* [PATCH] send-email: report host and port separately when calling git credential @ 2018-03-31 18:05 Michal Nazarewicz 2018-04-02 22:05 ` Junio C Hamano 0 siblings, 1 reply; 7+ messages in thread From: Michal Nazarewicz @ 2018-03-31 18:05 UTC (permalink / raw) To: gitster, git; +Cc: Michał Nazarewicz When git-send-email uses git-credential to get SMTP password, it will communicate SMTP host and port (if both are provided) as a single entry ‘host=<host>:<port>’. This trips the ‘git-credential-store’ helper which expects those values as separate keys (‘host’ and ‘port’). Send the values as separate pieces of information so things work smoothly. Signed-off-by: Michał Nazarewicz <mina86@mina86.com> --- git-send-email.perl | 11 ++--------- 1 file changed, 2 insertions(+), 9 deletions(-) diff --git a/git-send-email.perl b/git-send-email.perl index 2fa7818ca..2a9f89a58 100755 --- a/git-send-email.perl +++ b/git-send-email.perl @@ -1229,14 +1229,6 @@ sub maildomain { return maildomain_net() || maildomain_mta() || 'localhost.localdomain'; } -sub smtp_host_string { - if (defined $smtp_server_port) { - return "$smtp_server:$smtp_server_port"; - } else { - return $smtp_server; - } -} - # Returns 1 if authentication succeeded or was not necessary # (smtp_user was not specified), and 0 otherwise. @@ -1263,7 +1255,8 @@ sub smtp_auth_maybe { # reject credentials. $auth = Git::credential({ 'protocol' => 'smtp', - 'host' => smtp_host_string(), + 'host' => $smtp_server, + 'port' => $smtp_server_port, 'username' => $smtp_authuser, # if there's no password, "git credential fill" will # give us one, otherwise it'll just pass this one. -- 2.16.2 ^ permalink raw reply related [flat|nested] 7+ messages in thread
* Re: [PATCH] send-email: report host and port separately when calling git credential 2018-03-31 18:05 [PATCH] send-email: report host and port separately when calling git credential Michal Nazarewicz @ 2018-04-02 22:05 ` Junio C Hamano 2018-04-02 23:23 ` [PATCH] send-email: fix docs regarding storing password with " Michal Nazarewicz 2018-04-04 21:07 ` [PATCH] send-email: report host and port separately when calling " Jeff King 0 siblings, 2 replies; 7+ messages in thread From: Junio C Hamano @ 2018-04-02 22:05 UTC (permalink / raw) To: Michal Nazarewicz; +Cc: git, Jeff King Michal Nazarewicz <mina86@mina86.com> writes: > When git-send-email uses git-credential to get SMTP password, it will > communicate SMTP host and port (if both are provided) as a single entry > ‘host=<host>:<port>’. This trips the ‘git-credential-store’ helper > which expects those values as separate keys (‘host’ and ‘port’). > > Send the values as separate pieces of information so things work > smoothly. > > Signed-off-by: Michał Nazarewicz <mina86@mina86.com> > --- > git-send-email.perl | 11 ++--------- > 1 file changed, 2 insertions(+), 9 deletions(-) "git help credential" mentions protocol, host, path, username and password (and also url which is a short-hand for setting protocol and host), but not "port". And common sense tells me, when a system allows setting host but not port, that it would expect host:port to be given when the service is running a non-standard port, so from that point of view, I suspect that the current code is working as expected. In fact, credential.h, which defines the API, does not have any "port" field, either, so I am not sure how this is expected to change anything without touching the back-end that talks over the pipe via _credential_run-->credential_write callchain. Now, it is a separate matter if it were a better design if the credential API had 'host' and 'port' defined as separate keys to the authentication information. Such an alternative design would have made certain things harder while some other things easier (e.g. "use this credential to the host no matter what port the service runs" may be easier to implement if 'host' and 'port' are separate). > diff --git a/git-send-email.perl b/git-send-email.perl > index 2fa7818ca..2a9f89a58 100755 > --- a/git-send-email.perl > +++ b/git-send-email.perl > @@ -1229,14 +1229,6 @@ sub maildomain { > return maildomain_net() || maildomain_mta() || 'localhost.localdomain'; > } > > -sub smtp_host_string { > - if (defined $smtp_server_port) { > - return "$smtp_server:$smtp_server_port"; > - } else { > - return $smtp_server; > - } > -} > - > # Returns 1 if authentication succeeded or was not necessary > # (smtp_user was not specified), and 0 otherwise. > > @@ -1263,7 +1255,8 @@ sub smtp_auth_maybe { > # reject credentials. > $auth = Git::credential({ > 'protocol' => 'smtp', > - 'host' => smtp_host_string(), > + 'host' => $smtp_server, > + 'port' => $smtp_server_port, > 'username' => $smtp_authuser, > # if there's no password, "git credential fill" will > # give us one, otherwise it'll just pass this one. ^ permalink raw reply [flat|nested] 7+ messages in thread
