From: Junio C Hamano <gitster@pobox.com>
To: "brian m. carlson" <sandals@crustytoothpaste.net>
Cc: M Hickford <mirth.hickford@gmail.com>,
Git Mailing List <git@vger.kernel.org>
Subject: Re: Fwd: [Bug] `credential fill` prints incomplete bearer credential
Date: Wed, 18 Dec 2024 21:56:08 -0800 [thread overview]
Message-ID: <xmqqldwcnrlz.fsf@gitster.g> (raw)
In-Reply-To: <Z2N-rV4fhF3ZkGlp@tapette.crustytoothpaste.net> (brian m. carlson's message of "Thu, 19 Dec 2024 02:02:21 +0000")
"brian m. carlson" <sandals@crustytoothpaste.net> writes:
> On 2024-12-18 at 20:42:31, M Hickford wrote:
>> Hi. Is this a bug in git version 2.47.1? Or am I using it incorrectly?
>>
>> # erase existing example.com credentials
>> printf "host=example.com\nprotocol=https\n" | git -c credential.helper= -c credential.helper=cache credential reject
>> # store bearer token with expiry in far future in credential-cache
>> printf "host=example.com\nprotocol=https\nauthtype=bearer\ncredential=letmein\npassword_expiry_utc=2147483640\n"
>> | git credential-cache store
>> # try to retrieve credential
>> printf "host=example.com\nprotocol=https\n" | git -c credential.helper= -c credential.helper=cache credential fill
>>
>> Expected output (complete credential):
>>
>> protocol=https
>> host=example.com
>> authtype=bearer
>> credential=letmein
>> password_expiry_utc=2147483640
>>
>> Actual output (incomplete credential, no prompt for username or password):
>>
>> protocol=https
>> host=example.com
>> password_expiry_utc=2147483640
>
> This is expected. Every request to a credential helper should include
> all of the capabilities that the caller supports on input, and the
> credential helper will always emit those on output. `git credential`,
> however, will only emit the capabilities that were actually supported,
> so that general callers (including Git LFS) can determine the actual
> set of supported capabilities.
> ...
The original report did
- run "git credential reject" to clear
- run "git credential-cache store"!!
- run "git credential fill" to check
which looked curious.
Am I correct to understand that if the second step is replaced with
"git credential approve" (which calls "credential-cache store"
internally), the right thing happens and necessary capabilities are
passed?
Thanks.
next prev parent reply other threads:[~2024-12-19 5:56 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <CAGJzqs=ksKqY2M8Px3uv6ut=MBwkmpPUqp3xVzVpNMJ0YBrBww@mail.gmail.com>
2024-12-18 20:42 ` Fwd: [Bug] `credential fill` prints incomplete bearer credential M Hickford
2024-12-19 2:02 ` brian m. carlson
2024-12-19 5:56 ` Junio C Hamano [this message]
2024-12-19 19:12 ` M Hickford
2024-12-19 19:15 ` M Hickford
2024-12-21 8:08 ` M Hickford
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=xmqqldwcnrlz.fsf@gitster.g \
--to=gitster@pobox.com \
--cc=git@vger.kernel.org \
--cc=mirth.hickford@gmail.com \
--cc=sandals@crustytoothpaste.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).