Low Description
I've come across an issue where SourceTree is not saving the password for two or more accounts when those accounts are on different sites but use the exact same username.
Steps to reproduce:
- Create (or already have) a user for two different sites (e.g. GitHub.com & Github Enterprise)
- Clone a private repo (through SourceTree) for one of the sites (e.g. GitHub.com), entering the username and password for that site to authenticate.
- Open Keychain.app and observe that SourceTree has saved the password (keychain item name is of the form <site.com> Access Key for <user-name>)
- Clone a private repo for the other site (e.g. Github Enterprise), entering the username and password for the second site to authenticate.
- In the Keychain.app application observer that a new keychain item was not created for the second site.
- Go back to the SourceTree window for the second site and attempt to perform any action that involves interaction with the remote (fetch, pull, etc.) and observe that you are prompted for the password again. Any additional interactions with the remote will again prompt you for the password.
It appears that SourceTree is only using the username to differentiate accounts, in lieu of using both the site and username. That would explain why a new password isn't saved (it sees that there's already one saved in keychain under the username) and why it prompts for a password for each interaction with the remote (presumably attempts to use the password in the keychain, fails, and then prompts the user).
If this is indeed the case SourceTree should be updated to use the username and site to distinguish between passwords as there are likely to be many users whose username is identical between different sites.
Attachments
Issue Links
- is related to
-
SRCTREE-4708 Accessing GitHub and Bitbucket via OAuth with same username fails
-
- Closed
-