mirrors/git-annex
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages 1 Wiki Activity Actions

cache credentials in memory when doing http basic auth to a git remote

Browse source 
When accessing a git remote over http needs a git credential prompt for a
password, cache it for the lifetime of the git-annex process, rather than
repeatedly prompting.

The git-lfs special remote already caches the credential when discovering
the endpoint. And presumably commands like git pull do as well, since they
may download multiple urls from a remote.

The TMVar CredentialCache is read, so two concurrent calls to
getBasicAuthFromCredential will both prompt for a credential.
There would already be two concurrent password prompts in such a case,
and existing uses of `prompt` probably avoid it. Anyway, it's no worse
than before.
This commit is contained in:
Joey Hess 2022-09-09 13:53:38 -04:00
parent adb2f5cc00
commit 9621beabc4
No known key found for this signature in database
GPG key ID: DB12DB0FF05F8F38
5 changed files with 96 additions and 14 deletions
Download patch file Download diff file Expand all files Collapse all files

30
doc/todo/not_ask_git_credentials_for_password_per_each_file/comment_3_39ccd0fe773200166d0727dc903c34e3._comment Normal file
View file

@ -0,0 +1,30 @@
[[!comment format=mdwn
username="joey"
subject="""comment 3"""
date="2022-09-09T18:11:28Z"
content="""
I've implemented this, and a get of multiple files will prompt once.
However, there is one case where the password is prompted twice.
In a freshly cloned repo, where you have not run `git-annex init` manually,
`git-annex get foo` will prompt twice.
That is because autoinit causes `git-annex init --autoenable` to be run,
and that infortunately probes for the UUID of the http remote,
which needs the password. Since the cache is necessarily only for a single
process, that subprocess adds an additional prompt.
There might also be other cases where git-annex starts
subprocesses, that legitimately each need to prompt once for the password.
I expect that, when `git-annex transferrer` is used
(due to annex.stalldetection being configured), and -J is used,
each transferrer process will end up prompting once for the password.
I don't think it makes sense to convert this from a simple in-process cache
to a cache that is shared amoung all subprocesses. That would reimplement
what `git-credential-cache` already does. And if you need that,
you can just enable it.
But I would like to fix the autoinit case to not prompt twice, and am
leaving this open for now to do that.
"""]]