It’s possibly similar to the SSH key setup. Since the user access token is in your profile information, despite whatever is written in the username field, it’s almost as if it know you are using a token, and so disregards the user field, because it know who the token belongs to anyway. So like with ssh, when I do this:
ssh -T git@gitlab.com
Welcome to GitLab, @iwalker!
I connected as git@gitlab.com over ssh like you should do, but it knows that I am iwalker
on gitlab.
What I also found, since I do use user tokens, that editing the .git/config file in my project directory, I have my url something like this:
url = https://iwalker:my-token-here@gitlab.com/iwalker/myproject
for example. So I change iwalker to whatever and it still works. However, this field data must exist, so if I do this:
url = https://:my-token-here
or:
url = https://my-token-here
without specifying the username itself, irrespective of leaving the colon in place or removing it, then it won’t work. It expects some form of text in the username field, but whatever it is, it’s ignored if a token is being used, since the gitlab user profile knows which user it belongs to.
I expect if you looked in /var/log/gitlab/gitlab-rails/production_json.log, you would find two entries similar to this:
{"method":"GET","path":"/iwalker/my-project.git/info/refs","format":"*/*","controller":"Repositories::GitHttpController","action":"info_refs","status":401,"time":"2021-11-04T16:30:39.981Z","params":[{"key":"service","value":"git-upload-pack"},{"key":"repository_path","value":"iwalker/my-project.git"}],"remote_ip":"x.x.x.x","user_id":null,"username":null,"ua":"git/2.25.1","redis_calls":1,"redis_duration_s":0.000792,"redis_read_bytes":203,"redis_write_bytes":110,"redis_cache_calls":1,"redis_cache_duration_s":0.000792,"redis_cache_read_bytes":203,"redis_cache_write_bytes":110,"db_count":2,"db_write_count":0,"db_cached_count":0,"db_replica_count":0,"db_replica_cached_count":0,"db_replica_wal_count":0,"db_replica_wal_cached_count":0,"db_primary_count":2,"db_primary_cached_count":0,"db_primary_wal_count":0,"db_primary_wal_cached_count":0,"db_replica_duration_s":0.0,"db_primary_duration_s":0.008,"cpu_s":0.046658,"mem_objects":7819,"mem_bytes":1034334,"mem_mallocs":2327,"mem_total_bytes":1347094,"pid":13908,"correlation_id":"some-id-here","db_duration_s":0.00251,"view_duration_s":0.00116,"duration_s":0.01775}
{"method":"GET","path":"/iwalker/my-project.git/info/refs","format":"*/*","controller":"Repositories::GitHttpController","action":"info_refs","status":200,"time":"2021-11-04T16:30:40.202Z","params":[{"key":"service","value":"git-upload-pack"},{"key":"repository_path","value":"iwalker/my-project.git"}],"remote_ip":"x.x.x.x","user_id":2,"username":"iwalker","ua":"git/2.25.1","correlation_id":"some-id-here","meta.user":"iwalker","meta.project":"iwalker/my-project","meta.root_namespace":"iwalker","meta.caller_id":"Repositories::GitHttpController#info_refs","meta.remote_ip":"91.189.216.143","meta.feature_category":"source_code_management","meta.client_id":"user/2","redis_calls":5,"redis_duration_s":0.016345,"redis_read_bytes":477,"redis_write_bytes":524,"redis_cache_calls":5,"redis_cache_duration_s":0.016345,"redis_cache_read_bytes":477,"redis_cache_write_bytes":524,"db_count":7,"db_write_count":0,"db_cached_count":0,"db_replica_count":0,"db_replica_cached_count":0,"db_replica_wal_count":0,"db_replica_wal_cached_count":0,"db_primary_count":7,"db_primary_cached_count":0,"db_primary_wal_count":0,"db_primary_wal_cached_count":0,"db_replica_duration_s":0.0,"db_primary_duration_s":0.02,"cpu_s":0.105014,"mem_objects":13821,"mem_bytes":1488302,"mem_mallocs":3726,"mem_total_bytes":2041142,"pid":12542,"db_duration_s":0.01373,"view_duration_s":0.00076,"duration_s":0.09179}
please note the first entry has a username value of null when I passed whatever
as a username. Notice that in the second entry it has been able to show my username correctly, in this instance iwalker
. Also note, that even when the user id is the correct one passed, it still shows null in the first log entry. I monitored this via tail on my server when passing correct/incorrect username info. So confirms whatever the username is passed, it finds out exactly who you are by the access token.