![](https://seccdn.libravatar.org/avatar/9181eb84f9c35729a3bad740fb7f9d93.jpg?s=120&d=mm&r=g)
Branch: refs/heads/master Home: https://github.com/openSUSE/osc Commit: 784d330f202c6e53d5adaeb1b48f93ef1a2e0ad6 https://github.com/openSUSE/osc/commit/784d330f202c6e53d5adaeb1b48f93ef1a2e0... Author: Michael Schroeder <mls@suse.de> Date: 2022-04-11 (Mon, 11 Apr 2022) Changed paths: M osc/conf.py M osc/credentials.py Log Message: ----------- Only prompt for a password if the server asks for it In many cases the session cookie is already available, so there is no need to ask for a password. To make this work with the python authentication implementation, we add a small proxy object for the password and only ask the credential manager if the stringify method is called. This approach also makes it possible to offer a non-password based authorization type if the server allows multiple authentication methods. Commit: 90ccc84f9564a39bc4f21c979b3f1387a9bb428f https://github.com/openSUSE/osc/commit/90ccc84f9564a39bc4f21c979b3f1387a9bb4... Author: Marcus Huewe <suse-tux@gmx.de> Date: 2022-04-11 (Mon, 11 Apr 2022) Changed paths: M osc/conf.py M osc/credentials.py Log Message: ----------- Merge commit 'refs/pull/1022/head' of github.com:openSUSE/osc Only ask for a password if it is really needed for authentication. The new lazy password approach is much smarter than the old callable hack. That's why we deprecate returning a callable from AbstractCredentialsManager.get_password. The current compatibility code for a callable will be removed in the near future. Minor nitpick: actually it would have been "cleaner" to introduce a new subclass like an AbstractLazyPasswordCredentialsManager that encapsulates the lazy password behavior. Currently, if, for instance, a credentials manager is always non-lazy it would just override get_password but still inherits the abstract (and unused) _get_password method. Compare: https://github.com/openSUSE/osc/compare/c1bec6901a09...90ccc84f9564