Git-credential-manager-for-windows: GCMW not properly interacting with Bitbucket+Git Extensions

Created on 24 Jul 2018  路  10Comments  路  Source: microsoft/Git-Credential-Manager-for-Windows

I'm having an issue with Git Extensions and its interactions with Bitbucket and I believe I've narrowed the issue down to GCMW. I've tried all the recommendations I've found online but nothing is working to address the issue.

I changed my Windows password yeterday morning. Since then, whenever I attempt to interact with the Bitbucket repository from within Git Extensions (pull, push, fetch all ...) a window pops up with the Atlassian logo asking me to log in to my Bitbucket account. When I submit my name and password I receive the following message:

"C:Program FilesGitbingit.exe" fetch --progress "--all"
Fetching origin
remote: Invalid username or password. If your organization manages your account or you've enabled two-step verification, create an app password to log in: https://confluence.atlassian.com/x/9DJmMQ
fatal: Authentication failed for 'https://bitbucket.org/XXXXXXX/XXXXXXXXX/'
error: Could not fetch origin
Done

If I escape out of the pop-up instead of submitting my name and password, I receive a prompt within the Git Extensions Process window asking for my credentials. I can submit them there just fine, but they are not stored. Same thing if I uninstall GCMW.
Clearing my credentials within credential manager changes nothing.

bitbucket bug

All 10 comments

@jpers36 if you wouldn't mind capturing some trace logs, they'll likely help get the issue diagnosed.

  1. Open Command Prompt
  2. Run setx GIT_TRACE %UserProfile%\git.log
  3. Run setx GCM_TRACE %UserProfile%\git.log
  4. Restart any Git clients (SourceTree, Visual Studio, Code, etc).
  5. Reproduce your issue.

The logs will be collected in the file found at %UserProfile%\git.log. Once you've managed to reproduce the issue and collect logs of it happening, please share the logs via this issue. As always, please redact any private, secret, or personally identifiable information before sharing logs on the Internet.

/CC @mminns

redacted_git.log
Redacted log should be attached.

Hi @jpers36

Thanks for the log loiking at it my initial guess is that is the GCMW is validating your username/password against Bitbucket successfully, but then it is trying to compare your username against _example-username_. Obviously this fails, the GCMW is then saving your _good_ credentials as [email protected] in the Windows Vault. So when the GCMW tries later to find these credentials for username it fails.

07:52:06.103619 ...hAuthenticator.cs:31 trace: [GetAuthAsync] remote username [example-username] != [[email protected]] supplied username
07:52:06.103619 ...uthentication.cs:360 trace: [InteractiveLogon] token acquisition succeeded
07:52:06.107608 ...uthentication.cs:258 trace: [SetCredentials] example-username at https://bitbucket.org/
07:52:06.107608 ...uthentication.cs:258 trace: [SetCredentials] example-username at https://[email protected]/
07:52:06.113592 ...seSecureStore.cs:286 trace: [WriteCredential] credentials for 'git:https://[email protected]' written to store.

example-username doesn't existing in the GCMW code AFAICS so I suspcious its an odd response from Bitbucket. I will do some askign around here.

Cheers

oooh this aligns nicely with issues I've had setting up capture & replay tests for Bitbucket.

I kept getting "example-username" in the data for some reason. 馃

Ah. I believe the problem is in here
https://github.com/Microsoft/Git-Credential-Manager-for-Windows/commit/6bbf76f0b85f5f7c79d4702da22e4105ac585dff

Here: https://github.com/Microsoft/Git-Credential-Manager-for-Windows/commit/6bbf76f0b85f5f7c79d4702da22e4105ac585dff#diff-72e68931e036e9bb4365eb9ac68333c1R29
It is no longer appending and trying to talk to the /2.0/user REST resource, rather its talking to just http://api.bitbucket.org that redirects to https://developer.atlassian.com/bitbucket/api/2/reference/
this, coincidentally includes the JSON-like string that the code to find the username in the REST response expects, i.e.

internal static readonly Regex UsernameRegex = new Regex(@"s""username""s:s""([^""]+)""s", RegexOptions.CultureInvariant | RegexOptions.IgnoreCase);

Additionally I believe https://github.com/Microsoft/Git-Credential-Manager-for-Windows/blob/0585ae0e993926e303326f2e67872809ae77f695/Microsoft.Alm.Authentication/Src/Network.cs#L554 needs to include the Toke.Type representing a Bitbucket access token.

It is a little bit of a _how did it ever work and how did I not pick it up in testing_ . I think it is because when testing the GCMW it all appears to work, credentials are collected form the user, and returned to the user, but they aren't then saved correctly. Its only when using the GCMW repeatedly that the error becomes apparent. I suspect if I did see errors I mis-interpreted them be due to an old GCMW with an earlier issue as I have multiple Git installs on my machine.

I'll have a PR up by tomorrow.

FWIW I believe this is the fix https://github.com/Microsoft/Git-Credential-Manager-for-Windows/compare/master...mminns:issue/695?expand=1
Bit 'd like to add some tests to avoid future regressions.

@mminns you're the best, thanks! I'll get this fix in as soon as you have it ready.

Bit 'd like to add some tests to avoid future regressions.

Yes please, and hopefully you can enjoy the new capture and replay testing framework!

I created a PR, but sadly didn't have time for tests before I go on holiday. :( Apologies.

Just installed 1.17.0 and it works great. Thanks!

Was this page helpful?
0 / 5 - 0 ratings