From: <rsbecker@nexbridge•com>
To: "'Ashlesh Gawande'" <git@ashlesh•me>,
"'brian m. carlson'" <sandals@crustytoothpaste•net>,
git@vger•kernel.org, "'Patrick Steinhardt'" <ps@pks•im>,
"'Junio C Hamano'" <gitster@pobox•com>,
"'Ævar Arnfjörð Bjarmason'" <avarab@gmail•com>
Subject: RE: [PATCH] http.c: prompt for username on 403
Date: Wed, 10 Dec 2025 12:48:57 -0500 [thread overview]
Message-ID: <03ed01dc69fd$45f32fc0$d1d98f40$@nexbridge.com> (raw)
In-Reply-To: <37c3b31e-900e-4df0-ac30-284e71660487@ashlesh.me>
On December 10, 2025 7:30 AM, Ashlesh Gawande wrote:
>On 12/10/25 07:35, brian m. carlson wrote:
>> On 2025-12-09 at 08:22:49, Ashlesh Gawande wrote:
>>> I was working on separating the tests and thought about the original
>>> proposal a bit more.
>>> To stop the credentials from being erased on 403 could something like
>>> the following be acceptable?
>>>
>>> else if (results->http_code == 401 || results->http_code ==
>>> 403) {
>>> if ((http_auth.username && http_auth.password) ||\
>>> (http_auth.authtype && http_auth.credential)) {
>>> + // Do not override existing credentials on
>>> +403
>>> + if (results->http_code == 403) {
>>> + return HTTP_ERROR;
>>> + }
>>> +
>>> if (http_auth.multistage) {
>>>
>>> So then we would prompt on 403 only if credentials are not configured.
>> Can you tell me what file you see this in? I don't actually see any
>> place in the code that has "http_code == 403" in the latest version of
>> the main branch.
>>
>> I wonder if your issue may already be fixed in a newer version than
>> you have.
>Oh, that http_code == 403 is my original proposal to prompt for
>username/password on 403 (I did the diff on top of that instead of base).
>But you pointed out that it would wipe out existing credentials. This is an attempt to
>fix that by not prompting on 403 if git credentials are set.
>So when credentials are provided through default netrc file (such that
>http_auth.* are not set; git credential helper is not set) then we can still get the
>prompt on 403.
Please make sure that any existing git credential helpers, including custom helpers
are not impacted by this change. This would have serious negative consequences
and would be a blocker for many in my community who use both the standard
git credential helpers and custom ones. If you are going to force a credential wipe
this should cause an update to the credential protocol to inform the helper that a
wipe has occurred or is requested. The .netrc approach is most limited to Linux
implementations and is not available on or applicable to some other platforms.
Thank you for your attention.
Randall
next prev parent reply other threads:[~2025-12-10 17:49 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-10-14 14:43 [PATCH] http.c: prompt for username on 403 Ashlesh Gawande
2025-10-14 21:29 ` brian m. carlson
2025-10-15 14:12 ` Ashlesh Gawande
2025-10-15 22:31 ` brian m. carlson
2025-12-09 8:22 ` Ashlesh Gawande
2025-12-10 2:05 ` brian m. carlson
2025-12-10 12:30 ` Ashlesh Gawande
2025-12-10 17:48 ` rsbecker [this message]
2025-12-10 22:28 ` brian m. carlson
2025-12-11 6:05 ` Ashlesh Gawande
2025-12-10 12:32 ` Ashlesh Gawande
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='03ed01dc69fd$45f32fc0$d1d98f40$@nexbridge.com' \
--to=rsbecker@nexbridge$(echo .)com \
--cc=avarab@gmail$(echo .)com \
--cc=git@ashlesh$(echo .)me \
--cc=git@vger$(echo .)kernel.org \
--cc=gitster@pobox$(echo .)com \
--cc=ps@pks$(echo .)im \
--cc=sandals@crustytoothpaste$(echo .)net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox