Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Auth cred for downloads #1021

Open
Apteryx0 opened this issue Oct 18, 2016 · 6 comments · May be fixed by #3283
Open

Auth cred for downloads #1021

Apteryx0 opened this issue Oct 18, 2016 · 6 comments · May be fixed by #3283
Assignees
@ferventcoder
Labels
3 - Review Hacktoberfest Improvement Priority_LOW Up For Grabs
Milestone
Future

Comments

@Apteryx0
Copy link

Very simply, when I call Install-ChocolateyPackage with a URL to download, I'd like to also pass to it a System.Net.ICredentials to the call so that I can use a download URL rather requires authentication.

The change is dead simple, just pass the credential object down the call chain until you hand it off to the System.Net.HttpWebRequest object. My question is what have I missed?

diff --git a/src/chocolatey.resources/helpers/functions/Get-ChocolateyWebFile.ps1 b/src/chocolatey.resources/helpers/functions/Get-ChocolateyWebFile.ps1
index d446fe6..93c53da 100644
--- a/src/chocolatey.resources/helpers/functions/Get-ChocolateyWebFile.ps1
+++ b/src/chocolatey.resources/helpers/functions/Get-ChocolateyWebFile.ps1
@@ -195,6 +195,7 @@ param(
   [parameter(Mandatory=$false)][string] $checksumType = '',
   [parameter(Mandatory=$false)][string] $checksum64 = '',
   [parameter(Mandatory=$false)][string] $checksumType64 = $checksumType,
+  [parameter(Mandatory=$false)][Object] $credential = $null,
   [parameter(Mandatory=$false)][hashtable] $options = @{Headers=@{}},
   [parameter(Mandatory=$false)][switch] $getOriginalFileName,
   [parameter(Mandatory=$false)][switch] $forceDownload,
@@ -261,7 +262,7 @@ param(
   if ($url.StartsWith('http:')) {
     try {
       $httpsUrl = $url.Replace("http://", "https://")
-      Get-WebHeaders -Url $httpsUrl -ErrorAction "Stop" | Out-Null
+      Get-WebHeaders -Url $httpsUrl -ErrorAction "Stop" -Credential $credential | Out-Null
       $url = $httpsUrl
       Write-Warning "Url has SSL/TLS available, switching to HTTPS for download"
     } catch {
@@ -274,7 +275,7 @@ param(
       $fileFullPath = $fileFullPath -replace '\\chocolatey\\chocolatey\\', '\chocolatey\'
       $fileDirectory = [System.IO.Path]::GetDirectoryName($fileFullPath)
       $originalFileName = [System.IO.Path]::GetFileName($fileFullPath)
-      $fileFullPath = Get-WebFileName -Url $url -DefaultName $originalFileName
+      $fileFullPath = Get-WebFileName -Url $url -DefaultName $originalFileName -Credential $credential
       $fileFullPath = Join-Path $fileDirectory $fileFullPath
       $fileFullPath = [System.IO.Path]::GetFullPath($fileFullPath)
     } catch {
@@ -295,7 +296,7 @@ param(
   $headers = @{}
   if ($url.StartsWith('http')) {
     try {
-      $headers = Get-WebHeaders -Url $url -ErrorAction "Stop"
+      $headers = Get-WebHeaders -Url $url -ErrorAction "Stop" -Credential $credential
     } catch {
       if ($host.Version -lt (New-Object 'Version' 3,0)) {
         Write-Debug "Converting Security Protocol to SSL3 only for Powershell v2"
@@ -303,7 +304,7 @@ param(
         $originalProtocol = [System.Net.ServicePointManager]::SecurityProtocol
         [System.Net.ServicePointManager]::SecurityProtocol = [System.Net.SecurityProtocolType]::Ssl3
         try {
-          $headers = Get-WebHeaders -Url $url -ErrorAction "Stop"
+          $headers = Get-WebHeaders -Url $url -ErrorAction "Stop" -Credential $credential
         } catch {
           Write-Host "Attempt to get headers for $url failed.`n  $($_.Exception.Message)"
           [System.Net.ServicePointManager]::SecurityProtocol = $originalProtocol
@@ -334,7 +335,7 @@ param(
     if ($needsDownload) {
       Write-Host "Downloading $packageName $bitPackage
   from `'$url`'"
-      Get-WebFile -Url $url -FileName $fileFullPath -Options $options
+      Get-WebFile -Url $url -FileName $fileFullPath -Credential $credential -Options $options
     } else {
       Write-Debug "$($packageName)'s requested file has already been downloaded. Using cached copy at
  '$fileFullPath'."
diff --git a/src/chocolatey.resources/helpers/functions/Get-WebFile.ps1 b/src/chocolatey.resources/helpers/functions/Get-WebFile.ps1
index 47e1c6c..249efdd 100644
--- a/src/chocolatey.resources/helpers/functions/Get-WebFile.ps1
+++ b/src/chocolatey.resources/helpers/functions/Get-WebFile.ps1
@@ -85,6 +85,7 @@ param(
   [parameter(Mandatory=$false, Position=0)][string] $url = '', #(Read-Host "The URL to download"),
   [parameter(Mandatory=$false, Position=1)][string] $fileName = $null,
   [parameter(Mandatory=$false, Position=2)][string] $userAgent = 'chocolatey command line',
+  [parameter(Mandatory=$false)][Object] $credential = $null,
   [parameter(Mandatory=$false)][switch] $Passthru,
   [parameter(Mandatory=$false)][switch] $quiet,
   [parameter(Mandatory=$false)][hashtable] $options = @{Headers=@{}},
@@ -109,7 +110,9 @@ param(

