Confirming user name and password

Jason Harris jason at jasonfharris.com
Thu May 5 23:21:43 CDT 2011 

On May 3, 2011, at 10:42 AM, Benoit Boissinot wrote:

> On Tue, May 3, 2011 at 10:24 AM, Martin Geisler <mg at lazybytes.net> wrote:
>> Jason Harris <jason at jasonfharris.com> writes:
>> 
>>> Hi,
>>> 
>>> From MacHg I just discovered the following: I am likely just missing
>>> something but is there a command which will test to see if a user-name
>>> + password are acceptable to a server?
>> 
>> There is no command that just tests the password -- but you can work
>> around the problem, see below.
>> 
>>> I was using the identify command to see if I could log in with the
>>> given username and password.
>>> 
>>> [Volt:~/test/exclude-changesets] exclude-changesets 3(3) ⌘ hg identify --rev tip https://jfh:dog@bitbucket.org/jfh/exclude-changesets
>>> 8169bbc96762
>>> [Volt:~/test/exclude-changesets] exclude-changesets 3(3) ⌘ hg identify --rev tip https://jfh:cat@bitbucket.org/jfh/exclude-changesets
>>> 8169bbc96762
>>> 
>>> Clearly the password can't be both dog and cat. Is it a bug that the
>>> server doesn't reject the request when the password is incorrect?
>>> Actually is this bitbucket specific?
>> 
>> No, the explanation is much simpler: you are authenticated as needed,
>> and read-only operations require no authentication on a public repo.
>> 
>> You should do a dummy operation that requires authentication. In
>> Mercurial that means an operation that pushes something to the repo.
>> Since you don't want to push random changesets around for this check, I
>> suggest you instead try pushing a new pushkey namespace:
> 
> You could theoretically craft an empty bundle to push to the remote server.

Sorry for not following this up sooner. (Work stuff...)

I wanted to take a quick look at this myself...  But I have given this a tiny look and I have two questions so far:
(1) How should I create the empty bundle?
(2) Once I have the empty bundle how do I test the username + password on the server?

For (1) I can create *an* empty bundle by doing a dummy commit of something, then doing a qimport, qpop, edit the patch so it has no contents, qpush, qfinish, and then do a bundle of this changeset. This results in an "empty" bundle, but this probably isn't what you meant... So how do I create the bundle (it also has to be independent of the actual repo on the server, since of course the whole point is to test a login to the server when we don't actually know anything about the repo on the server yet...)

Then once I have a bundle which satisfies (1) how do I "push a bundle" to the server, in order to see if authentication works?

Are there other ways to do this with eg urllib2 or something? I tried reading mercurial/url.py but nothing jumped out at me...

Thanks in advance,
   Jas

More information about the Mercurial-devel mailing list