Commits pushed under wrong name - should not have been allowed

I have two github logins: personal under my name, and company login.

I use windows credential manager which I occasionally struggle with because of the two accounts but I have never bothered to fix.

Today I needed to push some changes to one of my company repos. My last commit to github was under my personal login so the commit failed.

I decided to fix it - I ran git config --global credential.github.com.useHttpPath true and sure enough I was prompted for a login where I supplied my company credentials for github.

However when I look at the commits on github they appear under my personal login. How can this be? This repo should not even allow commits from any other user than my company login. According to the Manage Access page I am the only one who should be able to commit:

0 collaborators have access to this repository. Only you can contribute to this repository.

See commits here

How you log in to push and the author information of your commits are two different things. Repository access controls who can push (and a bunch of other things). Anyone who has access to the repository files (like your local copy) can create commits, and if someone with push access (like you using the work account) decides to push them that’s valid.

If you want to fix the author information on the commits, you’ll need to use git filter-branch (there’s an example on changing author/committer info) or git rebase to edit the affected commits. Note that this changes history, which may have undesirable side-effects, like you having to force-push, and anyone who already pulled the current version noticing and needing to update manually.

To prevent this kind of thing in the future you might want to set your author name and email at the repository level for work repositories. Local (per-repository) settings override your global settings, so there should be no need to switch identities.