On Mon, Apr 02, 2018 at 03:05:35PM -0700, Junio C Hamano wrote: > "git help credential" mentions protocol, host, path, username and > password (and also url which is a short-hand for setting protocol > and host), but not "port". And common sense tells me, when a system > allows setting host but not port, that it would expect host:port to > be given when the service is running a non-standard port, so from > that point of view, I suspect that the current code is working as > expected. In fact, credential.h, which defines the API, does not > have any "port" field, either, so I am not sure how this is expected > to change anything without touching the back-end that talks over the > pipe via _credential_run-->credential_write callchain. > > Now, it is a separate matter if it were a better design if the > credential API had 'host' and 'port' defined as separate keys to the > authentication information. Such an alternative design would have > made certain things harder while some other things easier (e.g. "use > this credential to the host no matter what port the service runs" > may be easier to implement if 'host' and 'port' are separate).
I don't recall giving a huge amount of thought to alternate ports when writing the credential code. But at least the osxkeychain helper does parse "host:port" from the host field and feed it to the appropriate keychain arguments. And I think more oblivious helpers like credential-cache would just treat the "host" field as an opaque blob, making the port part of the matching. I suspect there are some corner cases, though. Reading the osxkeychain code, I think that asking for "http://example.com:80" and "http://example.com" would probably not get you to the same key, as we feed port==0 in the second case. In practice, it's probably not a _huge_ deal to be overly picky, as the worst case is that you get prompted and store the credential in a second slot (which then works going forward). So in general I think it's OK for the whole system to err on the side of being picky about whether two things are "the same" (which in this case is including the port). It usually works itself out in the long run, and we would not surprise the user with "example.com:8080 is the same as example.com:80". -Peff