简体繁体中英

Identifying a user from their commit using a Personal Access Token in GitLab

原文 2019-03-22 16:36:28 1 1 git/ authentication/ gitlab/ access-token

How can I identify who pushed to a GitLab repository when a commit was made with a Personal Access Token? I'm interested in auditing the commits done to a shared repo.

When using a token to push to a GitLab repository, the remote origin URL has the following form:

https://user:token@repo/path

I noticed that the user part is irrelevant; the token is accepted regardless.

I'm not particularly fussy about the use of personal access token - what other alternatives are there to authenticate users, without using their GitLab password?

My scenario involves a web UI to commit to a GitLab repository; being on a different system, I'd rather not demand the users trust the web UI with their GitLab password. OAuth seems overkill for this, but if it's the only option so be it.

1 answers

I've solved this problem by using the GitLab API to validate the username.

In this specific instance, I've configured the web UI to get the username from the access token using the GitLab API and then use it as part of the commit message.

Final result:

Python code:

import gitlab

gl = gitlab.Gitlab('https://host', private_token=token)
gl.auth()
gl.user.attributes.get('username')

How to push a commit to Github from a CircleCI build using a personal access token

How to do git commit using personal access token?

Gitlab automate push with personal access token

Pip install a private repo from Gitlab with Personal Access Token on Gitlab-CI

How to connect to the gitlab from jenkins with token? You must use a personal access token with 'read_repository'

How to commit and push to a private repo(A), from a different repo(B), in github actions workflow (B) , using personal access token

Is there a way to authenticate to github from a script without using a personal access token?

Pushing to Github using Personal Access Token not working

Using a github Personal Access Token with TortoiseSVN

Gitlab Personal Access Token - where to keep the token for seamless clone / pull / push

暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How to push a commit to Github from a CircleCI build using a personal access token How to do git commit using personal access token? Gitlab automate push with personal access token Pip install a private repo from Gitlab with Personal Access Token on Gitlab-CI How to connect to the gitlab from jenkins with token? You must use a personal access token with 'read_repository' How to commit and push to a private repo(A), from a different repo(B), in github actions workflow (B) , using personal access token Is there a way to authenticate to github from a script without using a personal access token? Pushing to Github using Personal Access Token not working Using a github Personal Access Token with TortoiseSVN Gitlab Personal Access Token - where to keep the token for seamless clone / pull / push

Related Tags

Identifying a user from their commit using a Personal Access Token in GitLab

Question

1 answers

solution1 1 ACCPTED 2019-03-22 17:52:27

solution1
1 ACCPTED 2019-03-22 17:52:27