git@vger.kernel.org mailing list mirror (one of many)
 help / color / mirror / code / Atom feed
From: Junio C Hamano <gitster@pobox.com>
To: Deepak Patankar <patankardeepak04@gmail.com>
Cc: git@vger.kernel.org
Subject: Re: How to Verify the Git Credentials supplied by the User
Date: Mon, 12 Oct 2020 10:46:40 -0700	[thread overview]
Message-ID: <xmqqsgajpcan.fsf@gitster.c.googlers.com> (raw)
In-Reply-To: <CABmmNJOGBdEO+AT0_8dSwmFxomFE7A5x354+YgfxiU5N+mOroA@mail.gmail.com> (Deepak Patankar's message of "Mon, 12 Oct 2020 19:20:42 +0530")

Deepak Patankar <patankardeepak04@gmail.com> writes:

> I am writing an application in which we will support git integration.
> The user will provide us with his/her git credentials so that we can
> push some files on his git. The git credentials which user will supply
> can be
>
> HTTP (Username and Password/ Kerberos)
> SSH
>
> Before saving the user credentials I want to validate that the
> credentials entered is valid.

It obviously depends on the remote side, but a relatively safe thing
to try is to run things like "ls-remote" or "push --dry-run" that
will not cause any actual damage against the remote, and see if your
authentication fail.

But you might be asking a XY question.  I would expect that any
reasonable application that manages authentication material for the
user and drives "git fetch" and "git push" would act as a credential
helper and uses the credential protocol to talk to Git, so it will
learn an authentication failure upon the first use, at which point
it has the chance to drop the authentication material it obtained
earlier and ask the user for the corrected one---there is no need
for the application to see if the authentication material is correct
before the user does anything else.


> The user might be using GithHub/BitBucket/GitLab. I am trying to find
> some git command which I can use to validate the credentials. Can you
> please point me to some command/logic which I can try?
>
> What I have tried?
> I tried git ls-remote command, but it requires the repo name/url. In
> one of our use case, the user won't specify the repository name
> beforehand. Because of which I am not able to use this command.

This assumes there always is a single authentication material
regardless of the URL, which is probably not a good security posture
to encourage the users to adopt.

  reply	other threads:[~2020-10-12 17:46 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-10-12 13:50 How to Verify the Git Credentials supplied by the User Deepak Patankar
2020-10-12 17:46 ` Junio C Hamano [this message]
     [not found]   ` <CABmmNJOCJEpGwz3hxYsKO=xwx_rrVv5_QcZuS_=gUZH9bM0G2A@mail.gmail.com>
2020-10-13  5:24     ` Deepak Patankar
2020-10-13  5:32       ` Junio C Hamano

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

  List information: http://vger.kernel.org/majordomo-info.html

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=xmqqsgajpcan.fsf@gitster.c.googlers.com \
    --to=gitster@pobox.com \
    --cc=git@vger.kernel.org \
    --cc=patankardeepak04@gmail.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
Code repositories for project(s) associated with this public inbox

	https://80x24.org/mirrors/git.git

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).