* [PATCH] send-email: fix docs regarding storing password with git credential 2018-04-02 22:05 ` Junio C Hamano @ 2018-04-02 23:23 ` Michal Nazarewicz 2018-04-04 21:14 ` Jeff King 2018-04-04 21:07 ` [PATCH] send-email: report host and port separately when calling " Jeff King 1 sibling, 1 reply; 7+ messages in thread From: Michal Nazarewicz @ 2018-04-02 23:23 UTC (permalink / raw) To: Junio C Hamano; +Cc: git, Jeff King, Michael Rappazzo, Michał Nazarewicz First of all, ‘git credential fill’ does not store credentials but is used to *read* them. The command which adds credentials to the helper’s store is ‘git credential approve’. Second of all, git-send-email will include port number in host parameter when getting the password so it has to be set when storing the password as well. Apply the two above to fix the Gmail example in git-send-email documentation. Signed-off-by: Michał Nazarewicz <mina86@mina86.com> --- Documentation/git-send-email.txt | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/Documentation/git-send-email.txt b/Documentation/git-send-email.txt index 71ef97ba9..172c7b344 100644 --- a/Documentation/git-send-email.txt +++ b/Documentation/git-send-email.txt @@ -477,13 +477,12 @@ https://security.google.com/settings/security/apppasswords to setup an app-specific password. Once setup, you can store it with the credentials helper: - $ git credential fill + $ git credential approve protocol=smtp - host=smtp.gmail.com + host=smtp.gmail.com:587 username=youname@gmail.com password=app-password - Once your commits are ready to be sent to the mailing list, run the following commands: -- 2.16.2 ^ permalink raw reply related [flat|nested] 7+ messages in thread
* Re: [PATCH] send-email: fix docs regarding storing password with git credential 2018-04-02 23:23 ` [PATCH] send-email: fix docs regarding storing password with " Michal Nazarewicz @ 2018-04-04 21:14 ` Jeff King 2018-04-07 10:07 ` [PATCH] send-email: simplify Gmail example in the documentation Michal Nazarewicz 2018-04-07 10:08 ` [PATCH] send-email: fix docs regarding storing password with git credential Michał Nazarewicz 0 siblings, 2 replies; 7+ messages in thread From: Jeff King @ 2018-04-04 21:14 UTC (permalink / raw) To: Michal Nazarewicz; +Cc: Junio C Hamano, git, Michael Rappazzo On Tue, Apr 03, 2018 at 12:23:48AM +0100, Michal Nazarewicz wrote: > First of all, ‘git credential fill’ does not store credentials > but is used to *read* them. The command which adds credentials > to the helper’s store is ‘git credential approve’. Yep, makes sense (I wish we had just called these consistently "get", "store", and "erase" as they are in the git<->helper interface). > Second of all, git-send-email will include port number in host > parameter when getting the password so it has to be set when > storing the password as well. > > Apply the two above to fix the Gmail example in git-send-email > documentation. Makes sense. This is an interesting counter-example to my earlier "well, it usually works out in the long run" statement. Because usually you're relying on some part of Git to issue the "fill" and the "approve", so whatever it uses, it will be the same. But here we're trying to pre-seed, so we have to match what the tool will do. On the other hand, I'm not sure why we need to pre-seed here. Wouldn't it be sufficient to just issue a "git send-email", which would then prompt for the password? And then you'd input your generated token, which would get saved via the approve mechanism? -Peff ^ permalink raw reply [flat|nested] 7+ messages in thread
* [PATCH] send-email: simplify Gmail example in the documentation 2018-04-04 21:14 ` Jeff King @ 2018-04-07 10:07 ` Michal Nazarewicz 2018-04-07 10:08 ` [PATCH] send-email: fix docs regarding storing password with git credential Michał Nazarewicz 1 sibling, 0 replies; 7+ messages in thread From: Michal Nazarewicz @ 2018-04-07 10:07 UTC (permalink / raw) To: Jeff King; +Cc: Junio C Hamano, git, Michael Rappazzo, Michał Nazarewicz There is no need for use to manually call ‘git credential’ especially as the interface isn’t super user-friendly and a bit confusing. ‘git send-email’ will do that for them at the first execution and if the password matches, it will be saved in the store. Simplify the documentaion so it dosn’t include the ‘git credential’ invocation (which was incorrect anyway as it should use ‘approve’ instead of ‘fill’) and instead just mentions that credentials helper must be set up. Signed-off-by: Michał Nazarewicz <mina86@mina86.com> --- Documentation/git-send-email.txt | 16 ++++++---------- 1 file changed, 6 insertions(+), 10 deletions(-) diff --git a/Documentation/git-send-email.txt b/Documentation/git-send-email.txt index 71ef97ba9..af07840b4 100644 --- a/Documentation/git-send-email.txt +++ b/Documentation/git-send-email.txt @@ -473,16 +473,7 @@ edit ~/.gitconfig to specify your account settings: If you have multifactor authentication setup on your gmail account, you will need to generate an app-specific password for use with 'git send-email'. Visit -https://security.google.com/settings/security/apppasswords to setup an -app-specific password. Once setup, you can store it with the credentials -helper: - - $ git credential fill - protocol=smtp - host=smtp.gmail.com - username=youname@gmail.com - password=app-password - +https://security.google.com/settings/security/apppasswords to create it. Once your commits are ready to be sent to the mailing list, run the following commands: @@ -491,7 +482,11 @@ following commands: $ edit outgoing/0000-* $ git send-email outgoing/* +The first time you run it, you will be prompted for your credentials. Enter the +app-specific or your regular password as appropriate. If you have credential +helper configured (see linkgit:git-credential[1]), the password will be saved in +the credential store so you won't have to type it the next time. + Note: the following perl modules are required Net::SMTP::SSL, MIME::Base64 and Authen::SASL -- 2.16.2 ^ permalink raw reply related [flat|nested] 7+ messages in thread
