git-credential-keepassxc icon indicating copy to clipboard operation
git-credential-keepassxc copied to clipboard
verified publisher icon Frederick888

Cannot choose from multiple credentials

Open riedel opened this issue 5 years ago • 10 comments 

printf "url=https://github.com\[email protected]" | git credential fill
May 30 10:00:53.164 INFO Sending change-public-keys request
May 30 10:00:53.166 INFO Sending test-associate request
May 30 10:00:53.169 INFO Successfully authenticated against 1 database(s)
May 30 10:00:53.170 INFO Sending get-logins request
May 30 10:00:56.096 INFO KeePassXC return 2 login(s)
May 30 10:00:56.097 WARN More than 1 matching logins found, only the first one will be returned

riedel avatar May 30 '20 08:05 riedel

I tried to ask for a choice from stdin but Git doesn't seem to allow passing user input onto helpers after it's done feeding its own request. Perhaps this is not feasible atm.

Frederick888 avatar May 31 '20 08:05 Frederick888

Someday soon this may become a real problem: https://github.blog/2020-12-15-token-authentication-requirements-for-git-operations/

JJRcop avatar Jan 19 '21 18:01 JJRcop

@JJRcop May I know why the KPH solution doesn't work for you?

This can be potentially solved by having a pop-up UI (like pinentry), but I'm not particularly motivated to do it since it'll pull in quite a few dependencies only to solve some fringe cases imo.

Frederick888 avatar Jan 20 '21 00:01 Frederick888

@JJRcop May I know why the KPH solution doesn't work for you?

Please forgive me for missing this, it works great. The application may consider notifying when there are multiple matching entries and link to this information.

JJRcop avatar Jan 20 '21 06:01 JJRcop

@JJRcop Enable verbose logging -vv. https://github.com/Frederick888/git-credential-keepassxc/blob/e1319923d55cbad63f4ea533e62003e1031af6a5/src/main.rs#L548-L558

In terms of the desktop notifications I'd like to keep them minimal. It might be nice to see this message via notification for the first time, but over the time it just becomes annoying imo. Notifications are limited to critical events and those require user intervention for now. If we had too many, a filter would be needed, which is another rabbit hole I don't want to go down into.

Frederick888 avatar Jan 20 '21 11:01 Frederick888

hi, I've tried the KPH solution linked above and GCK seems to still be requesting access to the marked entries.

I have followed the instructions exactly (KPH field return enabled in browser options, "KPH: git" field with "false" value on the relevant entry).

any advice?

edit: will followup with edit since it's not worth another comment - keepassxc, when not set to "remember" your login for github, will still prompt using all logins, but GCK will filter them after. in retrospect this should be obvious..

atagen avatar Aug 26 '21 01:08 atagen

@atagen I'd suggest you use -vv to enable info & warning logs first. If it doesn't help, try a debug build with -vvv. Instructions can be found at https://github.com/Frederick888/git-credential-keepassxc/wiki/Troubleshooting

Frederick888 avatar Aug 26 '21 02:08 Frederick888

Would you consider returning the Title (or any unique identifier) of the entries in -vv instead? 😕

For the (modified) example of https://github.com/keepassxreboot/keepassxc-browser/blob/develop/keepassxc-protocol.md#get-logins:

$ cat > ~/a.json <<"EOF"
{
    "action": "get-logins",
    "url": "<snip>",
    "submitUrl": "<optional>",
    "httpAuth": "<optional>",
    "keys": [
        {
            "id": "<saved database identifier received from associate>",
            "key": "<saved identification public key>"
        },
        {
            "id": "<another saved database identifier received from associate>",
            "key": "<saved identification public key>"
        }
    ]
}

EOF
$ jq '.keys[] | .id' ~/a.json 
"<saved database identifier received from associate>"
"<another saved database identifier received from associate>"
$

stdedos avatar Feb 14 '22 11:02 stdedos