From: Junio C Hamano <gitster@pobox.com>
To: "brian m. carlson" <sandals@crustytoothpaste.net>
Cc: M Hickford <mirth.hickford@gmail.com>,
Git Mailing List <git@vger.kernel.org>
Subject: Re: Fwd: [Bug] `credential fill` prints incomplete bearer credential
Date: Wed, 18 Dec 2024 21:56:08 -0800 [thread overview]
Message-ID: <xmqqldwcnrlz.fsf@gitster.g> (raw)
In-Reply-To: <Z2N-rV4fhF3ZkGlp@tapette.crustytoothpaste.net> (brian m. carlson's message of "Thu, 19 Dec 2024 02:02:21 +0000")
"brian m. carlson" <sandals@crustytoothpaste.net> writes:
> On 2024-12-18 at 20:42:31, M Hickford wrote:
>> Hi. Is this a bug in git version 2.47.1? Or am I using it incorrectly?
>>
>> # erase existing example.com credentials
>> printf "host=example.com\nprotocol=https\n" | git -c credential.helper= -c credential.helper=cache credential reject
>> # store bearer token with expiry in far future in credential-cache
>> printf "host=example.com\nprotocol=https\nauthtype=bearer\ncredential=letmein\npassword_expiry_utc=2147483640\n"
>> | git credential-cache store
>> # try to retrieve credential
>> printf "host=example.com\nprotocol=https\n" | git -c credential.helper= -c credential.helper=cache credential fill
>>
>> Expected output (complete credential):
>>
>> protocol=https
>> host=example.com
>> authtype=bearer
>> credential=letmein
>> password_expiry_utc=2147483640
>>
>> Actual output (incomplete credential, no prompt for username or password):
>>
>> protocol=https
>> host=example.com
>> password_expiry_utc=2147483640
>
> This is expected. Every request to a credential helper should include
> all of the capabilities that the caller supports on input, and the
> credential helper will always emit those on output. `git credential`,
> however, will only emit the capabilities that were actually supported,
> so that general callers (including Git LFS) can determine the actual
> set of supported capabilities.
> ...
The original report did
- run "git credential reject" to clear
- run "git credential-cache store"!!
- run "git credential fill" to check
which looked curious.
Am I correct to understand that if the second step is replaced with
"git credential approve" (which calls "credential-cache store"
internally), the right thing happens and necessary capabilities are
passed?
Thanks.
next prev parent reply other threads:[~2024-12-19 5:56 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <CAGJzqs=ksKqY2M8Px3uv6ut=MBwkmpPUqp3xVzVpNMJ0YBrBww@mail.gmail.com>
2024-12-18 20:42 ` Fwd: [Bug] `credential fill` prints incomplete bearer credential M Hickford
2024-12-19 2:02 ` brian m. carlson
2024-12-19 5:56 ` Junio C Hamano [this message]
2024-12-19 19:12 ` M Hickford
2024-12-19 19:15 ` M Hickford
2024-12-21 8:08 ` M Hickford
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=xmqqldwcnrlz.fsf@gitster.g \
--to=gitster@pobox.com \
--cc=git@vger.kernel.org \
--cc=mirth.hickford@gmail.com \
--cc=sandals@crustytoothpaste.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.