		if [[ "$GIT_GLOBAL_OPTS" =~ proactiveAuth ]]; then
+			run_git -C $p config set http.proactiveAuth basic
+		fi
+	}
+
 	local p
 	config
 	cd $pdir
@@ -145,8 +154,7 @@ clone()
 			if [ -d $p ]; then
 				run_git -C $p pull --recurse-submodules=on-demand
 			else
-				run_git -c http.proactiveAuth=basic clone $remote_base/$fromuser$remote_subpath/$p
-				run_git -C $p config set http.proactiveAuth basic
+				run_clone $remote_base/$fromuser$remote_subpath/$p $p
 			fi
 		else
 			local remotename="jw-$fromuser"
@@ -166,8 +174,7 @@ clone()
 				fi
 			else
 				# set -x
-				run_git  -c http.proactiveAuth=basic clone $remote_base/$fromuser$remote_subpath/$p
-				run_git -C $p config set http.proactiveAuth basic
+				run_clone $remote_base/$fromuser$remote_subpath/$p $p
 				run_git -C $p remote rename origin $remotename || fatal failed to rename remote in $p
 				run_git -C $p remote set-url --push $remotename no_push
 				if [ $create_remote_user_repos = true ]; then