Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

stash and git's user.name

david blas
david blas January 10, 2014

I'm new to stash and git, and I'm likely doing something wrong here.

This has to do with Stash using Git's user.name instead of the Stash username.

a) I created two users in Stash (user1 and user2)

b) I checkout, in two different directories;

git clone http://user1:password@localhost:7990/scm/pick/pickertool.git

git clone http://user2:password@localhost:7990/scm/pick/pickertool.git

(note the user:password format)

c) However, if I set both of the local GIT repostories' user.name to "User" then I see the commits (in stash) as "User" (instead of user1 or user2).

Is this how its supposed to work? Am I doing something wrong?

In this situation, user1 can set their user.name to "user2" and make mask their commits.

Thanks,

Dave

Answer
Watch
Like Be the first to like this
859 views

2 answers

1 accepted

1 vote
Answer accepted
cofarrell
cofarrell
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
January 10, 2014

Hi David,

So if you look at your commits (ie git log) you'll see the user and email address of what is set locally. As you point out user2 can absolutely "fake" the user details if they so desire. It's important to note that Stash doesn't (yet) map the Git email/author names to anything in Stash, it might appear like we are because we're using Gravatar, but that's it. This is certainly something we will implement and you may be interested in voting on the following:

https://jira.atlassian.com/browse/STASH-3235

But that doesn't address the problem of impersonation, something that is much harder to solve. You may be interested in this:

https://jira.atlassian.com/browse/STASH-2642

There is a plugin mentioned on that ticket that enforces that when you push all the commits much contain an email address that matches the user who is pushing. I need to warn you that this works in simple workflows, but if you ever start forking with feature branches involving multiple people you will eventually run into the situation where you can't push because you be trying to push someone else's commits, and there is nothing you will be able to do. Enforcing security in a DVCS (distributed) world is tricky.

Does that help?

Charles

Reply
0 votes
david blas
david blas January 12, 2014

Hi, Charles,

That explains what's happening - thanks for for the reply and the links (I voted both issues).

Cheers,

Dave

Reply

Suggest an answer

Log in or Sign up to answer
Bitbucket
Bitbucket
TAGS
AUG Leaders

Atlassian Community Events

    See all events