Skip to content

(#3600) Handle non-ASCII passwords with legacy encoding fallback #3762

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 1 commit into
base: develop
Choose a base branch
from
Open

(#3600) Handle non-ASCII passwords with legacy encoding fallback #3762

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
63 changes: 63 additions & 0 deletions src/chocolatey.tests/infrastructure.app/nuget/ChocolateyNugetCredentialProviderSpecs.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -182,6 +182,69 @@ public void Should_Provide_The_Correct_Password()
}
}

public class When_A_Password_Using_Non_ASCII_Characters_With_Explicit_Username_and_Password : ChocolateyNugetCredentialProviderSpecsBase
{
public override void Context()
{
base.Context();
Configuration.Sources = Configuration.ExplicitSources = TargetSourceUrl;
Configuration.SourceCommand.Username = "user";
Configuration.SourceCommand.Password = "tøtally_sæcure_påssword!!!";
}

[Fact]
public void Should_Find_The_Saved_Source_And_Return_The_Credential()
{
Result.Should().NotBeNull();
}

[Fact]
public void Should_Provide_The_Correct_Username()
{
Result.UserName.Should().Be(Username);
}

[Fact]
public void Should_Provide_Password_Using_1252_Codepage()
{
// The following looks odd, but this is a workaround to
// allow passwords using non-ascii characters to be used
// against sources.
Result.Password.Should().Be("tøtally_sæcure_påssword!!!");
}
}

public class When_A_Password_Using_Non_ASCII_Characters_With_Implicit_Usernam_And_Password : ChocolateyNugetCredentialProviderSpecsBase
{
public override void Context()
{
base.Context();
Configuration.Sources = Configuration.ExplicitSources = TargetSourceName;
Configuration.MachineSources[1].EncryptedPassword = NugetEncryptionUtility.EncryptString("tøtally_sæcure_påssword!!!");
}

[Fact]
public void Should_Find_The_Saved_Source_And_Return_The_Credential()
{
Result.Should().NotBeNull();
}

[Fact]
public void Should_Provide_The_Correct_Username()
{
Result.UserName.Should().Be(Username);
}

[Fact]
public void Should_Provide_Password_Using_1252_Codepage()
{
// The following looks odd, but this is a workaround to
// allow passwords using non-ascii characters to be used
// against sources.
Result.Password.Should().Be("tøtally_sæcure_påssword!!!");
}
}

public class Looks_Up_Source_Url_When_Name_And_Credentials_Is_Provided : ChocolateyNugetCredentialProviderSpecsBase
{
public override void Context()
Expand Down
56 changes: 49 additions & 7 deletions src/chocolatey/infrastructure.app/nuget/ChocolateyNugetCredentialProvider.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,7 @@
using System;
using System.Linq;
using System.Net;
using System.Text;
using System.Text.RegularExpressions;
using chocolatey.infrastructure.commandline;
using chocolatey.infrastructure.app.configuration;
Expand Down Expand Up @@ -81,7 +82,7 @@ public Task<CredentialResponse> GetAsync(Uri uri, IWebProxy proxy, CredentialReq
{
this.Log().Debug("Using passed in credentials");

return Task.FromResult(new CredentialResponse(new NetworkCredential(_config.SourceCommand.Username, _config.SourceCommand.Password)));
return Task.FromResult(new CredentialResponse(ToNetworkCredentials(_config.SourceCommand.Username, _config.SourceCommand.Password, isRetry)));
}
}

Expand Down Expand Up @@ -156,7 +157,9 @@ public Task<CredentialResponse> GetAsync(Uri uri, IWebProxy proxy, CredentialReq
this.Log().Debug("Using saved credentials");
}

return Task.FromResult(new CredentialResponse(new NetworkCredential(source.Username, NugetEncryptionUtility.DecryptString(source.EncryptedPassword))));
var credentials = ToNetworkCredentials(source.Username, NugetEncryptionUtility.DecryptString(source.EncryptedPassword), isRetry);

return Task.FromResult(new CredentialResponse(credentials));
}

#pragma warning disable IDE0060 // unused method parameter
Expand Down Expand Up @@ -186,15 +189,54 @@ public ICredentials GetUserCredentials(Uri uri, IWebProxy proxy, CredentialReque
return CredentialCache.DefaultNetworkCredentials;
}

var credentials = new NetworkCredential
{
UserName = username,
Password = password
};
var credentials = ToNetworkCredentials(username, password, isRetry: false);

return credentials;
}

private static NetworkCredential ToNetworkCredentials(string username, string password, bool isRetry)
{
if (isRetry)
{
// If we have already attempted using the fallback legacy
// way to set the string, then we will just return the network
// credentials as is, and assume that the server expects the
// encoding used to be the same as the bug in .NET 4.8.1 that
// causes incorrect encodings to be used.

return new NetworkCredential(username, password);
}

var utf8Bytes = Encoding.UTF8.GetBytes(password);
try
{
var legacyEncoding = GetEncoding(1252);

var legacyPassword = legacyEncoding.GetString(utf8Bytes);

return new NetworkCredential(username, legacyPassword);
}
catch
{
return new NetworkCredential(username, password);
}
}

private static Encoding GetEncoding(int codepage)
{
try
{
return Encoding.GetEncoding(codepage);
}
catch
{
// If the code page specified isn't available,
// then let us fall back to the default encoding
// used on the system.
return Encoding.Default;
}
}

#pragma warning disable IDE0022, IDE1006
[Obsolete("This overload is deprecated and will be removed in v3.")]
public ICredentials get_credentials_from_user(Uri uri, IWebProxy proxy, CredentialRequestType credentialType)
Expand Down