New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fill AuthScope with host and port #10176
Conversation
We may be in a redirect chain if we don't have credentials
…mly enforce credential checks
...ces-http/src/main/java/org/gradle/internal/resource/transport/http/HttpClientConfigurer.java
Show resolved
Hide resolved
| NTLMCredentials ntlmCredentials = new NTLMCredentials(passwordCredentials); | ||
| Credentials httpCredentials = new NTCredentials(ntlmCredentials.getUsername(), ntlmCredentials.getPassword(), ntlmCredentials.getWorkstation(), ntlmCredentials.getDomain()); | ||
| credentialsProvider.setCredentials(new AuthScope(host, port, AuthScope.ANY_REALM, AuthSchemes.NTLM), httpCredentials); | ||
| assert host != null : "HTTP credentials and authentication require a host scope to be defined as well"; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Do you want to add a check that port != -1 here?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The port is going to be -1 a lot of the time because the URL doesn't specify the port explicitly. We would need to check the protocol and assume the right default (80 for http and 443 for https). That seems doable, but I think it would raise the danger of breaking someone that has their repository setup to redirect http to https and only use the http URL with authentication?
Are hosts usually distinguishable by port number for these kinds of auth schemes?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think your assessment is appropriate here.
Are hosts usually distinguishable by port number for these kinds of auth schemes?
I don't understand the question.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I mean, I think you could have different sets of credentials for example.com:1234 and example.com:5678, but if we didn't allow that for now, would that be a big deal?
| @@ -137,12 +139,12 @@ class HttpClientConfigurerTest extends Specification { | |||
| configurer.configure(httpClientBuilder) | |||
|
|
|||
| then: | |||
| def basicCredentials = httpClientBuilder.credentialsProvider.getCredentials(new AuthScope(AuthScope.ANY_HOST, AuthScope.ANY_PORT)) | |||
| def basicCredentials = httpClientBuilder.credentialsProvider.getCredentials(new AuthScope("host", 1234)) | |||
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You've got these "magic strings/numbers" hard coded in multiple places in the test, do you want to extract them to a variable or constants in the scope of the test or class.
...nternal-integ-testing/src/main/groovy/org/gradle/test/fixtures/server/http/HttpServer.groovy
Outdated
Show resolved
Hide resolved
Co-Authored-By: Jonathan Leitschuh <Jonathan.Leitschuh@gradle.com>
|
@ghale I'm going to merge this into release and get a nightly kicked off. I'll follow up on any review items you have in a follow up PR. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM!
|
@big-guy Per our conversation, looks good. |
Fixes #?
Context
Contributor Checklist
<subproject>/src/integTest) to verify changes from a user perspective<subproject>/src/test) to verify logic./gradlew <changed-subproject>:checkGradle Core Team Checklist