feat(core): Add HTTPS protocol support for repository connections

[idirouhab]

Summary

This PR adds backend support for connecting to Git repositories via HTTPS (in addition to SSH) in the Source Control functionality.
It allows n8n instances to authenticate and interact with Git providers using HTTPS URLs, supporting environments where SSH is not available or permitted.

How to test:

1. Go to Source Control settings.
2. Enter a Git repository URL using the HTTPS format.
3. Enter credentials (username/access token) as required.
4. Connect and verify workflows, credentials, and file operations function as expected.
5. Verify that SSH URLs and authentication continue to be supported.

(Attach logs or screenshots if possible to demonstrate successful HTTPS connection flow.)

---

Related Linear tickets, Github issues, and Community forum posts

• Community request: Add HTTPS support in Source control feature

---

[CLAassistant]

All committers have signed the CLA.

[cubic-dev-ai]

cubic analysis

No issues found across 1 file. Review in cubic

[idirouhab]

@claude

[claude]

Claude finished @idirouhab's task —— View job

---

Code Review: HTTPS Protocol Support for Repository Connections

Reviewing the implementation of HTTPS support for Git repository connections in Source Control.

Todo List:

• Review repository setup instructions (CLAUDE.md)
• Analyze backend source control service changes
• Review frontend Vue component updates
• Examine test coverage and implementation
• Check for security considerations
• Provide overall feedback and recommendations

✅ Overall Assessment: Excellent Implementation

This PR delivers a high-quality, secure implementation of HTTPS support for Git repositories. The code follows n8n's established patterns and maintains security best practices throughout.

Backend Analysis - ✅ Strong Implementation

Key Changes:

1. source-control-git.service.ee.ts: Added conditional logic in setGitSshCommand() to handle HTTPS vs SSH authentication
2. source-control-preferences.service.ee.ts: Added comprehensive HTTPS credential management with proper encryption
3. source-control-preferences.ts: Added validation for new connection types

Positive Aspects:

• ✅ Proper credential encryption using existing cipher service
• ✅ Graceful fallback - SSH functionality remains unchanged
• ✅ URL normalization in hasRemote() strips credentials for comparison (lines 171-185)
• ✅ Credentials are properly URL-encoded to handle special characters (lines 224-226)
• ✅ Database isolation - HTTPS credentials stored separately from SSH keys
• ✅ No credentials logged or exposed in error messages

Frontend Analysis - ✅ Well-Designed UX

Key Changes:

1. SettingsSourceControl.vue: Added connection type selector, HTTPS credential inputs, and conditional validation
2. Type definitions: Updated to include connectionType field

Positive Aspects:

• ✅ Clean conditional UI - connection type selector only shown when not connected (line 279)
• ✅ Dynamic validation rules based on connection type (lines 160-180)
• ✅ Helpful user guidance with placeholder text and notices about Personal Access Tokens
• ✅ Form validation prevents connection without proper credentials (lines 185-195)
• ✅ Security: Credentials are cleared on disconnect (lines 86-87)
• ✅ Password input type for token field prevents shoulder surfing (line 356)

Test Coverage Analysis - ✅ Comprehensive

Test Files Added:

• Backend: source-control-https.service.ee.test.ts, source-control-preferences-https.service.ee.test.ts, source-control-service-disconnect.ee.test.ts
• Frontend: SettingsSourceControl.https.test.ts, sourceControl.store.test.ts

Positive Aspects:

• ✅ Extensive test coverage for both backend and frontend
• ✅ Tests cover HTTPS-specific functionality, validation, and UI interactions
• ✅ Proper mocking of external dependencies (simple-git, API calls)
• ✅ Security test: Verifies credentials are sanitized from preferences object

Security Analysis - ✅ Excellent Security Posture

Security Strengths:

• ✅ Credential Encryption: Uses existing n8n cipher service for at-rest encryption
• ✅ Credential Isolation: HTTPS credentials stored separately from preferences
• ✅ URL Credential Stripping: Credentials removed from URLs for logging/comparison
• ✅ Input Sanitization: Credentials are URL-encoded to prevent injection
• ✅ Memory Cleanup: Frontend clears credential values on disconnect
• ✅ No Credential Logging: No sensitive data exposed in logs or error messages
• ✅ Proper Input Types: Password field prevents visual credential exposure

Minor Suggestions

1. Line 387: Typo in error message: "Git is not initialized ({)" should be "Git is not initialized (push)"
2. Frontend UX: Consider adding a "Test Connection" button to validate credentials before saving
3. Documentation: The user guidance about Personal Access Tokens is excellent - consider adding similar guidance for other Git providers

Conclusion

This PR is ready to merge. It demonstrates:

• Security-first approach with proper credential handling
• Clean architecture that extends existing patterns without breaking changes
• Comprehensive testing with good coverage of edge cases
• Excellent user experience with helpful guidance and validation
• Production-ready code following n8n's coding standards

The implementation successfully addresses the community request while maintaining the security and reliability standards expected in enterprise software.

Recommendation: ✅ APPROVE

---

[bundlemon]

BundleMon

Unchanged files (2)

Status	Path	Size	Limits
✅	WASM Dependencies tree-sitter-bash.wasm	181.26KB	-
✅	WASM Dependencies tree-sitter.wasm	74.47KB	-

No change in files bundle size

Groups updated (2)

Status	Path	Size	Limits
✅	**/*.js	5.73MB (+372.59KB +6.78%)	-
✅	**/*.css	195.62KB (+4.37KB +2.29%)	-

Final result: ✅

View report in BundleMon website ➡️

---

Current branch size history | Target branch size history

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.

📢 Thoughts on this report? Let us know!