New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Auth cred for downloads #1021

Open
Apteryx0 opened this Issue Oct 18, 2016 · 4 comments

Comments

Projects
None yet
3 participants
@Apteryx0

Apteryx0 commented Oct 18, 2016

Very simply, when I call Install-ChocolateyPackage with a URL to download, I'd like to also pass to it a System.Net.ICredentials to the call so that I can use a download URL rather requires authentication.

The change is dead simple, just pass the credential object down the call chain until you hand it off to the System.Net.HttpWebRequest object. My question is what have I missed?

diff --git a/src/chocolatey.resources/helpers/functions/Get-ChocolateyWebFile.ps1 b/src/chocolatey.resources/helpers/functions/Get-ChocolateyWebFile.ps1
index d446fe6..93c53da 100644
--- a/src/chocolatey.resources/helpers/functions/Get-ChocolateyWebFile.ps1
+++ b/src/chocolatey.resources/helpers/functions/Get-ChocolateyWebFile.ps1
@@ -195,6 +195,7 @@ param(
   [parameter(Mandatory=$false)][string] $checksumType = '',
   [parameter(Mandatory=$false)][string] $checksum64 = '',
   [parameter(Mandatory=$false)][string] $checksumType64 = $checksumType,
+  [parameter(Mandatory=$false)][Object] $credential = $null,
   [parameter(Mandatory=$false)][hashtable] $options = @{Headers=@{}},
   [parameter(Mandatory=$false)][switch] $getOriginalFileName,
   [parameter(Mandatory=$false)][switch] $forceDownload,
@@ -261,7 +262,7 @@ param(
   if ($url.StartsWith('http:')) {
     try {
       $httpsUrl = $url.Replace("http://", "https://")
-      Get-WebHeaders -Url $httpsUrl -ErrorAction "Stop" | Out-Null
+      Get-WebHeaders -Url $httpsUrl -ErrorAction "Stop" -Credential $credential | Out-Null
       $url = $httpsUrl
       Write-Warning "Url has SSL/TLS available, switching to HTTPS for download"
     } catch {
@@ -274,7 +275,7 @@ param(
       $fileFullPath = $fileFullPath -replace '\\chocolatey\\chocolatey\\', '\chocolatey\'
       $fileDirectory = [System.IO.Path]::GetDirectoryName($fileFullPath)
       $originalFileName = [System.IO.Path]::GetFileName($fileFullPath)
-      $fileFullPath = Get-WebFileName -Url $url -DefaultName $originalFileName
+      $fileFullPath = Get-WebFileName -Url $url -DefaultName $originalFileName -Credential $credential
       $fileFullPath = Join-Path $fileDirectory $fileFullPath
       $fileFullPath = [System.IO.Path]::GetFullPath($fileFullPath)
     } catch {
@@ -295,7 +296,7 @@ param(
   $headers = @{}
   if ($url.StartsWith('http')) {
     try {
-      $headers = Get-WebHeaders -Url $url -ErrorAction "Stop"
+      $headers = Get-WebHeaders -Url $url -ErrorAction "Stop" -Credential $credential
     } catch {
       if ($host.Version -lt (New-Object 'Version' 3,0)) {
         Write-Debug "Converting Security Protocol to SSL3 only for Powershell v2"
@@ -303,7 +304,7 @@ param(
         $originalProtocol = [System.Net.ServicePointManager]::SecurityProtocol
         [System.Net.ServicePointManager]::SecurityProtocol = [System.Net.SecurityProtocolType]::Ssl3
         try {
-          $headers = Get-WebHeaders -Url $url -ErrorAction "Stop"
+          $headers = Get-WebHeaders -Url $url -ErrorAction "Stop" -Credential $credential
         } catch {
           Write-Host "Attempt to get headers for $url failed.`n  $($_.Exception.Message)"
           [System.Net.ServicePointManager]::SecurityProtocol = $originalProtocol
@@ -334,7 +335,7 @@ param(
     if ($needsDownload) {
       Write-Host "Downloading $packageName $bitPackage
   from `'$url`'"
-      Get-WebFile -Url $url -FileName $fileFullPath -Options $options
+      Get-WebFile -Url $url -FileName $fileFullPath -Credential $credential -Options $options
     } else {
       Write-Debug "$($packageName)'s requested file has already been downloaded. Using cached copy at
  '$fileFullPath'."
diff --git a/src/chocolatey.resources/helpers/functions/Get-WebFile.ps1 b/src/chocolatey.resources/helpers/functions/Get-WebFile.ps1
index 47e1c6c..249efdd 100644
--- a/src/chocolatey.resources/helpers/functions/Get-WebFile.ps1
+++ b/src/chocolatey.resources/helpers/functions/Get-WebFile.ps1
@@ -85,6 +85,7 @@ param(
   [parameter(Mandatory=$false, Position=0)][string] $url = '', #(Read-Host "The URL to download"),
   [parameter(Mandatory=$false, Position=1)][string] $fileName = $null,
   [parameter(Mandatory=$false, Position=2)][string] $userAgent = 'chocolatey command line',
+  [parameter(Mandatory=$false)][Object] $credential = $null,
   [parameter(Mandatory=$false)][switch] $Passthru,
   [parameter(Mandatory=$false)][switch] $quiet,
   [parameter(Mandatory=$false)][hashtable] $options = @{Headers=@{}},
@@ -109,7 +110,9 @@ param(

