HTTP authentication fails when password is into URL, but succeeded using interactive password prompt – why?

huangapple go评论58阅读模式
英文:

HTTP authentication fails when password is into URL, but succeeded using interactive password prompt - why?

问题

我正在尝试通过CI管道使用访问令牌作为密码从HTTP访问git(不使用SSH是不行的)。如果将凭据嵌入URL中,它不起作用:

$ git clone http://username:pass-_word123@git.host/my/repo.git

Cloning into 'repo'...
remote: HTTP Basic: Access denied
fatal: Authentication failed for 'http://git.host/my/repo.git/'

但如果在交互模式下输入凭据 - 它可以正常工作:

$ git clone http://git.host/my/repo.git
Cloning into 'repo'...
Username for 'https://git.host:443': username
Password for 'https://username@git.host:443': pass-_word123

Cloning into 'repo'...
remote: Enumerating objects: 72, done.
remote: Counting objects: 100% (72/72), done.
remote: Compressing objects: 100% (53/53), done.
remote: Total 72 (delta 21), reused 60 (delta 17), pack-reused 0
Receiving objects: 100% (72/72), 7.90 KiB | 7.90 MiB/s, done.
Resolving deltas: 100% (21/21), done.

为什么会这样?如何修复这个问题?

我的密码只包含拉丁字符、数字和符号 "-" 和 "_",如上面的示例所示,所以这不是特殊字符相关的问题。

英文:

I'm trying to access git via HTTP from CI pipeline using access token as a password (using SSH is not an option). If build credentials into URL, it doesn't work:

$ git clone http://username:pass-_word123@git.host/my/repo.git

Cloning into 'repo'...
remote: HTTP Basic: Access denied
fatal: Authentication failed for 'http://git.host/my/repo.git/'

But if enter credentials in interactive mode - it works fine:

$ git clone http://git.host/my/repo.git
Cloning into 'repo'...
Username for 'https://git.host:443': username
Password for 'https://username@git.host:443': pass-_word123

Cloning into 'repo'...
remote: Enumerating objects: 72, done.
remote: Counting objects: 100% (72/72), done.
remote: Compressing objects: 100% (53/53), done.
remote: Total 72 (delta 21), reused 60 (delta 17), pack-reused 0
Receiving objects: 100% (72/72), 7.90 KiB | 7.90 MiB/s, done.
Resolving deltas: 100% (21/21), done.

Why is it so? And how to fix that?

My password consists only of Latin characters, numbers and symbols "-" and "_" as shown in example above, so it is not special characters-related problem.

答案1

得分: 0

问题在于我试图从 http://git.host/... 进行 git 克隆,但服务器 git.host 只通过 HTTPS 响应请求,而不是 HTTP。

如果通过浏览器(或 curl)请求 http://git.host/my/repo.git,我可以看到服务器返回 HTTP 301 Moved Permanently 响应,然后浏览器(或 curl)会发出第二个请求到 httpS://git.host/... - 但如果使用 CLI 中的 git 客户端与该服务器交互,由于某些未知的原因,它无法正确地跟随 HTTP 301 响应。

这个问题正如问题描述的那样表现出来:只有在交互模式下才能成功地将凭据传递给服务器,而不能在它们被集成到请求 URL 中时传递。

解决这个问题的方法非常简单:在 git clone CLI 命令中使用 httpS://git.host/... 而不是 http://git.host/...,这样它会正确地使用通过命令行传递到 URL 中的凭据:

使用 HTTP 请求 - 这不起作用:

$ git clone http://username:pass-_word123@git.host/my/repo.git
Cloning into 'repo'...
remote: HTTP Basic: Access denied
fatal: Authentication failed for 'http://git.host/my/repo.git/'

使用 HTTPS 请求 - 这很好用:

$ git clone httpS://username:pass-_word123@git.host/my/repo.git
Cloning into 'repo'...
remote: Enumerating objects: 370, done.
remote: Counting objects: 100% (99/99), done.
remote: Compressing objects: 100% (62/62), done.
remote: Total 370 (delta 28), reused 87 (delta 23), pack-reused 271
Receiving objects: 100% (370/370), 46.43 KiB | 779.00 KiB/s, done.
Resolving deltas: 100% (94/94), done.
英文:

The problem is that I'm trying to git clone from http://git.host/... , but server git.host is set up to answer only via HTTPS, not HTTP.

If request http://git.host/my/repo.git from browser (or curl), I can see HTTP 301 Moved Permanently response from the server, and then browser (or curl) do second request to httpS://git.host/... - but if deal with this server from CLI git client, it cannot properly follow HTTP 301 response for some unknown reasons.

This problem manifests exactly in the way described in the question: credentials could be successfully passed to the server only in interactive mode, but not when they are integrated into request URL.

Solution to this problem is quite simple: use httpS://git.host/... instead of http://git.host/... in git clone CLI command, so it properly uses the credentials passed through command-line into URL:

### Request with HTTP - this does not works:
$ git clone http://username:pass-_word123@git.host/my/repo.git
Cloning into 'repo'...
remote: HTTP Basic: Access denied
fatal: Authentication failed for 'http://git.host/my/repo.git/'

### Request with HTTPS - this works fine:
$ git clone httpS://username:pass-_word123@git.host/my/repo.git
Cloning into 'repo'...
remote: Enumerating objects: 370, done.
remote: Counting objects: 100% (99/99), done.
remote: Compressing objects: 100% (62/62), done.
remote: Total 370 (delta 28), reused 87 (delta 23), pack-reused 271
Receiving objects: 100% (370/370), 46.43 KiB | 779.00 KiB/s, done.
Resolving deltas: 100% (94/94), done.

huangapple
  • 本文由 发表于 2023年6月22日 18:47:50
  • 转载请务必保留本文链接:https://go.coder-hub.com/76531107.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定