Git-credential-manager can not detect if credentials are wrong

Issue #870 open
Lukas created an issue

Usually wrong credentials don't get saved, or get removed if they already were saved.

But while communicating with the SCM-Manager the credential-manager seems not to be able to detect if the credentials were wrong and saves them anyway.

The full conversation - reducing the problem to your SCM-Manager - can be found here:

Comments (7)

  1. Sebastian Sdorra repo owner

    send http status code 401 unauthorized on failed git authentication, see issue #870

    Revert use of GitSmartHttpTools to send unauthoried errors back to the git client, because the password is stored in the git credentials store event if the username or password was invalid. Switch back to default method, which send http status code 401 back to the client. This method does not send the customized client message, but the default one from git is good enough.

    → <<cset 47dcdf82b7b8>>

  2. Lukas reporter

    I have found another bug in the 1.50-SNAPSHOT you have sent me (we are still running this version on our dev system)

    With this version the server does not store the Logfiles to $HOME/.scm/logs like it should. We have only found some logs at /var/log/messages but this file is only accessable for root 😖

  3. Log in to comment