   $req = [System.Net.HttpWebRequest]::Create($url);
   $defaultCreds = [System.Net.CredentialCache]::DefaultCredentials
-  if ($defaultCreds -ne $null) {
+  if ($credential -ne $null) {
+    $req.Credentials = $credential
+  } elseif ($defaultCreds -ne $null) {
     $req.Credentials = $defaultCreds
   }

diff --git a/src/chocolatey.resources/helpers/functions/Get-WebFileName.ps1 b/src/chocolatey.resources/helpers/functions/Get-WebFileName.ps1
index 74b943a..610e6d5 100644
--- a/src/chocolatey.resources/helpers/functions/Get-WebFileName.ps1
+++ b/src/chocolatey.resources/helpers/functions/Get-WebFileName.ps1
@@ -69,6 +69,7 @@ param(
   [parameter(Mandatory=$false, Position=0)][string] $url = '',
   [parameter(Mandatory=$true, Position=1)][string] $defaultName,
   [parameter(Mandatory=$false)][string] $userAgent = 'chocolatey command line',
+  [parameter(Mandatory=$false)][Object] $credential = $null,
   [parameter(ValueFromRemainingArguments = $true)][Object[]] $ignoredArguments
 )

@@ -106,7 +107,9 @@ param(
   }

   $defaultCreds = [System.Net.CredentialCache]::DefaultCredentials
-  if ($defaultCreds -ne $null) {
+  if ($credential -ne $null) {
+    $req.Credentials = $credential
+  } elseif ($defaultCreds -ne $null) {
     $request.Credentials = $defaultCreds
   }

diff --git a/src/chocolatey.resources/helpers/functions/Get-WebHeaders.ps1 b/src/chocolatey.resources/helpers/functions/Get-WebHeaders.ps1
index 7d699ca..b52a0c5 100644
--- a/src/chocolatey.resources/helpers/functions/Get-WebHeaders.ps1
+++ b/src/chocolatey.resources/helpers/functions/Get-WebHeaders.ps1
@@ -53,6 +53,7 @@ Get-WebFile
 param(
   [parameter(Mandatory=$false, Position=0)][string] $url = '',
   [parameter(Mandatory=$false, Position=1)][string] $userAgent = 'chocolatey command line',
+  [parameter(Mandatory=$false, Position=2)][Object] $credential = $null,
   [parameter(ValueFromRemainingArguments = $true)][Object[]] $ignoredArguments
 )

@@ -62,7 +63,10 @@ param(

   $request = [System.Net.HttpWebRequest]::Create($url);
   $defaultCreds = [System.Net.CredentialCache]::DefaultCredentials
-  if ($defaultCreds -ne $null) {
+  if ($credential -ne $null) {
+    Write-Host "Using credential."
+    $request.Credentials = $credential
+  } elseif ($defaultCreds -ne $null) {
     $request.Credentials = $defaultCreds
   }

diff --git a/src/chocolatey.resources/helpers/functions/Install-ChocolateyPackage.ps1 b/src/chocolatey.resources/helpers/functions/Install-ChocolateyPackage.ps1
index ffa7659..58f41e4 100644
--- a/src/chocolatey.resources/helpers/functions/Install-ChocolateyPackage.ps1
+++ b/src/chocolatey.resources/helpers/functions/Install-ChocolateyPackage.ps1
@@ -267,6 +267,7 @@ param(
   [parameter(Mandatory=$false)][string] $checksumType = '',
   [parameter(Mandatory=$false)][string] $checksum64 = '',
   [parameter(Mandatory=$false)][string] $checksumType64 = '',
+  [parameter(Mandatory=$false)][object] $credential = $null,
   [parameter(Mandatory=$false)][hashtable] $options = @{Headers=@{}},
   [parameter(Mandatory=$false)]
   [alias("useOnlyPackageSilentArgs")][switch] $useOnlyPackageSilentArguments = $false,
@@ -307,6 +308,7 @@ param(
                                       -ChecksumType $checksumType `
                                       -Checksum64 $checksum64 `
                                       -ChecksumType64 $checksumType64 `
+                                      -Credential $credential `
                                       -Options $options `
                                       -GetOriginalFileName
   }

This is the conversation I had about it some time ago with Rob:

In-Reply-To: <[email protected]>
References: <[email protected]>
From: Rob Reynolds <[email protected]>
Date: Thu, 21 Jul 2016 13:45:29 -0500
Message-ID: <CANJN1a7XXQt3UHu4ixfhyFZbfWCLjknCrN6KqSF6Qerr_VNSdw@mail.gmail.com>
Subject: Re: [chocolatey] Passing credentials to Install-ChocolateyPackage
To: chocolatey <[email protected]>
Reply-To: [email protected]

Let's be sure our terminology matches for "private source". Source is
typically meant for packages only, and all of that is handled completely
outside of PowerShell. So that leaves me to think you are talking about a
resource download "source" (or download location) that you need to pass
auth to for binaries you need to get for the package.

First question - why not just bundle the binaries in the package? I know
once you go over a certain size (ranging from 100MB to 2GB, depending on
the package repository), you start wanting to split out the binaries from
the package, but it's usually recommended to include everything a package
needs in the package, especially when you are not subject to distribution
rights (e.g. private sources).

Could it be a good add? Yes. I would create an issue for it at
https://github.com/chocolatey/choco/issues/new and we can get it triaged so
you can begin work on it. Please ensure you read over the CONTRIBUTING
doc[1] (it's very explicit in expectations so there is not much guessing)
and that you can sign the CLA.

[1] https://github.com/chocolatey/choco/blob/master/CONTRIBUTING.md

Consequently I've forked and committed my changes to https://github.com/Spitzbub/choco/tree/authcred, though I'm still working on them (adding documentation and unit tests)
@Apteryx0
Copy link
Author

Actually are there any tests for the helper functions? I thought there was but just looked again and couldn't find any......

Apteryx0 pushed a commit to Apteryx0/choco that referenced this issue Oct 18, 2016
chocolateyGH-1021
5f537b0 
Added comments for document generation.
@ferventcoder
Copy link
Member

right on - PR would be great!

