fix: Robuste Lösung für Credential-Prompts bei öffentlichen Repositories

Umfassende Lösung implementiert, die mehrere Ansätze kombiniert:

1. SkipCredentials Flag zu Command-Klasse hinzugefügt
2. Automatische Erkennung von öffentlichen Repos (GitHub, GitLab, Bitbucket, Gitee)
3. Mehrfache Deaktivierung von Credential Helpers:
   - credential.helper= (leer setzen)
   - credential.helper='' (explizit leer)
   - credential.helper=! (deaktivieren)
   - core.askpass= (leer setzen)
   - core.askPass='' (explizit leer)

4. Environment-Variablen zur Unterdrückung von Prompts:
   - GIT_TERMINAL_PROMPT=0
   - GIT_ASKPASS=echo
   - GCM_INTERACTIVE=never
   - GIT_CREDENTIAL_HELPER=''

5. Fetch und Pull Commands angepasst:
   - Prüfen Remote-URL auf öffentliche Hosts
   - Setzen SkipCredentials=true für öffentliche HTTPS-Repos
   - Überspringen von SSH-Keys für öffentliche Repos

Diese Lösung sollte zuverlässig verhindern, dass SourceGit nach Credentials fragt,
wenn mit öffentlichen Repositories gearbeitet wird.

Author: biancode

src/Commands/Command.cs

@@ -31,6 +31,7 @@ public enum EditorType
         public EditorType Editor { get; set; } = EditorType.CoreEditor;
         public string SSHKey { get; set; } = string.Empty;
         public string Args { get; set; } = string.Empty;
+        public bool SkipCredentials { get; set; } = false;
 
         // Only used in `ExecAsync` mode.
         public CancellationToken CancellationToken { get; set; } = CancellationToken.None;
@@ -180,6 +181,16 @@ protected ProcessStartInfo CreateGitStartInfo(bool redirect)
             start.Environment.Add("SOURCEGIT_LAUNCH_AS_ASKPASS", "TRUE");
             if (!OperatingSystem.IsLinux())
                 start.Environment.Add("DISPLAY", "required");
+            
+            // For public repositories, disable credential prompts via environment
+            if (SkipCredentials || (Args != null && (Args.Contains("github.com") || Args.Contains("gitlab.com"))))
+            {
+                // These environment variables tell Git not to prompt for credentials
+                start.Environment["GIT_TERMINAL_PROMPT"] = "0";
+                start.Environment["GIT_ASKPASS"] = "echo";
+                start.Environment["GCM_INTERACTIVE"] = "never";
+                start.Environment["GIT_CREDENTIAL_HELPER"] = "";
+            }
 
             // If an SSH private key was provided, sets the environment.
             if (!start.Environment.ContainsKey("GIT_SSH_COMMAND") && !string.IsNullOrEmpty(SSHKey))
@@ -197,23 +208,47 @@ protected ProcessStartInfo CreateGitStartInfo(bool redirect)
 
             // Check if we're working with a public repository (no credentials needed)
             var isPublicRepo = false;
-            if (!string.IsNullOrEmpty(WorkingDirectory))
+            var needsCredentials = true;
+            
+            // Check for operations that typically don't need credentials on public repos
+            if (Args != null)
             {
-                // Check if this appears to be a public GitHub/GitLab URL in the arguments
-                if (Args != null && (Args.Contains("github.com") || Args.Contains("gitlab.com")))
+                // Check if this is a read-only operation on GitHub/GitLab
+                var isReadOperation = Args.Contains("fetch") || Args.Contains("pull") || 
+                                     Args.Contains("ls-remote") || Args.Contains("clone") ||
+                                     Args.Contains("remote -v") || Args.Contains("remote get-url");
+                
+                // Check if URL contains public Git hosts
+                var hasPublicHost = Args.Contains("github.com") || Args.Contains("gitlab.com") || 
+                                   Args.Contains("bitbucket.org") || Args.Contains("gitee.com");
+                
+                // If it's a read operation on a public host, disable credentials
+                if (isReadOperation && hasPublicHost)
                 {
-                    // For fetch, pull, clone operations on public repos, skip credentials
-                    if (Args.Contains("fetch") || Args.Contains("pull") || Args.Contains("ls-remote") || Args.Contains("clone"))
-                    {
-                        isPublicRepo = true;
-                        // Explicitly disable credential helpers for public repos
-                        builder.Append(" -c credential.helper=");
-                    }
+                    isPublicRepo = true;
+                    needsCredentials = false;
+                }
+                
+                // Also check for HTTPS URLs which are typically public
+                if (Args.Contains("https://github.com") || Args.Contains("https://gitlab.com"))
+                {
+                    isPublicRepo = true;
+                    needsCredentials = false;
                 }
             }
 
