2822 – Password in .hgrc not parsed aymore!

Bug 2822 - Password in .hgrc not parsed aymore!

Summary: Password in .hgrc not parsed aymore!

Status:	RESOLVED FIXED

Alias:	None

Product:	Mercurial
Classification:	Unclassified
Component:	Mercurial (show other bugs)
Version:	unspecified
Hardware:	All All

Importance:	urgent bug
Assignee:	fladd

URL:
Keywords:

Depends on:
Blocks:

Reported:	2011-05-22 11:35 UTC by fladd
Modified:	2011-08-02 16:04 UTC (History)
CC List:	9 users (show)

See Also:
Python Version:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description fladd 2011-05-22 11:35 UTC

Since 1.7 the password in the .hgrc files (which used to work in the version
before!) is not recognized anymore and for every push it will ask for the
password explicitely!

Comment 1 fladd 2011-05-22 11:40 UTC

To be more precise, I use this .hgrc:

[ui]
username = siebenhundertzehn
merge = gvimdiff
editor = vim

[web]
cacerts = /etc/ssl/certs/ca-certificates.crt

[auth]
expyriment.prefix = expyriment.googlecode.com/hg
expyriment.username = siebenhundertzehn
expyriment.password = ***********
expyriment.schemes = https
expyriment-v01.prefix = v01.expyriment.googlecode.com/hg
expyriment-v01.username = siebenhundertzehn
expyriment-v01.password = ***********
expyriment-v01.schemes = https

Comment 2 timotei 2011-06-05 14:28 UTC

I had the same issue with 1.8.4. The solution (for google code) was the one
listed here:
http://mercurial.selenic.com/wiki/FAQ#FAQ.2BAC8-CommonProblems.How_can_I_store_my_HTTP_login_once_and_for_all_.3F


So, to fix it, edit the .hg/hgrc file from the repository, and add the
password aswell in the url:

[paths]
default = https://siebenhundertzehn
:<the password>@expyriment.googlecode.com/hg

Comment 3 Matt Mackall 2011-06-14 19:56 UTC

This sounds like a regression. Adding people who might know something about
it to nosy.

Comment 4 Steve Borho 2011-06-14 20:33 UTC

it would be useful to see the results of push with --debug.

I've not heard any other reports of this

Comment 5 Matt Mackall 2011-06-28 14:04 UTC

Setting to need-eg: example needed. Will close in two weeks if we don't hear
anything more on this.

Comment 6 fladd 2011-06-29 15:25 UTC

Uhm...the example is in my second post...?

Comment 7 Thomas Arendsen Hein 2011-07-01 08:52 UTC

fladd, can you provide the output of "hg push --debug"? (of course make sure
to check for sensitive data)

Comment 8 Patrick Mézard 2011-07-12 02:53 UTC

@fladd: is there a username is the URL you are trying to push to (use push
--verbose)? If so, can you edit it (in .hg/hgrc probably) and remove the
username, then try again?

My theory is there is username set in .hg/hgrc remote URL without a
password, and url.py bypass the [auth] section in this case:

  http://hg.intevation.org/mercurial/crew/file/e7525a555a64/mercurial/url.py#l28

If find this highly unintuitive and would have expected it to look up in
[auth] for a valid auth entry with the same username.

Comment 9 kiilerix 2011-08-02 16:04 UTC

A fix for this has been released in 1.9.1:
http://www.selenic.com/hg/rev/4a43e23b8c55 
hgweb: do not ignore [auth] if url has a username (issue2822) 

Please test and mark this issue as resolved.

Comment 10 Bugzilla 2012-05-12 09:20 UTC


--- Bug imported by bugzilla@serpentine.com 2012-05-12 09:20 EDT  ---

This bug was previously known as _bug_ 2822 at http://mercurial.selenic.com/bts/issue2822