2023年6月22日 18:47:50go评论52阅读模式

英文:

HTTP authentication fails when password is into URL, but succeeded using interactive password prompt - why?

问题

我正在尝试通过CI管道使用访问令牌作为密码从HTTP访问git（不使用SSH是不行的）。如果将凭据嵌入URL中，它不起作用：

$ git clone http://username:pass-_word123@git.host/my/repo.git

Cloning into 'repo'...
remote: HTTP Basic: Access denied
fatal: Authentication failed for 'http://git.host/my/repo.git/'

但如果在交互模式下输入凭据 - 它可以正常工作：

$ git clone http://git.host/my/repo.git
Cloning into 'repo'...
Username for 'https://git.host:443': username
Password for 'https://username@git.host:443': pass-_word123

Cloning into 'repo'...
remote: Enumerating objects: 72, done.
remote: Counting objects: 100% (72/72), done.
remote: Compressing objects: 100% (53/53), done.
remote: Total 72 (delta 21), reused 60 (delta 17), pack-reused 0
Receiving objects: 100% (72/72), 7.90 KiB | 7.90 MiB/s, done.
Resolving deltas: 100% (21/21), done.

为什么会这样？如何修复这个问题？

我的密码只包含拉丁字符、数字和符号 "-" 和 "_"，如上面的示例所示，所以这不是特殊字符相关的问题。

英文:

I'm trying to access git via HTTP from CI pipeline using access token as a password (using SSH is not an option). If build credentials into URL, it doesn't work:

$ git clone http://username:pass-_word123@git.host/my/repo.git

Cloning into &#39;repo&#39;...
remote: HTTP Basic: Access denied
fatal: Authentication failed for &#39;http://git.host/my/repo.git/&#39;

But if enter credentials in interactive mode - it works fine:

$ git clone http://git.host/my/repo.git
Cloning into &#39;repo&#39;...
Username for &#39;https://git.host:443&#39;: username
Password for &#39;https://username@git.host:443&#39;: pass-_word123

Cloning into &#39;repo&#39;...
remote: Enumerating objects: 72, done.
remote: Counting objects: 100% (72/72), done.
remote: Compressing objects: 100% (53/53), done.
remote: Total 72 (delta 21), reused 60 (delta 17), pack-reused 0
Receiving objects: 100% (72/72), 7.90 KiB | 7.90 MiB/s, done.
Resolving deltas: 100% (21/21), done.

Why is it so? And how to fix that?

My password consists only of Latin characters, numbers and symbols "-" and "_" as shown in example above, so it is not special characters-related problem.

答案1

得分: 0

问题在于我试图从 http://git.host/... 进行 git 克隆，但服务器 git.host 只通过 HTTPS 响应请求，而不是 HTTP。

如果通过浏览器（或 curl）请求 http://git.host/my/repo.git，我可以看到服务器返回 HTTP 301 Moved Permanently 响应，然后浏览器（或 curl）会发出第二个请求到 httpS://git.host/... - 但如果使用 CLI 中的 git 客户端与该服务器交互，由于某些未知的原因，它无法正确地跟随 HTTP 301 响应。

这个问题正如问题描述的那样表现出来：只有在交互模式下才能成功地将凭据传递给服务器，而不能在它们被集成到请求 URL 中时传递。

解决这个问题的方法非常简单：在 git clone CLI 命令中使用 httpS://git.host/... 而不是 http://git.host/...，这样它会正确地使用通过命令行传递到 URL 中的凭据：

使用 HTTP 请求 - 这不起作用：

$ git clone http://username:pass-_word123@git.host/my/repo.git
Cloning into 'repo'...
remote: HTTP Basic: Access denied
fatal: Authentication failed for 'http://git.host/my/repo.git/'

使用 HTTPS 请求 - 这很好用：

$ git clone httpS://username:pass-_word123@git.host/my/repo.git
Cloning into 'repo'...
remote: Enumerating objects: 370, done.
remote: Counting objects: 100% (99/99), done.
remote: Compressing objects: 100% (62/62), done.
remote: Total 370 (delta 28), reused 87 (delta 23), pack-reused 271
Receiving objects: 100% (370/370), 46.43 KiB | 779.00 KiB/s, done.
Resolving deltas: 100% (94/94), done.

英文:

The problem is that I'm trying to git clone from http://git.host/... , but server git.host is set up to answer only via HTTPS, not HTTP.

If request http://git.host/my/repo.git from browser (or curl), I can see HTTP 301 Moved Permanently response from the server, and then browser (or curl) do second request to httpS://git.host/... - but if deal with this server from CLI git client, it cannot properly follow HTTP 301 response for some unknown reasons.

This problem manifests exactly in the way described in the question: credentials could be successfully passed to the server only in interactive mode, but not when they are integrated into request URL.

Solution to this problem is quite simple: use httpS://git.host/... instead of http://git.host/... in git clone CLI command, so it properly uses the credentials passed through command-line into URL:

### Request with HTTP - this does not works:
$ git clone http://username:pass-_word123@git.host/my/repo.git
Cloning into &#39;repo&#39;...
remote: HTTP Basic: Access denied
fatal: Authentication failed for &#39;http://git.host/my/repo.git/&#39;

### Request with HTTPS - this works fine:
$ git clone httpS://username:pass-_word123@git.host/my/repo.git
Cloning into &#39;repo&#39;...
remote: Enumerating objects: 370, done.
remote: Counting objects: 100% (99/99), done.
remote: Compressing objects: 100% (62/62), done.
remote: Total 370 (delta 28), reused 87 (delta 23), pack-reused 271
Receiving objects: 100% (370/370), 46.43 KiB | 779.00 KiB/s, done.
Resolving deltas: 100% (94/94), done.

通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库，让每个人都能够通过互相帮助和分享经验来进步。

HTTP authentication fails when password is into URL, but succeeded using interactive password prompt – why?

问题

答案1

使用 HTTP 请求 - 这不起作用：

使用 HTTPS 请求 - 这很好用：

GET http://localhost:8081/login net::ERR_TOO_MANY_REDIRECTS 302 Angular and Java

使用Golang进行HTTP基本身份验证

如何使用许可密钥/服务器来验证Flask应用程序？

LDAP: error code 49 – 80090308: LdapErr: DSID-0C090446, comment: AcceptSecurityContext error, data 52e, v2580 – using Spring tools

What's the correct way to type hint an empty list as a literal in python?

如何在Highcharts Gantt中更改本地化的星期名称

如何在同一个流中使用多个过滤器和映射函数？

如何使用Map/Set来将代码优化到O(n)？

.NET MAUI Android在GitHub Actions上构建失败，错误代码为1。

如何在Playwright视觉比较中屏蔽多个定位器？

在C++中，可以使用可变模板参数来检索类型的内部类型。

selenium.common.exceptions.StaleElementReferenceException: Message: stale element reference: stale element not found

Creating and opening a URL to log in to Website via Basic Auth with Robot Framework/Selenium (Python)

AG Grid 在上下文菜单中以大文本形式打开

发表评论