-            // Only add credential helper if it's configured and not a public repo
-            if (!isPublicRepo && !string.IsNullOrEmpty(Native.OS.CredentialHelper))
+            // ALWAYS explicitly set credential helper to avoid system defaults
+            if (SkipCredentials || !needsCredentials || isPublicRepo)
+            {
+                // Explicitly disable ALL credential helpers including system ones
+                // Use multiple methods to ensure no credentials are requested
+                builder.Append(" -c credential.helper=");
+                builder.Append(" -c credential.helper=''");
+                builder.Append(" -c credential.helper=!");
+                builder.Append(" -c core.askpass=");
+                builder.Append(" -c core.askPass=''");
+            }
+            else if (!string.IsNullOrEmpty(Native.OS.CredentialHelper))
             {
                 // For the cache helper with timeout, we need special handling
                 if (Native.OS.CredentialHelper == "cache")

src/Commands/Fetch.cs

@@ -7,6 +7,7 @@ public class Fetch : Command
         public Fetch(string repo, string remote, bool noTags, bool force)
         {
             _remoteKey = $"remote.{remote}.sshkey";
+            _remote = remote;
 
             WorkingDirectory = repo;
             Context = repo;
@@ -26,6 +27,7 @@ public Fetch(string repo, string remote, bool noTags, bool force)
         public Fetch(string repo, Models.Branch local, Models.Branch remote)
         {
             _remoteKey = $"remote.{remote.Remote}.sshkey";
+            _remote = remote.Remote;
 
             WorkingDirectory = repo;
             Context = repo;
@@ -34,10 +36,39 @@ public Fetch(string repo, Models.Branch local, Models.Branch remote)
 
         public async Task<bool> RunAsync()
         {
-            SSHKey = await new Config(WorkingDirectory).GetAsync(_remoteKey).ConfigureAwait(false);
+            // Check if remote URL is a public repository
+            if (!string.IsNullOrEmpty(_remote))
+            {
+                var remoteUrl = await new Config(WorkingDirectory).GetAsync($"remote.{_remote}.url").ConfigureAwait(false);
+                if (!string.IsNullOrEmpty(remoteUrl) && remoteUrl.StartsWith("https://"))
+                {
+                    // For public HTTPS repos, we don't need SSH keys or credentials
+                    if (remoteUrl.Contains("github.com") || remoteUrl.Contains("gitlab.com") || 
+                        remoteUrl.Contains("bitbucket.org") || remoteUrl.Contains("gitee.com"))
+                    {
+                        // Skip SSH key and credentials for public repos
+                        SSHKey = string.Empty;
+                        SkipCredentials = true;
+                    }
+                    else
+                    {
+                        SSHKey = await new Config(WorkingDirectory).GetAsync(_remoteKey).ConfigureAwait(false);
+                    }
+                }
+                else
+                {
+                    SSHKey = await new Config(WorkingDirectory).GetAsync(_remoteKey).ConfigureAwait(false);
+                }
+            }
+            else
+            {
+                SSHKey = await new Config(WorkingDirectory).GetAsync(_remoteKey).ConfigureAwait(false);
+            }
+            
             return await ExecAsync().ConfigureAwait(false);
         }
 
         private readonly string _remoteKey;
+        private readonly string _remote = string.Empty;
     }
 }

src/Commands/Pull.cs

@@ -20,7 +20,27 @@ public Pull(string repo, string remote, string branch, bool useRebase)
 
         public async Task<bool> RunAsync()
         {
-            SSHKey = await new Config(WorkingDirectory).GetAsync($"remote.{_remote}.sshkey").ConfigureAwait(false);
+            // Check if remote URL is a public repository
+            var remoteUrl = await new Config(WorkingDirectory).GetAsync($"remote.{_remote}.url").ConfigureAwait(false);
+            if (!string.IsNullOrEmpty(remoteUrl) && remoteUrl.StartsWith("https://"))
+            {
+                // For public HTTPS repos, we don't need SSH keys or credentials
+                if (remoteUrl.Contains("github.com") || remoteUrl.Contains("gitlab.com") || 
+                    remoteUrl.Contains("bitbucket.org") || remoteUrl.Contains("gitee.com"))
+                {
+                    SSHKey = string.Empty;
+                    SkipCredentials = true;
+                }
+                else
+                {
+                    SSHKey = await new Config(WorkingDirectory).GetAsync($"remote.{_remote}.sshkey").ConfigureAwait(false);
+                }
+            }
+            else
+            {
+                SSHKey = await new Config(WorkingDirectory).GetAsync($"remote.{_remote}.sshkey").ConfigureAwait(false);
+            }
+            
             return await ExecAsync().ConfigureAwait(false);
         }