-
Notifications
You must be signed in to change notification settings - Fork 15
git.credentials: implement full fill/approve/reject workflow #216
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Conversation
e95d092 to
063b054
Compare
063b054 to
a93a244
Compare
Codecov ReportPatch coverage:
Additional details and impacted files@@ Coverage Diff @@
## main #216 +/- ##
==========================================
- Coverage 82.41% 81.88% -0.54%
==========================================
Files 25 25
Lines 3572 3643 +71
Branches 626 641 +15
==========================================
+ Hits 2944 2983 +39
- Misses 531 559 +28
- Partials 97 101 +4
Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here. ☔ View full report in Codecov by Sentry. |
|
Thanks @pmrowla! Does it have any impact on prompting/interactive auth? Previously, I don't think we supported it at all, but AFAIK |
If the credential manager requires interactive input then yes. With microsoft's standard GCM it opens a browser window for http logins. This was already the scmrepo behavior prior to this patch though (since the original credential helper support was added). The difference was that we did not actually save the credentials afterwards, so users would be prompted every time we did a git operation that required auth, whereas now they are prompted on the first call and then we save the credentials in GCM, the same way that CLI git handles it. |
|
Sorry @pmrowla, I think I was conflating the credential helpers with the default git behavior for requesting credentials. That is really only useful initially, but this is one place where CLI Git doesn't fail and DVC does. What do you think about supporting something like this? |
|
We could support interactive prompting but it's probably not a quick fix since dulwich doesn't have native auth callback support yet. The intended workflow is that git should try an unauthenticated request (without using any credential helper or prompting) and then if it fails it should retry with helpers and/or prompting. The current behavior in scmrepo is that we try credential helpers first if they exist. Technically this means we load GCM credentials even for a request that would not require it, like cloning a public repo, but in practice this isn't really an issue for the credential helper case. For the interactive CLI prompt it does make a difference, since with the current behavior we would have to prompt the user before making every request (since whatever the user enters via the interactive prompt is not saved). We can implement this in scmrepo and then patch it into dulwich later, but it probably won't be a quick/small change. |
|
What do you think about falling back to Git CLI when an auth error is raised? |
|
@dberenbaum I would prefer that we just put the time into implementing it instead of using the CLI fallback |
git.credentialsAPI equivalent togit-credentialsscmrepoclients should useCredential.fill/approve/rejectrather than usingHelper.get/store/erasedirectly (as described in https://git-scm.com/docs/git-credential#_typical_use_of_git_credential)Closes #215