Authentication with e-mail address as user name for HTTPS remote

[Patrick Atoon]

Hello,

I run into a problem with command line git on Linux.

The remote git server I try to clone from uses HTTPS as a protocol and
requires full
fledged e-mail addresses for a user name in its authentication. In
TortoiseGit (with
winstore) or SourceTree, the user name and password are asked and
stored. But on the
command line I'm stuck, unable to provide the user name.

Here is what happens. First try cloning without specifying the user name:

---8---
$ git clone https://git.server.com/git/test.git
Initialized empty Git repository in /tmp/git/test/.git/
error: The requested URL returned error: 401 Authorization Required
while accessing
https://git.server.com/git/test.git/nfo/refs

fatal: HTTP request failed
---8---

I couldn't find a --username flag or something similar for the git
command, so my next
try was to incorporate the user name in the URL, basic auth style. The
repo URL looks
something like this:

https://user.em...@emaildomain.com@git.server.com/git/test.git

Note the double @ there, it is bound to cause trouble.
This is what happened:

---8---
$ git clone https://user.em...@emaildomain.com@git.server.com/git/test.git
Initialized empty Git repository in /tmp/git/test/.git/
Password:
error: Couldn't resolve host 'emaildomain@git.server.com' while accessing
https://user.em...@emaildomain.com@git.server.com/git/test.git/info/refs

fatal: HTTP request failed
---8---

It appears the @ was picked up as an indication that the URL
contains the username,
however the URL was split at the wrong position. The splitting
algorithm doesn't seem to
take into account that a user name might contain an @.

My request: please modify command line git to support full fledged
e-mail addresses as
user names in HTTPS requests.

I'm not a C adept, still I browsed the code a bit and bumped into
transport.c's
transport_anonymize_url method. I think that code could be modified
to do a better job
of splitting the URL, which might then avoid problems down the line.

Thanks for reading this far.

Regards,

Patrick
--
To unsubscribe from this list: send the line unsubscribe git in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: Authentication with e-mail address as user name for HTTPS remote

[Jeff King]

On Sat, Aug 31, 2013 at 08:52:06AM +0200, Patrick Atoon wrote:

 Here is what happens. First try cloning without specifying the user name:
 
 ---8---
 $ git clone https://git.server.com/git/test.git
 Initialized empty Git repository in /tmp/git/test/.git/
 error: The requested URL returned error: 401 Authorization Required
 while accessing
 https://git.server.com/git/test.git/nfo/refs
 
 fatal: HTTP request failed

That should be prompting you. What version of git are you using?

 I couldn't find a --username flag or something similar for the git
 command, so my next try was to incorporate the user name in the URL,
 basic auth style.

Yes, that's the correct way to do it from the command line.

If you are running v1.7.9 and later, you can also put this in your
config:

  [credential https://git.server.com;]
username = user.em...@emaildomain.com

to automatically use that username for the particular domain.

 https://user.em...@emaildomain.com@git.server.com/git/test.git
 
 Note the double @ there, it is bound to cause trouble.

Yes. You probably want to escape it like:

  https://user.email%40emaildomain@git.server.com/git/test.git

In theory we could parse from the right-hand side of the hostname and
realize that only the right-most @ is the username separator (under
the assumption that hostnames can never contain an @). I don't know if
that would violate the standard or not. However, it is not even git that
does the actual parsing in this case, but rather libcurl.

-Peff
--
To unsubscribe from this list: send the line unsubscribe git in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html