On Wed, Aug 23, 2023 at 06:23:36PM +0200, Gabriel Nützi wrote:
> # Add 3 credentials, 2 specifics with `path=`
> # 1 with general host.
> {
> echo "protocol=https"
> echo "host=www.server.com"
> echo "path=repos/1.git"
> echo "username=banana"
> echo "password=banana1"
> } | git credential approve
>
> {
> echo "protocol=https"
> echo "host=www.server.com"
> echo "path=repos/2.git"
> echo "username=banana"
> echo "password=banana2"
> } | git credential approve
>
> {
> echo "protocol=https"
> echo "host=www.server.com"
> echo "username=banana"
> echo "password=general"
> } | git credential approve
I don't think we ever planned around this kind of "sometimes paths are
important, and sometimes not", and I'm not surprised it doesn't work.
The "useHTTPPath" flag is only read by the by the main Git side, and
just tells it whether to pass a "path" entry. On the helper side, any
omitted entry ("path" in the final case) means "match anything".
So that final command translates (from the helper's view) to "store
this, and delete any other credentials we have stored for
https://banana@xxxxxxxxxxxxxx";.
It might be possible to change the handling on the helper side to
distinguish between entries with no path and entries with a path, and
consider them separately. I don't know what gotchas we might see in that
case, though. I suspect at least in credential-store's on-disk format,
there is not really room to distinguish the empty-string path from "no
path given".
If you set credential.useHTTPPaths (so that it is applied consistently),
I think path-matching should work. But then you'd have to independently
store credentials for each path that could match the "generic" case.
As a workaround, you could use two different stores/caches. Something
like:
[credential]
# store most stuff here
helper = store
[credential "https://www.server.com/repos/1.git";]
# turn off the main helper, and use a path-specific file instead
helper =
helper = store --file=$HOME/.git-credentials-path
useHttpPath = true
-Peff