* Re: [PATCH] send-email: fix docs regarding storing password with git credential 2018-04-04 21:14 ` Jeff King 2018-04-07 10:07 ` [PATCH] send-email: simplify Gmail example in the documentation Michal Nazarewicz @ 2018-04-07 10:08 ` Michał Nazarewicz 1 sibling, 0 replies; 7+ messages in thread From: Michał Nazarewicz @ 2018-04-07 10:08 UTC (permalink / raw) To: Jeff King; +Cc: Junio C Hamano, git, Michael Rappazzo 2018-04-04 22:14 GMT+01:00 Jeff King <peff@peff.net>: > On the other hand, I'm not sure why we need to pre-seed here. Wouldn't > it be sufficient to just issue a "git send-email", which would then > prompt for the password? And then you'd input your generated token, > which would get saved via the approve mechanism? Yeah, this is precisely what I’ve figured as well. As long as the credentials helper is configured git-send-email will approve the password and it’ll be stored then. New patch sent. ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH] send-email: report host and port separately when calling git credential 2018-04-02 22:05 ` Junio C Hamano 2018-04-02 23:23 ` [PATCH] send-email: fix docs regarding storing password with " Michal Nazarewicz @ 2018-04-04 21:07 ` Jeff King 1 sibling, 0 replies; 7+ messages in thread From: Jeff King @ 2018-04-04 21:07 UTC (permalink / raw) To: Junio C Hamano; +Cc: Michal Nazarewicz, git On Mon, Apr 02, 2018 at 03:05:35PM -0700, Junio C Hamano wrote: > "git help credential" mentions protocol, host, path, username and > password (and also url which is a short-hand for setting protocol > and host), but not "port". And common sense tells me, when a system > allows setting host but not port, that it would expect host:port to > be given when the service is running a non-standard port, so from > that point of view, I suspect that the current code is working as > expected. In fact, credential.h, which defines the API, does not > have any "port" field, either, so I am not sure how this is expected > to change anything without touching the back-end that talks over the > pipe via _credential_run-->credential_write callchain. > > Now, it is a separate matter if it were a better design if the > credential API had 'host' and 'port' defined as separate keys to the > authentication information. Such an alternative design would have > made certain things harder while some other things easier (e.g. "use > this credential to the host no matter what port the service runs" > may be easier to implement if 'host' and 'port' are separate). I don't recall giving a huge amount of thought to alternate ports when writing the credential code. But at least the osxkeychain helper does parse "host:port" from the host field and feed it to the appropriate keychain arguments. And I think more oblivious helpers like credential-cache would just treat the "host" field as an opaque blob, making the port part of the matching. I suspect there are some corner cases, though. Reading the osxkeychain code, I think that asking for "http://example.com:80" and "http://example.com" would probably not get you to the same key, as we feed port==0 in the second case. In practice, it's probably not a _huge_ deal to be overly picky, as the worst case is that you get prompted and store the credential in a second slot (which then works going forward). So in general I think it's OK for the whole system to err on the side of being picky about whether two things are "the same" (which in this case is including the port). It usually works itself out in the long run, and we would not surprise the user with "example.com:8080 is the same as example.com:80". -Peff ^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2018-04-07 10:08 UTC | newest] Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2018-03-31 18:05 [PATCH] send-email: report host and port separately when calling git credential Michal Nazarewicz 2018-04-02 22:05 ` Junio C Hamano 2018-04-02 23:23 ` [PATCH] send-email: fix docs regarding storing password with " Michal Nazarewicz 2018-04-04 21:14 ` Jeff King 2018-04-07 10:07 ` [PATCH] send-email: simplify Gmail example in the documentation Michal Nazarewicz 2018-04-07 10:08 ` [PATCH] send-email: fix docs regarding storing password with git credential Michał Nazarewicz 2018-04-04 21:07 ` [PATCH] send-email: report host and port separately when calling " Jeff King
Code repositories for project(s) associated with this public inbox https://80x24.org/mirrors/git.git This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).