regression: remotes 2.4.0 breaking deploy tokens on gitlab

[ilikegitlab]

This works fine on 2.3.0:
devtools::install_git(paste0('https://gitlab+deploy-token-1111:aabbccddeeff@gitlab.com/name/project.git'), upgrade = FALSE)

on 2.4.0 (windows) I get:
Error: Failed to install 'unknown package' from Git:
Command failed (128)
In addition: Warning messages:
1: In system(full, intern = TRUE, ignore.stderr = quiet) :
running command '"C:\PROGRA1\Git\cmd\git.exe" ls-remote https://gitlab+deploy-token-1111:aabbccddeeff gitlab.com/name/project.git' had status 128
2: In system(full, intern = TRUE, ignore.stderr = quiet) :
running command '"C:\PROGRA1\Git\cmd\git.exe" ls-remote https://gitlab+deploy-token-1111:aabbccddeeff gitlab.com/name/project.git' had status 128

on linux:
Error: Failed to install 'unknown package' from Git:
Error in 'git2r_remote_ls': malformed URL 'https://gitlab+deploy-token-1111:aabbccddeeff''

It seems the @ is stripped from the call for some reason?

[ilikegitlab]

small update:
sorry for the paste0, was cleaning up the actual code and forgot this.

the linux error is actually similar as on windows. I've now updated to the git version (because I thought 5ada5f5 would fix it) to verify the problem still exist. The git2r error disappeared after removing that package and seems yet another issue.

[statnmap]

I also face a regression there. This is because when downloading the DESCRIPTION file with remotes::download(), this function does not account for git2r credentials.

Here is a reprex you can try. The package {hello.seb} is a private package on my account on GitLab.com. I created a token specifically for this package. The token is below, so that you can use it for your tests:

library(remotes)
if (!requireNamespace("git2r")) {install.packages("git2r")}
# Specific credentials for this private project
options(remotes.git_credentials = 
          git2r::cred_user_pass(username = "gitlab+deploy-token-521061", 
                                password = "Nbebu3FGGtZ6VMbLx23K"))
repo_url <- 'https://gitlab.com/statnmap/hello.seb'

# Does not work with remotes 1.4, but OK with 1.3
remotes::install_git(url = repo_url, git = "git2r")

# Reprex to debug ----
# Core of remotes:::remote_package_name.git2r_remote()
remote <- structure(
  list(url = "https://gitlab.com/statnmap/hello.seb.git", 
       subdir = NULL, ref = NULL, 
       credentials = structure(
         list(username = "gitlab+deploy-token-521061", 
              password = "Nbebu3FGGtZ6VMbLx23K"), class = "cred_user_pass")),
  class = c("git2r_remote", "remote"))


tmp <- tempfile()
description_path <- paste0(collapse = "/", c(remote$subdir, "DESCRIPTION"))
url <- remotes:::build_url(sub("\\.git$", "", remote$url), "raw", 
                           remotes:::remote_sha(remote), description_path)
# The URL is correct but download does not use creds
remotes:::download(tmp, url)
read_dcf(tmp)$Package

# Not working either
remotes:::download(tmp, url, basic_auth = remote$credentials)
read_dcf(tmp)$Package
# Not working either
remotes:::download(tmp, url, auth_token = remote$credentials$password)
read_dcf(tmp)$Package

If you want me to give you developer access to this package, I can, but I guess you can also create a private package yourself for your unit tests later.

Thank you.

[statnmap]

I guess this is a duplicate of: #632

[ilikegitlab]

It is not completely the same as #632 which seems resolved (as far as I understand the comments). There's a regexp in the new code that basically filters out URLs with user/passwords (except git@, which was added as a fix recently).

[statnmap]

The issue #632 is not resolved, a PR has been opened: #633
It will be solved if the PR is accepted.
I just tried the PR with a minor modification and it worked for me. Maybe this can solve your problem, but I am not sure...