4

The code base I'm working on has recently moved from ssh key controlled git to https bitbucket.

I use Magit to handle my version control in Emacs.

In the old ssh world I was never challenged for my username or password.

However, now I'm prompted for a password (and username depending how I clone) every time I perform an action on the repo.

Prompted for username and password:

git clone https://bitbucket.foo.com:8443/scm/bar.git

Prompted for password only:

git clone https://my.name@bitbucket.foo.com:8443/scm/bar.git

Pretty standard stuff so far.

To avoid typing in my username and password each time, I've found I can use auth-source which I can point to an encrypted file which I'm only challenged to authenticate once per emacs session - this suits me perfectly:

(setq auth-sources '((:source "~/.blah.authinfo.gpg")))  
(setq magit-process-find-password-functions '(magit-process-password-auth-source))

The decrypted format of the auth-sources file is:

machine mymachine login myloginname password mypassword port myport

Described here.

What I've found is irrespective of how I clone the repo (with or without username) the only way I can get this to work is to concatenate the protocol, username, and port into the "machine" setting:

machine https://my.name@bitbucket.foo.com:8443 password secret

I would expect to be able to make this work using the following, especially if I clone without specifying the username in the URL, but it doesn't match. In fact you are prompted for the git username and then the above rule will match instead - so the supplied git username is added to the machine moniker and is not matched against the login moniker:

machine bitbucket.foo.com:8443 login my.name password secret port https

This is using the example (see "For url-auth authentication...").

A spot of debugging shows how the matching is performed:

With:

(setq auth-source-debug t)

Yields:

Decrypting /home/blah/.blah.authinfo.gpg...done
auth-source-search: found 0 results (max 1) matching (:max 1 :host "https://my.name@bitbucket.foo.com:8443" :require (:host))

Machine is mapped to :host

I am aware of alternative non-emacs specific solutions using git credentials, but I have my reasons for wanting to control my authentication on a per-emacs session basis.

My question - is this a genuine glitch with magit's mapping of Git URLs onto auth-source, or have I set something up incorrectly or misunderstood?

Thanks!

Phil
  • 533
  • 4
  • 17
  • Maybe exact matches are used rather than looking for a substring that matches, and having a rule with protocol and user name concatenated would work. –  Apr 12 '18 at 13:25
  • Thanks for the reply - yes, I should be clear I can make it work using only a concatenated machine and password in my auth-source. So it's not stopping me using it. Just seems a bit disjoint from the standard auth-source format? – Phil Apr 12 '18 at 13:30
  • Have you tried specifying the port as being 8443 instead of https, and dropping :8443 from the machine name? Emacs 25.3+ contains a bug fix that permits `auth-source.el` to properly extract an entry from the authinfo file when ports are specified: https://github.com/jwiegley/emacs/commit/938495317a02b06a6c512832d0c6d9530fcd7f2b If you are using an earlier version of Emacs, you may wish to consider upgrading. – lawlist Apr 13 '18 at 03:20
  • Yes - I tried `machine bitbucket.foo.com login my.name password secret port 8443` and I'm pretty certain I tried `https://machine bitbucket.foo.com login my.name password secret port 8443`. From what you're saying it may be that `https://my.name@machine bitbucket.foo.com password secret port 8443` would work - but the login would still have to concatenated to the machine. I will double check this tho - thanks. I am using 25.3. – Phil Apr 13 '18 at 06:26
  • I confirm that keeping only the port separate from the machine as discussed above does not work either. This is on emacs 25.3.1. – Phil Apr 13 '18 at 09:23

2 Answers2

3

The prompt I see without any configuration is:

Password for 'https://tarsius@bitbucket.org':

this corresponds to the used remote url:

https://tarsius@bitbucket.org/tarsius/foobar.git

I then added an entry like this:

machine tarsius@bitbucket.org password 12345

and added the function to the hook:

(add-hook 'magit-process-find-password-functions
          'magit-process-password-auth-source)

after which pushing and pulling worked.

However an entry such as:

machine bitbucket.org login tarsius password 12345

didn't work.

Now it does. Actually I have adjusted the function to prefer an entry of that form. So both forms work now, but the latter takes precedence.

have I set something up incorrectly

Setting the port probably messed things up.

tarsius
  • 25,298
  • 4
  • 69
  • 109
  • Thanks, but I'm doing this as mentioned above - `(setq magit-process-find-password-functions '(magit-process-password-auth-source))` – Phil Apr 20 '18 at 12:09
  • Ah sorry....... – tarsius Apr 20 '18 at 16:11
  • @Phil I have updated my answer. – tarsius Aug 20 '18 at 20:48
  • This doesn't work for me. I cannot get magit and auth-source to work together. I've tried to also add the `auth-source-debug t` option but I don't see any output. I must be missing something – Ajned Mar 01 '19 at 13:39
  • @Ajned I’ve had the same problem. In fact, using edebug, I’ve found that `magit-process-filter` (which runs `magit-process-password-prompt`, which runs the `magit-process-find-password-functions` hook) isn’t even run until _after_ I’ve responded to the password prompt (and it thus concludes that the current Git output is not a password prompt). Tarsius, is this something I should file as a bug? – Tina Russell Sep 09 '20 at 08:40
0

Quick update - having installed magit version: 20190502.1206

machine https://my.name@bitbucket.foo.com:8443 password secret

No longer works, but this now does:

machine bitbucket.foo.com:8443 login my.name password secret

Phil
  • 533
  • 4
  • 17