@ferventcoder ferventcoder added this to the 0.10.x milestone Oct 28, 2016
Apteryx0 pushed a commit to Apteryx0/choco that referenced this issue Nov 1, 2016
(chocolateyGH-1021)
0e86ad2 
Add credential option to the Install-ChocolateyPackage API and pass
the cred object down to the relevant web calls.
Apteryx0 pushed a commit to Apteryx0/choco that referenced this issue Nov 1, 2016
chocolateyGH-1021
2623a89 
Added comments for document generation.
Apteryx0 pushed a commit to Apteryx0/choco that referenced this issue Nov 1, 2016
(chocolateyGH-1021)
613901f 
Added comments for document generation.
@ferventcoder ferventcoder changed the title Contribution suggestion - auth cred for downloads Auth cred for downloads Nov 13, 2016
@ferventcoder ferventcoder self-assigned this Nov 13, 2016
@Apteryx0 Apteryx0 mentioned this issue Nov 13, 2016
Closed
Apteryx0 pushed a commit to Apteryx0/choco that referenced this issue Jan 23, 2017
(chocolateyGH-1021)
bbc8b68 
Add credential option to the Install-ChocolateyPackage API and pass
the cred object down to the relevant web calls.
Apteryx0 pushed a commit to Apteryx0/choco that referenced this issue Jan 23, 2017
(chocolateyGH-1021)
6ed09e1 
Added comments for document generation.
Apteryx0 pushed a commit to Apteryx0/choco that referenced this issue Jan 23, 2017
(chocolateyGH-1021) Authcred
c3f4b1d 
Add credential option to the Install-ChocolateyPackage API and pass
the cred object down to the relevant web calls.
Apteryx0 pushed a commit to Apteryx0/choco that referenced this issue Jan 23, 2017
(chocolateyGH-1021) Authcred
843b3a0 
Added comments for document generation.
Apteryx0 pushed a commit to Apteryx0/choco that referenced this issue Jan 23, 2017
(chocolateyGH-1021) Authcred
150acfd 
Fixed version mentioned in comment header
Apteryx0 pushed a commit to Apteryx0/choco that referenced this issue Jan 23, 2017
(chocolateyGH-1021)
45bdad5 
Add credential option to the Install-ChocolateyPackage API and pass
the cred object down to the relevant web calls.
Apteryx0 pushed a commit to Apteryx0/choco that referenced this issue Jan 23, 2017
(chocolateyGH-1021)
03bd227 
Added comments for document generation.
Apteryx0 pushed a commit to Apteryx0/choco that referenced this issue Jan 23, 2017
(chocolateyGH-1021)
644cb22 
Add credential option to the Install-ChocolateyPackage API and pass
the cred object down to the relevant web calls.
Apteryx0 pushed a commit to Apteryx0/choco that referenced this issue Jan 23, 2017
(chocolateyGH-1021)
1f89144 
Added comments for document generation.
Apteryx0 pushed a commit to Apteryx0/choco that referenced this issue Jan 23, 2017
(chocolateyGH-1021) Authcred
d117717 
Updated version number of comment/header.
Apteryx0 pushed a commit to Apteryx0/choco that referenced this issue Jan 23, 2017
(chocolateyGH-1021) Authcred
fa570a5 
Removed debug used during dev
Apteryx0 pushed a commit to Apteryx0/choco that referenced this issue Jan 30, 2017
(chocolateyGH-1021) Authcred
15c56d8 
Extends the variaboue helper APIs that call Get-ChocolateyWebFile to
take a authentication credential and then pass that credential to the
various web calls. This allows us to download resources from webservers
that require authentication. The credential eventually gets used in a
System.Net.HttpWebRequest object and thus can be either a
NetworkCredential or a CredentialCache object. The previous behaviour
was just to use the default credentials which is generally the windows
user credential, which is often unsuitable.
Apteryx0 pushed a commit to Apteryx0/choco that referenced this issue May 1, 2017
(chocolateyGH-1021) allowing passing of cred arg for dl auth
9f8f8e2 
Extends the variaboue helper APIs that call Get-ChocolateyWebFile to
take a authentication credential and then pass that credential to the
various web calls. This allows us to download resources from webservers
that require authentication. The credential eventually gets used in a
System.Net.HttpWebRequest object and thus can be either a
NetworkCredential or a CredentialCache object. The previous behaviour
was just to use the default credentials which is generally the windows
user credential, which is often unsuitable.
Apteryx0 pushed a commit to Apteryx0/choco that referenced this issue May 1, 2017
(chocolateyGH-1021) allowing passing of cred arg for dl auth
0dbf714 
Extends the variaboue helper APIs that call Get-ChocolateyWebFile to
take a authentication credential and then pass that credential to the
various web calls. This allows us to download resources from webservers
that require authentication. The credential eventually gets used in a
System.Net.HttpWebRequest object and thus can be either a
NetworkCredential or a CredentialCache object. The previous behaviour
was just to use the default credentials which is generally the windows
user credential, which is often unsuitable.
@ryanwebjackson
Copy link

This has been part of Hacktoberfest for a year? I'm confused.

@ferventcoder
Copy link
Member

@ryanwebjackson It was from last year. Because the PR was already opened the Hacktoberfest tag was not removed.

@TheCakeIsNaOH TheCakeIsNaOH mentioned this issue Jul 13, 2023
Closed
4 tasks
@we-mi
Copy link

we-mi commented Jul 20, 2023

Hi,

The PR for this issue has been closed due to inactivity over several years.
I'm open to create a new PR for this issue so it can be fixed.
I just want to know if I shall create a new issue or if I can reference this one in the PR.

Would bei great if someone can answer this.

Thanks!

@pauby
Copy link
Member

pauby commented Jul 20, 2023

The issue is still open so can be used for a new PR.

we-mi added a commit to we-mi/choco that referenced this issue Jul 23, 2023
@we-mi
(chocolatey#1021) Adds support for authenticated downloads
ad88905 
Download-relevant Chocolatey Helper functions are extended with a
"Credentials" parameter to enable downloads over HTTP(S) that require
authentication.

The parameter is then attached to the Microsoft System.Net.HttpWebRequest
object to perform the download.

Before this change it was not possible to pass credentials for downloads
@we-mi we-mi linked a pull request Jul 25, 2023 that will close this issue
Open
10 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@ferventcoder ferventcoder

Labels
3 - Review Hacktoberfest Improvement Priority_LOW Up For Grabs
Projects
None yet
Milestone
Future
Development

Successfully merging a pull request may close this issue.

(#1021) Use credentials for downloads we-mi/choco
(#1021) Authcred Apteryx0/choco
5 participants
@ferventcoder @we-mi @ryanwebjackson @pauby @Apteryx0