remove creds from clone url (#2653)

* wrap template variables in quotes
* remove redundant fields from credentials
* add creds in gitness clone url
* set git user name and email after cloning
* remove creds from clone url

app/gitspace/orchestrator/git/git_impl.go

@@ -17,6 +17,7 @@ package git
 import (
 	"context"
 	"fmt"
+	"net/url"
 
 	"github.com/harness/gitness/app/gitspace/orchestrator/devcontainer"
 	"github.com/harness/gitness/app/gitspace/orchestrator/template"
@@ -60,12 +61,7 @@ func (g *ServiceImpl) SetupCredentials(
 ) ([]byte, error) {
 	script, err := template.GenerateScriptFromTemplate(
 		templateSetupGitCredentials, &template.SetupGitCredentialsPayload{
-			Email:    resolvedRepoDetails.Credentials.Email,
-			Name:     resolvedRepoDetails.Credentials.Name,
-			Password: resolvedRepoDetails.Credentials.Password,
-			Host:     resolvedRepoDetails.Credentials.Host,
-			Protocol: resolvedRepoDetails.Credentials.Protocol,
-			Path:     resolvedRepoDetails.Credentials.Path,
+			CloneURLWithCreds: resolvedRepoDetails.CloneURL,
 		})
 	if err != nil {
 		return nil, fmt.Errorf(
@@ -90,12 +86,20 @@ func (g *ServiceImpl) CloneCode(
 	resolvedRepoDetails scm.ResolvedDetails,
 	defaultBaseImage string,
 ) ([]byte, error) {
+	cloneURL, err := url.Parse(resolvedRepoDetails.CloneURL)
+	if err != nil {
+		return nil, fmt.Errorf(
+			"failed to parse clone url %s: %w", resolvedRepoDetails.CloneURL, err)
+	}
+	cloneURL.User = nil
 	script, err := template.GenerateScriptFromTemplate(
 		templateCloneCode, &template.CloneCodePayload{
-			RepoURL:  resolvedRepoDetails.CloneURL,
+			RepoURL:  cloneURL.String(),
 			Image:    defaultBaseImage,
 			Branch:   resolvedRepoDetails.Branch,
 			RepoName: resolvedRepoDetails.RepoName,
+			Email:    resolvedRepoDetails.Credentials.Email,
+			Name:     resolvedRepoDetails.Credentials.Name,
 		})
 	if err != nil {
 		return nil, fmt.Errorf(

app/gitspace/orchestrator/template/template.go

@@ -40,15 +40,12 @@ type CloneCodePayload struct {
 	Image    string
 	Branch   string
 	RepoName string
+	Name     string
+	Email    string
 }
 
 type SetupGitCredentialsPayload struct {
-	Email    string
-	Name     string
-	Password string
-	Host     string
-	Protocol string
-	Path     string
+	CloneURLWithCreds string
 }
 
 type RunVSCodeWebPayload struct {

app/gitspace/orchestrator/template/templates/clone_code.sh

@@ -1,9 +1,11 @@
 #!/bin/sh
 
-repo_url={{ .RepoURL }}
-image={{ .Image }}
-branch={{ .Branch }}
-repo_name={{ .RepoName }}
+repo_url="{{ .RepoURL }}"
+image="{{ .Image }}"
+branch="{{ .Branch }}"
+repo_name="{{ .RepoName }}"
+name="{{ .Name }}"
+email="{{ .Email }}"
 
 # Clone the repository inside the working directory if it doesn't exist
 if [ ! -d "$HOME/$repo_name/.git" ]; then
@@ -31,3 +33,15 @@ EOL
 else
     echo ".devcontainer/devcontainer.json already exists. Skipping creation."
 fi
+
+if [ -z "$name" ]; then
+    echo "no user name configured"
+else
+    git config --global user.name "$name"
+fi
+
+if [ -z "$email" ]; then
+    echo "no user email configured"
+else
+    git config --global user.email "$email"
+fi

app/gitspace/orchestrator/template/templates/setup_git_credentials.sh

@@ -1,24 +1,13 @@
 #!/bin/sh
-name={{ .Name }}
-password={{ .Password }}
-email={{ .Email }}
-host={{ .Host }}
-protocol={{ .Protocol }}
-path={{ .Path }}
+url={{ .CloneURLWithCreds }}
 
 #run git operation to cache the credential in memory
-if [ -z "$password" ]; then
+if [ -z "$url" ]; then
     echo "setting up without credentials"
 else
     git config --global credential.helper 'cache --timeout=2592000'
-    git config --global user.email "$email"
-    git config --global user.name "$name"
     touch .gitcontext
-    echo "host="$host >> .gitcontext
-    echo "protocol="$protocol >> .gitcontext
-    echo "path="$path >> .gitcontext
-    echo "username="$email >> .gitcontext
-    echo "password="$password >> .gitcontext
+    echo "url="$url >> .gitcontext
     echo "" >> .gitcontext
 
     cat .gitcontext | git credential approve

app/gitspace/scm/gitness_scm.go

@@ -157,7 +157,7 @@ func (s GitnessSCM) ResolveCredentials(
 	}
 	// Backfill clone URL
 	gitURL := s.urlProvider.GenerateContainerGITCloneURL(ctx, repo.Path)
-	resolvedCredentails := &ResolvedCredentials{Branch: gitspaceConfig.CodeRepo.Branch, CloneURL: gitURL}
+	resolvedCredentails := &ResolvedCredentials{Branch: gitspaceConfig.CodeRepo.Branch}
 	resolvedCredentails.RepoName = repoName
 	gitspacePrincipal := bootstrap.NewGitspaceServiceSession().Principal
 	user, err := findUserFromUID(ctx, s.principalStore, gitspaceConfig.GitspaceUser.Identifier)
@@ -188,13 +188,13 @@ func (s GitnessSCM) ResolveCredentials(
 	if err != nil {
 		return nil, fmt.Errorf("error while parsing the clone url: %s", gitURL)
 	}
+	userInfo := url.UserPassword("harness", jwtToken)
+	modifiedURL.User = userInfo
+	resolvedCredentails.CloneURL = modifiedURL.String()
 	credentials := &Credentials{
 		Email:    user.Email,
 		Name:     user.DisplayName,
 		Password: jwtToken,
-		Host:     modifiedURL.Host,
-		Protocol: modifiedURL.Scheme,
-		Path:     modifiedURL.Path,
 	}
 	resolvedCredentails.Credentials = credentials
 	return resolvedCredentails, nil

app/gitspace/scm/types.go

@@ -45,9 +45,6 @@ type (
 		Email    string
 		Name     string
 		Password string
-		Host     string
-		Protocol string
-		Path     string
 	}
 
 	ResolvedCredentials struct {

app/store/database/infra_provider_template.go

@@ -147,9 +147,9 @@ func (i infraProviderTemplateStore) Update(
 ) error {
 	dbinfraProviderTemplate := i.mapToInternalInfraProviderTemplate(infraProviderTemplate)
 	stmt := database.Builder.
-		Update(infraProviderResourceTable).
+		Update(infraProviderTemplateTable).
 		Set("iptemp_description", dbinfraProviderTemplate.Description).
-		Set("ipreso_updated", dbinfraProviderTemplate.Updated).
+		Set("iptemp_updated", dbinfraProviderTemplate.Updated).
 		Set("iptemp_data", dbinfraProviderTemplate.Data).
 		Set("iptemp_version", dbinfraProviderTemplate.Version+1).
 		Where("iptemp_id = ?", infraProviderTemplate.ID)