improve git http authentication via repository configuration #5581
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
abn
force-pushed
the
fix-git-auth
branch
2 times, most recently
from
d0433e2
to
c9debec
Compare
abn
changed the title
neersighted
requested changes
May 10, 2022
Closed
abn
force-pushed
the
fix-git-auth
branch
2 times, most recently
from
110458a
to
78c597d
Compare
Prior to this change when `Config` was initialised for non-command use, user `config.toml` and `auth.toml` files were not loaded. This caused unintended side effects when configuration look up were performed from the `Authenticator` and other parts of the code.
Since git repository authentication is a special case of repository configuration, the existing assumptions around path matching do not apply. In order to prevent unexpected behaviour due to similar path matching, git authentication will use exact url matching.
This change ensures that http-basic auth credentials are only passed to dulwich when the remote url uses http/https schemes. In addition to the above, it is now ensured that username/password parameters are not passed through to dulwich unless both username and password are configured explicitly. This is to ensure that dulwich does not bail out if it detects a username in the url (eg: `ssh://git@github.com`).
neersighted
reviewed
May 10, 2022
neersighted
approved these changes
May 10, 2022
2 tasks
|
This pull request has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs. |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
replace Factory.create_config() w/ Config.create()
Prior to this change when
Configwas initialised for non-command use, userconfig.tomlandauth.tomlfiles were not loaded. This caused unintended side effects when configuration look up were performed from theAuthenticatorand other parts of the code.ensure git repository authn uses exact urls
Since git repository authentication is a special case of repository configuration, the existing assumptions around path matching do not apply. In order to prevent unexpected behaviour due to similar path matching, git authentication will use exact url matching.
git: ignore http auth for ssh url
This change ensures that http-basic auth credentials are only passed to dulwich when the remote url uses http/https schemes.
In addition to the above, it is now ensured that username/password parameters are not passed through to dulwich unless both username and password are configured explicitly. This is to ensure that dulwich does not bail out if it detects a username in the url (eg:
ssh://git@github.com).Relates-to: #5567 (this feature relies on config being available)