Confirming user name and password
Jason Harris
jason at jasonfharris.com
Thu May 5 23:21:43 CDT 2011
On May 3, 2011, at 10:42 AM, Benoit Boissinot wrote:
> On Tue, May 3, 2011 at 10:24 AM, Martin Geisler <mg at lazybytes.net> wrote:
>> Jason Harris <jason at jasonfharris.com> writes:
>>
>>> Hi,
>>>
>>> From MacHg I just discovered the following: I am likely just missing
>>> something but is there a command which will test to see if a user-name
>>> + password are acceptable to a server?
>>
>> There is no command that just tests the password -- but you can work
>> around the problem, see below.
>>
>>> I was using the identify command to see if I could log in with the
>>> given username and password.
>>>
>>> [Volt:~/test/exclude-changesets] exclude-changesets 3(3) ⌘ hg identify --rev tip https://jfh:dog@bitbucket.org/jfh/exclude-changesets
>>> 8169bbc96762
>>> [Volt:~/test/exclude-changesets] exclude-changesets 3(3) ⌘ hg identify --rev tip https://jfh:cat@bitbucket.org/jfh/exclude-changesets
>>> 8169bbc96762
>>>
>>> Clearly the password can't be both dog and cat. Is it a bug that the
>>> server doesn't reject the request when the password is incorrect?
>>> Actually is this bitbucket specific?
>>
>> No, the explanation is much simpler: you are authenticated as needed,
>> and read-only operations require no authentication on a public repo.
>>
>> You should do a dummy operation that requires authentication. In
>> Mercurial that means an operation that pushes something to the repo.
>> Since you don't want to push random changesets around for this check, I
>> suggest you instead try pushing a new pushkey namespace:
>
> You could theoretically craft an empty bundle to push to the remote server.
Sorry for not following this up sooner. (Work stuff...)
I wanted to take a quick look at this myself... But I have given this a tiny look and I have two questions so far:
(1) How should I create the empty bundle?
(2) Once I have the empty bundle how do I test the username + password on the server?
For (1) I can create *an* empty bundle by doing a dummy commit of something, then doing a qimport, qpop, edit the patch so it has no contents, qpush, qfinish, and then do a bundle of this changeset. This results in an "empty" bundle, but this probably isn't what you meant... So how do I create the bundle (it also has to be independent of the actual repo on the server, since of course the whole point is to test a login to the server when we don't actually know anything about the repo on the server yet...)
Then once I have a bundle which satisfies (1) how do I "push a bundle" to the server, in order to see if authentication works?
Are there other ways to do this with eg urllib2 or something? I tried reading mercurial/url.py but nothing jumped out at me...
Thanks in advance,
Jas
More information about the Mercurial-devel
mailing list