   $req = [System.Net.HttpWebRequest]::Create($url);
   $defaultCreds = [System.Net.CredentialCache]::DefaultCredentials
-  if ($defaultCreds -ne $null) {
+  if ($credential -ne $null) {
+    $req.Credentials = $credential
+  } elseif ($defaultCreds -ne $null) {
     $req.Credentials = $defaultCreds
   }

diff --git a/src/chocolatey.resources/helpers/functions/Get-WebFileName.ps1 b/src/chocolatey.resources/helpers/functions/Get-WebFileName.ps1
index 74b943a..610e6d5 100644
--- a/src/chocolatey.resources/helpers/functions/Get-WebFileName.ps1
+++ b/src/chocolatey.resources/helpers/functions/Get-WebFileName.ps1
@@ -69,6 +69,7 @@ param(
   [parameter(Mandatory=$false, Position=0)][string] $url = '',
   [parameter(Mandatory=$true, Position=1)][string] $defaultName,
   [parameter(Mandatory=$false)][string] $userAgent = 'chocolatey command line',
+  [parameter(Mandatory=$false)][Object] $credential = $null,
   [parameter(ValueFromRemainingArguments = $true)][Object[]] $ignoredArguments
 )

@@ -106,7 +107,9 @@ param(
   }

   $defaultCreds = [System.Net.CredentialCache]::DefaultCredentials
-  if ($defaultCreds -ne $null) {
+  if ($credential -ne $null) {
+    $req.Credentials = $credential
+  } elseif ($defaultCreds -ne $null) {
     $request.Credentials = $defaultCreds
   }

diff --git a/src/chocolatey.resources/helpers/functions/Get-WebHeaders.ps1 b/src/chocolatey.resources/helpers/functions/Get-WebHeaders.ps1
index 7d699ca..b52a0c5 100644
--- a/src/chocolatey.resources/helpers/functions/Get-WebHeaders.ps1
+++ b/src/chocolatey.resources/helpers/functions/Get-WebHeaders.ps1
@@ -53,6 +53,7 @@ Get-WebFile
 param(
   [parameter(Mandatory=$false, Position=0)][string] $url = '',
   [parameter(Mandatory=$false, Position=1)][string] $userAgent = 'chocolatey command line',
+  [parameter(Mandatory=$false, Position=2)][Object] $credential = $null,
   [parameter(ValueFromRemainingArguments = $true)][Object[]] $ignoredArguments
 )

@@ -62,7 +63,10 @@ param(

   $request = [System.Net.HttpWebRequest]::Create($url);
   $defaultCreds = [System.Net.CredentialCache]::DefaultCredentials
-  if ($defaultCreds -ne $null) {
+  if ($credential -ne $null) {
+    Write-Host "Using credential."
+    $request.Credentials = $credential
+  } elseif ($defaultCreds -ne $null) {
     $request.Credentials = $defaultCreds
   }

diff --git a/src/chocolatey.resources/helpers/functions/Install-ChocolateyPackage.ps1 b/src/chocolatey.resources/helpers/functions/Install-ChocolateyPackage.ps1
index ffa7659..58f41e4 100644
--- a/src/chocolatey.resources/helpers/functions/Install-ChocolateyPackage.ps1
+++ b/src/chocolatey.resources/helpers/functions/Install-ChocolateyPackage.ps1
@@ -267,6 +267,7 @@ param(
   [parameter(Mandatory=$false)][string] $checksumType = '',
   [parameter(Mandatory=$false)][string] $checksum64 = '',
   [parameter(Mandatory=$false)][string] $checksumType64 = '',
+  [parameter(Mandatory=$false)][object] $credential = $null,
   [parameter(Mandatory=$false)][hashtable] $options = @{Headers=@{}},
   [parameter(Mandatory=$false)]
   [alias("useOnlyPackageSilentArgs")][switch] $useOnlyPackageSilentArguments = $false,
@@ -307,6 +308,7 @@ param(
                                       -ChecksumType $checksumType `
                                       -Checksum64 $checksum64 `
                                       -ChecksumType64 $checksumType64 `
+                                      -Credential $credential `
                                       -Options $options `
                                       -GetOriginalFileName
   }

This is the conversation I had about it some time ago with Rob:

In-Reply-To: <5e03e104-3a31-4181-80d2-9ec5564781b1@googlegroups.com>
References: <5e03e104-3a31-4181-80d2-9ec5564781b1@googlegroups.com>
From: Rob Reynolds <ferventcoder@gmail.com>
Date: Thu, 21 Jul 2016 13:45:29 -0500
Message-ID: <CANJN1a7XXQt3UHu4ixfhyFZbfWCLjknCrN6KqSF6Qerr_VNSdw@mail.gmail.com>
Subject: Re: [chocolatey] Passing credentials to Install-ChocolateyPackage
To: chocolatey <chocolatey@googlegroups.com>
Reply-To: chocolatey@googlegroups.com

Let's be sure our terminology matches for "private source". Source is
typically meant for packages only, and all of that is handled completely
outside of PowerShell. So that leaves me to think you are talking about a
resource download "source" (or download location) that you need to pass
auth to for binaries you need to get for the package.

First question - why not just bundle the binaries in the package? I know
once you go over a certain size (ranging from 100MB to 2GB, depending on
the package repository), you start wanting to split out the binaries from
the package, but it's usually recommended to include everything a package
needs in the package, especially when you are not subject to distribution
rights (e.g. private sources).

Could it be a good add? Yes. I would create an issue for it at
https://github.com/chocolatey/choco/issues/new and we can get it triaged so
you can begin work on it. Please ensure you read over the CONTRIBUTING
doc[1] (it's very explicit in expectations so there is not much guessing)
and that you can sign the CLA.

[1] https://github.com/chocolatey/choco/blob/master/CONTRIBUTING.md

Consequently I've forked and committed my changes to https://github.com/Spitzbub/choco/tree/authcred, though I'm still working on them (adding documentation and unit tests)

@Apteryx0

This comment has been minimized.

Show comment
Hide comment
@Apteryx0

Apteryx0 Oct 18, 2016

Actually are there any tests for the helper functions? I thought there was but just looked again and couldn't find any......

Apteryx0 commented Oct 18, 2016

Actually are there any tests for the helper functions? I thought there was but just looked again and couldn't find any......

Apteryx0 pushed a commit to Apteryx0/choco that referenced this issue Oct 18, 2016

Russell Mora
GH-1021
Added comments for document generation.
@ferventcoder

This comment has been minimized.

Show comment
Hide comment
@ferventcoder

ferventcoder Oct 28, 2016

Member

right on - PR would be great!

Member

ferventcoder commented Oct 28, 2016

right on - PR would be great!

@ferventcoder ferventcoder added this to the 0.10.x milestone Oct 28, 2016

Apteryx0 pushed a commit to Apteryx0/choco that referenced this issue Nov 1, 2016

Russell Mora
(GH-1021)
Add credential option to the Install-ChocolateyPackage API and pass
the cred object down to the relevant web calls.

Apteryx0 pushed a commit to Apteryx0/choco that referenced this issue Nov 1, 2016

Russell Mora
GH-1021
Added comments for document generation.

Apteryx0 pushed a commit to Apteryx0/choco that referenced this issue Nov 1, 2016

Russell Mora
(GH-1021)
Added comments for document generation.

@ferventcoder ferventcoder changed the title from Contribution suggestion - auth cred for downloads to Auth cred for downloads Nov 13, 2016

@ferventcoder ferventcoder added 1 - Ready and removed 0 - Backlog labels Nov 13, 2016

@ferventcoder ferventcoder self-assigned this Nov 13, 2016

@Apteryx0 Apteryx0 referenced a pull request that will close this issue Nov 13, 2016

Open

(GH 1021) Authcred #1031

@ferventcoder ferventcoder added 2 - Working and removed 1 - Ready labels Nov 13, 2016

Apteryx0 pushed a commit to Apteryx0/choco that referenced this issue Jan 23, 2017

Russell Mora
(GH-1021)
Add credential option to the Install-ChocolateyPackage API and pass
the cred object down to the relevant web calls.

Apteryx0 pushed a commit to Apteryx0/choco that referenced this issue Jan 23, 2017

Russell Mora
(GH-1021)
Added comments for document generation.

Apteryx0 pushed a commit to Apteryx0/choco that referenced this issue Jan 23, 2017

Russell Mora
(GH-1021) Authcred
Add credential option to the Install-ChocolateyPackage API and pass
the cred object down to the relevant web calls.

Apteryx0 pushed a commit to Apteryx0/choco that referenced this issue Jan 23, 2017

Russell Mora
(GH-1021) Authcred
Added comments for document generation.

Apteryx0 pushed a commit to Apteryx0/choco that referenced this issue Jan 23, 2017

Russell Mora
(GH-1021) Authcred
Fixed version mentioned in comment header

Apteryx0 pushed a commit to Apteryx0/choco that referenced this issue Jan 23, 2017

Russell Mora
(GH-1021)
Add credential option to the Install-ChocolateyPackage API and pass
the cred object down to the relevant web calls.

Apteryx0 pushed a commit to Apteryx0/choco that referenced this issue Jan 23, 2017

Russell Mora
(GH-1021)
Added comments for document generation.

Apteryx0 pushed a commit to Apteryx0/choco that referenced this issue Jan 23, 2017

Russell Mora
(GH-1021)
Add credential option to the Install-ChocolateyPackage API and pass
the cred object down to the relevant web calls.

Apteryx0 pushed a commit to Apteryx0/choco that referenced this issue Jan 23, 2017

Russell Mora
(GH-1021)
Added comments for document generation.

Apteryx0 pushed a commit to Apteryx0/choco that referenced this issue Jan 23, 2017

Russell Mora
(GH-1021) Authcred
Updated version number of comment/header.

Apteryx0 pushed a commit to Apteryx0/choco that referenced this issue Jan 23, 2017

Russell Mora
(GH-1021) Authcred
Removed debug used during dev

Apteryx0 pushed a commit to Apteryx0/choco that referenced this issue Jan 30, 2017

Russell Mora
(GH-1021) Authcred
Extends the variaboue helper APIs that call Get-ChocolateyWebFile to
take a authentication credential and then pass that credential to the
various web calls. This allows us to download resources from webservers
that require authentication. The credential eventually gets used in a
System.Net.HttpWebRequest object and thus can be either a
NetworkCredential or a CredentialCache object. The previous behaviour
was just to use the default credentials which is generally the windows
user credential, which is often unsuitable.

Apteryx0 pushed a commit to Apteryx0/choco that referenced this issue May 1, 2017

Russell Mora
(GH-1021) allowing passing of cred arg for dl auth
Extends the variaboue helper APIs that call Get-ChocolateyWebFile to
take a authentication credential and then pass that credential to the
various web calls. This allows us to download resources from webservers
that require authentication. The credential eventually gets used in a
System.Net.HttpWebRequest object and thus can be either a
NetworkCredential or a CredentialCache object. The previous behaviour
was just to use the default credentials which is generally the windows
user credential, which is often unsuitable.

Apteryx0 pushed a commit to Apteryx0/choco that referenced this issue May 1, 2017

Russell Mora
(GH-1021) allowing passing of cred arg for dl auth
Extends the variaboue helper APIs that call Get-ChocolateyWebFile to
take a authentication credential and then pass that credential to the
various web calls. This allows us to download resources from webservers
that require authentication. The credential eventually gets used in a
System.Net.HttpWebRequest object and thus can be either a
NetworkCredential or a CredentialCache object. The previous behaviour
was just to use the default credentials which is generally the windows
user credential, which is often unsuitable.
@ryanwebjackson

This comment has been minimized.

Show comment
Hide comment
@ryanwebjackson

ryanwebjackson Oct 10, 2017

This has been part of Hacktoberfest for a year? I'm confused.

ryanwebjackson commented Oct 10, 2017

This has been part of Hacktoberfest for a year? I'm confused.

@ferventcoder

This comment has been minimized.

Show comment
Hide comment
@ferventcoder

ferventcoder Oct 10, 2017

Member

@ryanwebjackson It was from last year. Because the PR was already opened the Hacktoberfest tag was not removed.

Member

ferventcoder commented Oct 10, 2017

@ryanwebjackson It was from last year. Because the PR was already opened the Hacktoberfest tag was not removed.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment