New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Credentials not retrieved from nuget.config when v3 endpoint redirects to v2 #3179

Closed
pspill opened this Issue Jul 20, 2016 · 6 comments

Comments

Projects
None yet
4 participants
@pspill

pspill commented Jul 20, 2016

In NuGet 3.3, if you set a VSTS v3 package source with credentials in nuget.config, it will work for all commands even if some commands redirect to a v2 endpoint.

In NuGet 3.4.4 / NuGet 3.5.0-beta2, if you set a VSTS v3 package source with credentials in nuget.config, then restore install push all work, but list prompts for credentials.

Example:

nuget list -verbosity detailed -source https://myaccount.pkgs.visualstudio.com/_packaging/myfeed/nuget/v3/index.json
NuGet Version: 3.5.0.1520
Please provide credentials for: https://myaccount.pkgs.visualstudio.com/_packaging/3f49219a-1125-4c10-b5b3-ec814116ff62/nuget/v2/
UserName:

On list, nuget.exe uses stored credentials to get the service index -- the service index has a v2 endpoint for legacy gallery.

But after the 401 to the v2 endpoint, credentials are not fetched from config and we are prompted

@alpaix

This comment has been minimized.

Show comment
Hide comment
@alpaix

alpaix Jul 20, 2016

I managed to get a repro with my dev feed.
In this particular VSTS scenario the v3 feed advertises a v2 list endpoint

{
    "@context": {
        "@vocab": "http://schema.nuget.org/services#"
    },
    "resources": [
        {
            "@id": "https://alpaix-azure.pkgs.visualstudio.com/_packaging/3ca07dbd-a1e6-4ef0-a4e2-c873550fc4c4/nuget/v2/",
            "@type": "PackagePublish/2.0.0"
        },
        {
            "@id": "https://alpaix-azure.pkgs.visualstudio.com/_packaging/3ca07dbd-a1e6-4ef0-a4e2-c873550fc4c4/nuget/v2/",
            "@type": "LegacyGallery/2.0.0"
        },
        {
            "@id": "https://alpaix-azure.pkgs.visualstudio.com/_packaging/3ca07dbd-a1e6-4ef0-a4e2-c873550fc4c4/nuget/v3/registrations2/",
            "@type": "RegistrationsBaseUrl/3.0.0-beta"
        },
        {
            "@id": "https://alpaix-azure.pkgs.visualstudio.com/_packaging/3ca07dbd-a1e6-4ef0-a4e2-c873550fc4c4/nuget/v3/query2/",
            "@type": "SearchQueryService/3.0.0-beta"
        },
        {
            "@id": "https://alpaix-azure.pkgs.visualstudio.com/_packaging/3ca07dbd-a1e6-4ef0-a4e2-c873550fc4c4/nuget/v3/flat2/",
            "@type": "PackageBaseAddress/3.0.0"
        }
    ],
    "version": "3.0.0-beta"
}

nuget.exe delegates v2 search to NuGet.Core v2 API while passing "LegacyGallery/2.0.0" endpoint. The latter calls a CredentialService back to retrieve user credentials on 401. Obviously settings provider won't match the v2 list endpoint back to v3 source url therefore it falls back to the console one.

I don't think there's an easy fix for this.
@pspill Is it a critical scenario for you?
@rrelyea Given our plans to port list functionality into v3 do you think we need to spend time patching it now?

alpaix commented Jul 20, 2016

I managed to get a repro with my dev feed.
In this particular VSTS scenario the v3 feed advertises a v2 list endpoint

{
    "@context": {
        "@vocab": "http://schema.nuget.org/services#"
    },
    "resources": [
        {
            "@id": "https://alpaix-azure.pkgs.visualstudio.com/_packaging/3ca07dbd-a1e6-4ef0-a4e2-c873550fc4c4/nuget/v2/",
            "@type": "PackagePublish/2.0.0"
        },
        {
            "@id": "https://alpaix-azure.pkgs.visualstudio.com/_packaging/3ca07dbd-a1e6-4ef0-a4e2-c873550fc4c4/nuget/v2/",
            "@type": "LegacyGallery/2.0.0"
        },
        {
            "@id": "https://alpaix-azure.pkgs.visualstudio.com/_packaging/3ca07dbd-a1e6-4ef0-a4e2-c873550fc4c4/nuget/v3/registrations2/",
            "@type": "RegistrationsBaseUrl/3.0.0-beta"
        },
        {
            "@id": "https://alpaix-azure.pkgs.visualstudio.com/_packaging/3ca07dbd-a1e6-4ef0-a4e2-c873550fc4c4/nuget/v3/query2/",
            "@type": "SearchQueryService/3.0.0-beta"
        },
        {
            "@id": "https://alpaix-azure.pkgs.visualstudio.com/_packaging/3ca07dbd-a1e6-4ef0-a4e2-c873550fc4c4/nuget/v3/flat2/",
            "@type": "PackageBaseAddress/3.0.0"
        }
    ],
    "version": "3.0.0-beta"
}

nuget.exe delegates v2 search to NuGet.Core v2 API while passing "LegacyGallery/2.0.0" endpoint. The latter calls a CredentialService back to retrieve user credentials on 401. Obviously settings provider won't match the v2 list endpoint back to v3 source url therefore it falls back to the console one.

I don't think there's an easy fix for this.
@pspill Is it a critical scenario for you?
@rrelyea Given our plans to port list functionality into v3 do you think we need to spend time patching it now?

@pspill

This comment has been minimized.

Show comment
Hide comment
@pspill

pspill Jul 22, 2016

It is a significant issue, since it blocks users who configure a VSTS v3 url in nuget.config using a stored access token or username and password for authentication. Using the credential provider executable works, but users aren't obligated to use the credential provider.

Do you know why this worked in v3.3 and what caused the change?

pspill commented Jul 22, 2016

It is a significant issue, since it blocks users who configure a VSTS v3 url in nuget.config using a stored access token or username and password for authentication. Using the credential provider executable works, but users aren't obligated to use the credential provider.

Do you know why this worked in v3.3 and what caused the change?

@rrelyea rrelyea added this to the 3.5 RTM milestone Aug 11, 2016

@rrelyea

This comment has been minimized.

Show comment
Hide comment
@rrelyea

rrelyea Aug 11, 2016

Contributor

Discuss and consider for 3.5rtm in the coming next week or two. or determine other work necessary to fix list and assign to 3.6.

Contributor

rrelyea commented Aug 11, 2016

Discuss and consider for 3.5rtm in the coming next week or two. or determine other work necessary to fix list and assign to 3.6.

@alpaix alpaix self-assigned this Aug 11, 2016

alpaix added a commit to alpaix/NuGet.Client that referenced this issue Aug 12, 2016

Map v2 list endpoint to package source Uri
... when acquiring credentials.

Fixes NuGet/Home#3179.

NuGetCore calls the credentials adapter with a "list" endpoint uri.
It may be different from a source uri, for instance when v3 source
advertises v2 search endpoint. If endpoints mapping is supplied, retrieve
the source uri and use it to acquire credentials.

alpaix added a commit to alpaix/NuGet.Client that referenced this issue Aug 15, 2016

Map v2 list endpoint to package source Uri
... when acquiring credentials.

Fixes NuGet/Home#3179.

NuGetCore calls the credentials adapter with a "list" endpoint uri.
It may be different from a source uri, for instance when v3 source
advertises v2 search endpoint. If endpoints mapping is supplied, retrieve
the source uri and use it to acquire credentials.

@rrelyea rrelyea reopened this Aug 23, 2016

@rrelyea

This comment has been minimized.

Show comment
Hide comment
@rrelyea

rrelyea Aug 23, 2016

Contributor

This looks like it is in 3.6beta1, but has not been ported to 3.5rtm. VSTS folks asking to get it there. Risk/Time enough?

Contributor

rrelyea commented Aug 23, 2016

This looks like it is in 3.6beta1, but has not been ported to 3.5rtm. VSTS folks asking to get it there. Risk/Time enough?

@rrelyea

This comment has been minimized.

Show comment
Hide comment
@rrelyea

rrelyea Aug 30, 2016

Contributor

@zhili1208 - please port this change to rtm branch.

Contributor

rrelyea commented Aug 30, 2016

@zhili1208 - please port this change to rtm branch.

zhili1208 added a commit to NuGet/NuGet.Client that referenced this issue Aug 30, 2016

Map v2 list endpoint to package source Uri
... when acquiring credentials.

Fixes NuGet/Home#3179.

NuGetCore calls the credentials adapter with a "list" endpoint uri.
It may be different from a source uri, for instance when v3 source
advertises v2 search endpoint. If endpoints mapping is supplied, retrieve
the source uri and use it to acquire credentials.
@zhili1208

This comment has been minimized.

Show comment
Hide comment
@zhili1208

zhili1208 Aug 30, 2016

Contributor

Done

Contributor

zhili1208 commented Aug 30, 2016

Done

@zhili1208 zhili1208 closed this Aug 30, 2016

@rrelyea rrelyea added the Area: Auth label Sep 1, 2016

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment