Low I've come across an issue where SourceTree is not saving the password for two or more accounts when those accounts are on different sites but use the exact same username.
Steps to reproduce:
- Create (or already have) a user for two different sites (e.g. GitHub.com & Github Enterprise)
- Clone a private repo (through SourceTree) for one of the sites (e.g. GitHub.com), entering the username and password for that site to authenticate.
- Open Keychain.app and observe that SourceTree has saved the password (keychain item name is of the form <site.com> Access Key for <user-name>)
- Clone a private repo for the other site (e.g. Github Enterprise), entering the username and password for the second site to authenticate.
- In the Keychain.app application observer that a new keychain item was not created for the second site.
- Go back to the SourceTree window for the second site and attempt to perform any action that involves interaction with the remote (fetch, pull, etc.) and observe that you are prompted for the password again. Any additional interactions with the remote will again prompt you for the password.
It appears that SourceTree is only using the username to differentiate accounts, in lieu of using both the site and username. That would explain why a new password isn't saved (it sees that there's already one saved in keychain under the username) and why it prompts for a password for each interaction with the remote (presumably attempts to use the password in the keychain, fails, and then prompts the user).
If this is indeed the case SourceTree should be updated to use the username and site to distinguish between passwords as there are likely to be many users whose username is identical between different sites.
- is related to
-
SRCTREE-4708 Accessing GitHub and Bitbucket via OAuth with same username fails
-
- Closed
-
[SRCTREE-7807] Unable to use macOS Keychain for two different accounts with the same username
There appears to be a similar issue on mercurial-credential-manager using SourceTree v4.2.0 (246) on macOS v12.4 (since I also have gitlab credentials already stored in keychain with same username).
default 11:26:46.310147-0700 mercurial-credential-manager
------- GET AUTH CALLED ------
default 11:26:46.310215-0700 mercurial-credential-manager
------- GETTING AUTH VARS ------
default 11:26:46.310308-0700 mercurial-credential-manager host: myRepo.com
default 11:26:46.310357-0700 mercurial-credential-manager protocol: https
default 11:26:46.310385-0700 mercurial-credential-manager path: https://myRepo.com/applications
default 11:26:46.310425-0700 mercurial-credential-manager Auth type - 0
default 11:26:46.310450-0700 mercurial-credential-manager Trying to get password for username testUser and host myRepo.com
default 11:26:46.310530-0700 mercurial-credential-manager Looking for password in cache.
default 11:26:46.311275-0700 mercurial-credential-manager Looking for password in oauth credentials helper.
default 11:26:46.311311-0700 mercurial-credential-manager Fetching keychain items for service (password).
default 11:26:46.311470-0700 mercurial-credential-manager Not internal release, disabling SIRL
default 11:26:46.311609-0700 mercurial-credential-manager Adding securityd connection to pool, total now 1
default 11:26:46.314784-0700 mercurial-credential-manager UNIX error exception: 17
default 11:26:46.317951-0700 mercurial-credential-manager UNIX error exception: 17
default 11:26:46.319859-0700 mercurial-credential-manager UNIX error exception: 17
default 11:26:46.322346-0700 mercurial-credential-manager UNIX error exception: 17
default 11:26:46.324795-0700 mercurial-credential-manager UNIX error exception: 17
default 11:26:46.329485-0700 mercurial-credential-manager UNIX error exception: 17
default 11:26:51.384274-0700 mercurial-credential-manager Received configuration update from daemon (initial)
default 11:27:27.748136-0700 mercurial-credential-manager Encrypting password
default 11:27:27.748424-0700 mercurial-credential-manager Looking for password in oauth credentials helper.
default 11:27:27.748542-0700 mercurial-credential-manager Fetching keychain items for service (password).
default 11:27:27.750622-0700 mercurial-credential-manager UNIX error exception: 17
default 11:27:27.755045-0700 mercurial-credential-manager UNIX error exception: 17
default 11:27:27.814910-0700 mercurial-credential-manager Attempting to save password
error 11:27:27.816431-0700 mercurial-credential-manager cannot open file at line 45530 of [9ff244ce07]
error 11:27:27.816453-0700 mercurial-credential-manager os_unix.c:45530: (2) open(/var/db/DetachedSignatures) - No such file or directory
default 11:27:27.819840-0700 mercurial-credential-manager TrustSettingsUseXPC is enabled (via feature flags)
default 11:27:27.846664-0700 mercurial-credential-manager CSSM Exception: -2147413719 CSSMERR_DL_INVALID_UNIQUE_INDEX_DATA
default 11:27:27.848001-0700 mercurial-credential-manager CSSM Exception: -2147413719 CSSMERR_DL_INVALID_UNIQUE_INDEX_DATA
default 11:27:27.849041-0700 mercurial-credential-manager CSSM Exception: -2147413719 CSSMERR_DL_INVALID_UNIQUE_INDEX_DATA
default 11:27:27.849931-0700 mercurial-credential-manager possible duplicate, trying to delete invalid items
default 11:27:27.850038-0700 mercurial-credential-manager no unique id, using 5 attributes from mDbAttributes
default 11:27:27.852219-0700 mercurial-credential-manager duplicate item exception is real; throwing it on
default 11:27:27.852298-0700 mercurial-credential-manager caught CssmError during add: -2147413719 CSSMERR_DL_INVALID_UNIQUE_INDEX_DATA
default 11:27:27.853065-0700 mercurial-credential-manager Error fetching password for SourceTree account with username testUser.
Error Code - -25299
Error Description - The specified item already exists in the keychain.
Error domain - com.samsoffes.samkeychain
default 11:27:27.868792-0700 mercurial-credential-manager Username: username=testUser
default 11:27:27.868834-0700 mercurial-credential-manager password found
default 11:27:27.868928-0700 mercurial-credential-manager Entering exit handler.
default 11:27:27.868947-0700 mercurial-credential-manager Exiting exit handler.
Hi Joe,
Thanks for the detailed explanation.We are able to reproduce this issue.
We will be working on the fix & keep you informed.
Regards,
Natchiar.V
I enabled "Authentication Logging" from the Debug menu and have gotten the following output:
2022-02-04 11:22:55.293 git-credential-sourcetree[37053:3370323]
------- STORE AUTH CALLED ------
2022-02-04 11:22:55.294 git-credential-sourcetree[37053:3370323]
------- GETTING AUTH VARS ------
2022-02-04 11:22:55.294 git-credential-sourcetree[37053:3370323] protocol: https
2022-02-04 11:22:55.294 git-credential-sourcetree[37053:3370323] host: <host-name>
2022-02-04 11:22:55.294 git-credential-sourcetree[37053:3370323] username: <user>
2022-02-04 11:22:55.294 git-credential-sourcetree[37053:3370323] Looking for password in oauth credentials helper.
2022-02-04 11:22:55.294 git-credential-sourcetree[37053:3370323] Fetching keychain items for service (password).
2022-02-04 11:22:55.306 git-credential-sourcetree[37053:3370323] Attempting to save password
2022-02-04 11:22:55.328 git-credential-sourcetree[37053:3370323] Error fetching password for SourceTree account with username <user>.
Error Code - -25299
Error Description - The specified item already exists in the keychain.
Error domain - com.samsoffes.samkeychain
Great! Thanks!