https auth causes 3x validation

Create issue
Issue #94 resolved
Justin Abrahms created an issue

When I try to clone from my https svn server (internal to my company) it forces me to provide authentication 3 times. Always 3 times. If I fail at any one of them, the operation fails. This isn't a problem with svn or git-svn.

Comments (10)

  1. Former user Account Deleted

    I actually get 4, and I know the general source of all of them. Since svn+http and svn+https were removed in favor of guessing http and https, hgsubversion first tries to make a Mercurial http repository. When you do this, it does a test query to see if it is indeed a Mercurial http repository, so it asks for authentication. This fails, because it's a Subversion repository. It then tries to create a Mercurial static-http repository. Similar idea, only it seems to ask for auth twice in this case (I'm not sure why, it has to do with the failure on the first one). Since this doesn't work, finally hgsubversion tries to make a Subversion http repository. The last auth, which should look different from the others, is the only one that belongs to hgsubversion (if the three you get are identical, that means Subversion saved your password and is not asking for it, I think). The password manager is separate between http and static-http, and again with hgsubversion, which doesn't use Mercurial's password manager at all.

    I think the fix will either be to bring back svn+http and svn+https (likely the easiest--it is similar to static-http, since both require prefixes to be stripped) or to make the passwordmgr ( in Mercurial global and use it in passwordmgr.

  2. Augie Fackler repo owner

    Ah, good catch.

    I suppose this is a good point to mention that I've been thinking hg should have some kind of unified pluggable password management system for a while that is easy for extensions to hook into. Maybe this is the time to implement it.

  3. Dan Villiom Podlaski Christiansen
    • changed status to open

    What it also needs is better support for more than one handler for a scheme :)

  4. Daniel T

    I assume "pluggable password management system" would be referring to keychains and such? I have literally no experience with these, since I never save passwords, but I might be interested in trying my hand at this, though I'd probably be more comfortable with someone else doing it, for more probability of correctness. A quick search on mercurial-devel didn't reveal any discussions about this before, perhaps it should be brought up for 1.4?

  5. Augie Fackler repo owner

    Yeah, keychain etc. integration was what I had in mind. I'd much rather hg had the keychain store my password than require me to type it every time (or worse, store it in the repo url in .hg/hgrc).

  6. Patrick Mézard

    Do you have anything against reviving svn+http(s)? I just changed my svn repositories from svnserver to http and this is a real pain. I have hacked my way so I can pull/push with svn+http but I'd like to solve this, especially now I have started advertizing hgsubversion to coworkers.

    Having a password manager would be great, especially on OSX or other systems where it's well integrated. But for instance I don't use any under Windows (except for the svn one), and would not understand why hgsubversion could not use my svn credentials.

  7. Former user Account Deleted

    I had to add the following lines to pull from a server using ssl:

    diff -r 63cb630d667d hgsubversion/
    --- a/hgsubversion/      Sat Jul 18 22:30:59 2009 -0500
    +++ b/hgsubversion/      Tue Jul 21 13:27:46 2009 +0200
    @@ -71,7 +71,7 @@
    def normalize_url(url):
    -    if url.startswith('svn+http://'):
    +    if url.startswith('svn+http://') or url.startswith('svn+https://'):
            url = url[4:]
        url, revs, checkout = hg.parseurl(url)
        url = url.rstrip('/')
    diff -r 63cb630d667d tests/
    --- a/tests/        Sat Jul 18 22:30:59 2009 -0500
    +++ b/tests/        Tue Jul 21 13:27:46 2009 +0200
    @@ -56,6 +56,9 @@
            repo = svnrepo.svnremoterepo(ui, 'svn+http://joe@foo/bar')
            self.assertEqual(('http://foo/bar', 'bob', None), repo.svnauth)
    +        repo = svnrepo.svnremoterepo(ui, 'svn+https://joe@foo/bar')
    +        self.assertEqual(('https://foo/bar', 'bob', None), repo.svnauth)
    def suite():
        all = [unittest.TestLoader().loadTestsFromTestCase(TestSubversionUrls)]
        return unittest.TestSuite(all)
  8. Log in to comment