| Message ID | 20220513070416.37235-4-Simon.Richter@hogyros.de (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | Allow configuration of HTTP authentication method | expand |
On 2022-05-13 at 07:04:16, Simon.Richter@hogyros.de wrote: > From: Simon Richter <Simon.Richter@hogyros.de> > > When using a Personal Access Token in Microsoft DevOps server, the username > can be empty, so users might expect that pressing return on an username > prompt will work. I don't think this is a good idea. libcurl relies on CURLOPT_USERPWD being set to enable authentication, and before the appearance of http.emptyAuth, it was extremely common for Kerberos users to specify an empty username to get Git to authenticate properly. I probably still have some repositories on my system configured that way. I believe GitHub can also accept an empty username with a PAT, but it can also accept a dummy (e.g., "token"), which I would hope Azure DevOps can do as well. In such a case, the documentation for Azure DevOps should just be updated to tell people to specify something like "token" or their username.
diff --git a/http.c b/http.c index c5af90b1b8..dc71fb75ea 100644 --- a/http.c +++ b/http.c @@ -433,7 +433,7 @@ static int curl_empty_auth_enabled(void) static void init_curl_http_auth(CURL *result) { - if (!http_auth.username || !*http_auth.username) { + if (!http_auth.username) { if (curl_empty_auth_enabled()) curl_easy_setopt(result, CURLOPT_USERPWD, ":"); return;
From: Simon Richter <Simon.Richter@hogyros.de> When using a Personal Access Token in Microsoft DevOps server, the username can be empty, so users might expect that pressing return on an username prompt will work. --- http.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)