Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-38194

Ampersand in Git password causes authentication failure

    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: Critical Critical
    • git-client-plugin
    • None
    • Windows server 2012 R2
      git-client-plugin 2.0.0

      Git client plugin 2.0.0 seems to have swapped from using .gitcredentials to GIT_ASKPASS and when I have an & character in my password the authentications fails. 1.21.0 was fine (and reverting to that version swaps back to using .gitcredentials)

      Escaping the & in the password stored in the credentials by using ^& works round the issue (but if the same credentials are used elsewhere then they will break)

          [JENKINS-38194] Ampersand in Git password causes authentication failure

          Mark Waite added a comment -

          karmseever are you using a username / password (as used with https based git repository access) where the the password contains the "&" character, or are you using a private key protected by a passphrase where the passphrase contains the "&" character (as used for ssh and scp based git repository access)?

          Mark Waite added a comment - karmseever are you using a username / password (as used with https based git repository access) where the the password contains the "&" character, or are you using a private key protected by a passphrase where the passphrase contains the "&" character (as used for ssh and scp based git repository access)?

          Mark Reeves added a comment - - edited

          username/password yes, using http not https (internal stash server)

          Mark Reeves added a comment - - edited username/password yes, using http not https (internal stash server)

          Cole Mietzner added a comment -

          karmseever, you might be right with this being a similar issue that I was having in JENKINS-38179, I dont have a "&" character in my password but I do have a ")" and a "^".

          Cole Mietzner added a comment - karmseever , you might be right with this being a similar issue that I was having in JENKINS-38179 , I dont have a "&" character in my password but I do have a ")" and a "^".

          Mark Reeves added a comment -

          Pretty certain the "^" would have broken it, which means this is effectively a duplicate of yours.

          Under certain circumstances (Delayed Expansion has been enabled in the command session) '!' will also have the same issue

          Mark Reeves added a comment - Pretty certain the "^" would have broken it, which means this is effectively a duplicate of yours. Under certain circumstances (Delayed Expansion has been enabled in the command session) '!' will also have the same issue

          Mark Waite added a comment -

          I just created an account on visualstudio.com with a password which contains a "^" and an "&" character and was able to checkout on my Docker instance from a repository using that user name and password.

          Is your agent (slave) which is failing the checkout a Windows machine?

          Does the same failure happen with a Linux machine?

          Mark Waite added a comment - I just created an account on visualstudio.com with a password which contains a "^" and an "&" character and was able to checkout on my Docker instance from a repository using that user name and password. Is your agent (slave) which is failing the checkout a Windows machine? Does the same failure happen with a Linux machine?

          Mark Reeves added a comment -

          slave is Windows server 2012 (as stated in 'environment' and as is JENKINS-38179). Not tried on Linux but the issue is clearly due to something not escaping windows environment variables so I can't see it affecting Linux slaves.

          Mark Reeves added a comment - slave is Windows server 2012 (as stated in 'environment' and as is JENKINS-38179 ). Not tried on Linux but the issue is clearly due to something not escaping windows environment variables so I can't see it affecting Linux slaves.

          Code changed in jenkins
          User: Mark Waite
          Path:
          src/main/java/org/jenkinsci/plugins/gitclient/CliGitAPIImpl.java
          src/test/java/org/jenkinsci/plugins/gitclient/CliGitAPIImplAuthTest.java
          http://jenkins-ci.org/commit/git-client-plugin/f7b7cb995f5aaf22dcc49ccc48b980e5d1ce7ecc
          Log:
          Test JENKINS-40116, JENKINS-38194, JENKINS-38179 & JENKINS-38138

          Confirm that characters which Windows requires be escaped in a batch
          file can be used as characters in a git password (as used through https
          with a username / password combination).

          SCM/JIRA link daemon added a comment - Code changed in jenkins User: Mark Waite Path: src/main/java/org/jenkinsci/plugins/gitclient/CliGitAPIImpl.java src/test/java/org/jenkinsci/plugins/gitclient/CliGitAPIImplAuthTest.java http://jenkins-ci.org/commit/git-client-plugin/f7b7cb995f5aaf22dcc49ccc48b980e5d1ce7ecc Log: Test JENKINS-40116 , JENKINS-38194 , JENKINS-38179 & JENKINS-38138 Confirm that characters which Windows requires be escaped in a batch file can be used as characters in a git password (as used through https with a username / password combination).

          Mark Waite added a comment -

          If you'd like to test a prototype build, for a short time it will be available from the ci.jenkins.io server. Upload it manually, restart your Jenkins server, and see if it helps in your case.

          Mark Waite added a comment - If you'd like to test a prototype build, for a short time it will be available from the ci.jenkins.io server. Upload it manually, restart your Jenkins server, and see if it helps in your case.

          Mark Waite added a comment -

          Fixed in git client plugin 2.2.1 16 Jan 2016

          Mark Waite added a comment - Fixed in git client plugin 2.2.1 16 Jan 2016

            markewaite Mark Waite
            karmseever Mark Reeves
            Votes:
            1 Vote for this issue
            Watchers:
            5 Start watching this issue

              Created:
              Updated:
              Resolved: