Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

NuGet list doesn't use v3 credentials for v2 list #2869

Open
zarenner opened this issue Jun 1, 2016 · 7 comments
Open

NuGet list doesn't use v3 credentials for v2 list #2869

zarenner opened this issue Jun 1, 2016 · 7 comments
Labels
Area:Authentication Functionality:List(Search) Priority:3 Issues under consideration. With enough upvotes, will be reconsidered to be added to the backlog. Product:NuGet.exe NuGet.exe Status:Excluded from icebox cleanup Status:Inactive Icebox issues not updated for a specific long time
Milestone
Backlog

Comments

@zarenner
Copy link

zarenner commented Jun 1, 2016
edited
Loading

I believe that this bug was fixed in NuGet 3.3 as #1229, but was re-introduced in 3.4 and still exists in the latest nightly.

Repro:

  1. Example nuget.config:

    <?xml version="1.0" encoding="utf-8"?>
<configuration>
  <packageSources>
    <clear />
    <add key="zachtest" value="https://<authenticated_feed>/v3/index.json" protocolVersion="3" />
  </packageSources>
  <packageSourceCredentials>
    <zachtest>
      <add key="Username" value="MyUserName" />
      <add key="Password" value="[redacted]" />
    </zachtest>
  </packageSourceCredentials>
</configuration>

  2. Run “nuget list”

Expected behavior: NuGet re-uses the v3 credentials for v2 list
Actual behavior: NuGet prompts “Please provide credentials for: https://<authenticated_feed>/v2/”

Note that the bug does not occur when the credential provider is used. In fact, the credential provider is (correctly) only ever invoked once:

  1.   For the v3 endpoint, if the service index has not been cached

  2.   For the v2 endpoint, if the service index has been cached

List is the only command affected.
@boekabart
Copy link

+1

@damianh
Copy link

damianh commented Oct 19, 2016
edited
Loading

Experiencing same here with 3.4.4-rtm-final . I have no V2 sources registered.

image

nuget install doesn't prompt for credentials.

@damianh
Copy link

damianh commented Oct 19, 2016

Bug remains in v3.5.0-rc1. cc @harikmenon @karann-msft

@damianh
Copy link

damianh commented Oct 21, 2016
edited
Loading

The account whose credentials we (securely) set up in TeamCity to connect to myget has been repeatedly getting locked out.

We have checked in versions of nuget.exe in our repositories to bootstrap the package restore and build process. Various repositories have upgraded the checked in nuget.exe to 3.4. It is my belief that this bug is causing the account lockout after a few CI builds.

I now have to recommend to my devs to stay with v3.3 until further notice :(

cc @maartenba

@maartenba
Copy link
Contributor

maartenba commented Oct 28, 2016
edited
Loading

@damianh That sucks :-( Do you have any request logs to share?

@emgarten emgarten added this to the Backlog milestone Dec 19, 2017
@emgarten emgarten added Area:Authentication Priority:3 Issues under consideration. With enough upvotes, will be reconsidered to be added to the backlog. labels Dec 19, 2017
@nkolev92 nkolev92 added the Product:NuGet.exe NuGet.exe label Apr 17, 2020
This was referenced Apr 17, 2020
Open
Closed
Open
@nkolev92 nkolev92 mentioned this issue Apr 27, 2020
Merged
@nkolev92
Copy link
Member

The work in NuGet/NuGet.Client#3273, might fix this issue thanks to @BlackGad.

We'd need to validate that first though.
The test to confirm this fix would need to be happen in
https://github.com/NuGet/NuGet.Client/blob/dev/test/NuGet.Clients.Tests/NuGet.CommandLine.Test/NuGetListCommandTest.cs.

We'd like need to change the mock server to watch for the auth headers.

@BlackGad
Copy link
Contributor

BlackGad commented May 2, 2020

See this comment

@nkolev92 nkolev92 mentioned this issue Dec 2, 2020
Closed
@ghost ghost added the Status:Inactive Icebox issues not updated for a specific long time label Sep 1, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Area:Authentication Functionality:List(Search) Priority:3 Issues under consideration. With enough upvotes, will be reconsidered to be added to the backlog. Product:NuGet.exe NuGet.exe Status:Excluded from icebox cleanup Status:Inactive Icebox issues not updated for a specific long time
Projects
None yet
Milestone
Backlog
Development

No branches or pull requests
9 participants
@damianh @maartenba @nkolev92 @boekabart @emgarten @BlackGad @zarenner @jeffkl @heng-liu