Verify, before a push begins, that the client can produce credentials for `remote_url`. Fails fast with an actionable error instead of letting the push proceed into a confusing 404 (which the server returns for private projects the caller isn't authorized to see). Returns `Ok(())` when an identity is resolvable (from `--identity` or the URL), exists in the local store, and has a loadable signing
(remote_url: &str, identity_override: Option<&str>)
| 310 | /// it. The two must agree, or the fail-fast check here would reject a push that |
| 311 | /// `attach_identity` would have authenticated. |
| 312 | pub fn check_push_credentials(remote_url: &str, identity_override: Option<&str>) -> CliResult<()> { |
| 313 | let store = IdentityStore::open_default() |
| 314 | .map_err(|e| CliError::Internal(anyhow::anyhow!("Failed to open identity store: {e}")))?; |
| 315 | |
| 316 | let issue = evaluate_push_credentials( |
| 317 | resolve_identity_name_with_override(remote_url, identity_override), |
| 318 | identity_override.is_some(), |
| 319 | |name| load_identity_lenient(&store, name).is_some(), |
| 320 | |name| { |
| 321 | load_identity_lenient(&store, name) |
| 322 | .map(|id| store.load_keypair(&id.id, None).is_ok()) |
| 323 | .unwrap_or(false) |
| 324 | }, |
| 325 | ); |
| 326 | |
| 327 | match issue { |
| 328 | Some(issue) => Err(CliError::AuthenticationFailed { |
| 329 | remote: format!("{remote_url}: {}", issue.message()), |
| 330 | }), |
| 331 | None => Ok(()), |
| 332 | } |
| 333 | } |
| 334 | |
| 335 | /// Pure decision core for [`check_push_credentials`], split out so it can be |
| 336 | /// unit-tested without touching the on-disk identity store. |
no test coverage detected