diff options
author | Edward Thomson <ethomson@edwardthomson.com> | 2021-08-05 08:12:28 -0400 |
---|---|---|
committer | Edward Thomson <ethomson@edwardthomson.com> | 2021-08-05 08:15:10 -0400 |
commit | 28841241745bdc30be0ef78235f3c4ba38345590 (patch) | |
tree | d98d7b756235ea467843c9282a26e174f0804df6 | |
parent | c87e4760095ddabab28d90b43d0d30433691e451 (diff) | |
download | libgit2-28841241745bdc30be0ef78235f3c4ba38345590.tar.gz |
http: don't require a passwordethomson/http_empty_password
Attempt authentication when a username is presented but a password is
not; this can happen in particular when users are doing token
authentication and specifying the token in the URL itself. For example,
`https://token@host/` is a valid URI and should be treated as a username
of `token` with an empty password.
-rw-r--r-- | src/transports/http.c | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/src/transports/http.c b/src/transports/http.c index 4538dd143..9871be5ad 100644 --- a/src/transports/http.c +++ b/src/transports/http.c @@ -104,6 +104,11 @@ static int apply_url_credentials( const char *username, const char *password) { + GIT_ASSERT_ARG(username); + + if (!password) + password = ""; + if (allowed_types & GIT_CREDENTIAL_USERPASS_PLAINTEXT) return git_credential_userpass_plaintext_new(cred, username, password); @@ -138,8 +143,7 @@ static int handle_auth( /* Start with URL-specified credentials, if there were any. */ if ((allowed_credtypes & GIT_CREDENTIAL_USERPASS_PLAINTEXT) && !server->url_cred_presented && - server->url.username && - server->url.password) { + server->url.username) { error = apply_url_credentials(&server->cred, allowed_credtypes, server->url.username, server->url.password); server->url_cred_presented = 1; |