New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
PluginManager: Add Support for basic auth #12445
PluginManager: Add Support for basic auth #12445
Conversation
@@ -472,6 +480,53 @@ public void testOfficialPluginName_ThrowsException() throws IOException { | |||
} | |||
} | |||
|
|||
@Test | |||
public void testThatBasicAuthIsSupported() throws Exception { | |||
int port = randomIntBetween(49000, 65000); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
can we not do this and bind to port 0 (ephemeral) instead. Otherwise this test will always randomly fail, because i'm gonna sometimes have something running on that port.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
grrr.. forget to remove. thx for the reminder. fixed!
a1436e4
to
c39ae37
Compare
LGTM |
I think we should fail if we don't use SSL here - we should never share the password with the rest of the world |
true, will change the PR accordingly... testing is going to be tricky with SSL I guess |
c39ae37
to
8730729
Compare
updated this PR to only support basic auth for HTTPS. Test implementation note: I am temporarily replacing the HttpsUrlConnection SSL socket factory while running this test in order to accept a self-signed certificate - if someone has a smarter idea I am all ears. |
// in case the plugin manager is its own project, this can become an authenticator | ||
boolean isSecureProcotol = "https".equalsIgnoreCase(aSource.getProtocol()); | ||
boolean isAuthInfoSet = !Strings.isNullOrEmpty(aSource.getUserInfo()); | ||
if (isAuthInfoSet && isSecureProcotol) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
should we throw an exception here too if it's set but not secure?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
yeah, fixed. running tests and getting it in. thx!
LGTM left one minor comment |
8730729
to
fb9f427
Compare
In order to support the URL notation including a user/pass combination (like http://user:pass@host/plugin.zip) the auth info needs to be added manually.
fb9f427
to
5a70136
Compare
In order to support the URL notation including a user/pass combination
(like http://user:pass@host/plugin.zip) the auth info needs to be added
manually.