Skip to content

Commit

Permalink
deprecate non https sources: Promote warning to Error (#5858)
Browse files Browse the repository at this point in the history
* Deprecate http usage: `nuget search` promote warning to error for http sources (#5693)

* Deprecate http usage: `nuget list` promote warning to error for http sources (#5698)

* Deprecate http usage: `nuget push` promote warning to error for http sources (#5705)

* Deprecate http usage: `delete` operations, promote warning to error for http sources (#5703)

* Add `allowinsecureconnections` option (#5742)

* remove integration test for now (#5758)

* Deprecate http: Promote from warning to error in VS Options NuGet Package Manager (#5732)

* Deprecate http usage: `source` commands, promote warning to error for http sources (#5702)

* Deprecate http usage: `restore` scenarios promote warning to error for http sources (#5731)

* use `--allow-insecure-connections` for dotnet nuget add command (#5853)

* tests

* clean up

* clean up

* white space

* tests

* comment
  • Loading branch information
Nigusu-Allehu authored Jun 18, 2024
1 parent e65445e commit 66161fc
Show file tree
Hide file tree
Showing 55 changed files with 1,688 additions and 752 deletions.
13 changes: 7 additions & 6 deletions src/NuGet.Clients/NuGet.CommandLine/Commands/SearchCommand.cs
Original file line number Diff line number Diff line change
Expand Up @@ -66,7 +66,8 @@ public override async Task ExecuteCommandAsync()
var taskList = new List<(Task<IEnumerable<IPackageSearchMetadata>>, PackageSource)>();
IList<PackageSource> listEndpoints = GetEndpointsAsync();

WarnForHTTPSources(listEndpoints);
AvoidHttpSources(listEndpoints);

foreach (PackageSource source in listEndpoints)
{
SourceRepository repository = Repository.Factory.GetCoreV3(source);
Expand Down Expand Up @@ -126,7 +127,7 @@ public override async Task ExecuteCommandAsync()
}
}

private void WarnForHTTPSources(IList<PackageSource> packageSources)
private static void AvoidHttpSources(IList<PackageSource> packageSources)
{
List<PackageSource> httpPackageSources = null;
foreach (PackageSource packageSource in packageSources)
Expand All @@ -145,17 +146,17 @@ private void WarnForHTTPSources(IList<PackageSource> packageSources)
{
if (httpPackageSources.Count == 1)
{
Console.LogWarning(
throw new ArgumentException(
string.Format(CultureInfo.CurrentCulture,
NuGetResources.Warning_HttpServerUsage,
NuGetResources.Error_HttpSource_Single,
"search",
httpPackageSources[0]));
}
else
{
Console.LogWarning(
throw new ArgumentException(
string.Format(CultureInfo.CurrentCulture,
NuGetResources.Warning_HttpSources_Multiple,
NuGetResources.Error_HttpSources_Multiple,
"search",
Environment.NewLine + string.Join(Environment.NewLine, httpPackageSources.Select(e => e.Name))));
}
Expand Down
30 changes: 27 additions & 3 deletions src/NuGet.Clients/NuGet.CommandLine/Commands/SourcesCommand.cs
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,6 @@
// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.

using System;
using System.Globalization;
using System.Linq;
using NuGet.Commands;

Expand Down Expand Up @@ -36,6 +35,9 @@ public class SourcesCommand : Command
[Option(typeof(NuGetCommand), "SourcesCommandFormatDescription")]
public SourcesListFormat Format { get; set; }

[Option(typeof(NuGetCommand), "SourcesCommandAllowInsecureConnectionsDescription")]
public bool AllowInsecureConnections { get; set; }


public override void ExecuteCommand()
{
Expand All @@ -61,11 +63,33 @@ public override void ExecuteCommand()
switch (action)
{
case SourcesAction.Add:
var addArgs = new AddSourceArgs() { Name = Name, Source = Source, Username = Username, Password = Password, StorePasswordInClearText = StorePasswordInClearText, ValidAuthenticationTypes = ValidAuthenticationTypes, Configfile = ConfigFile, ProtocolVersion = ProtocolVersion };
var addArgs = new AddSourceArgs()
{
Name = Name,
Source = Source,
Username = Username,
Password = Password,
StorePasswordInClearText = StorePasswordInClearText,
ValidAuthenticationTypes = ValidAuthenticationTypes,
Configfile = ConfigFile,
ProtocolVersion = ProtocolVersion,
AllowInsecureConnections = AllowInsecureConnections
};
AddSourceRunner.Run(addArgs, () => Console);
break;
case SourcesAction.Update:
var updateSourceArgs = new UpdateSourceArgs() { Name = Name, Source = Source, Username = Username, Password = Password, StorePasswordInClearText = StorePasswordInClearText, ValidAuthenticationTypes = ValidAuthenticationTypes, Configfile = ConfigFile, ProtocolVersion = ProtocolVersion };
var updateSourceArgs = new UpdateSourceArgs()
{
Name = Name,
Source = Source,
Username = Username,
Password = Password,
StorePasswordInClearText = StorePasswordInClearText,
ValidAuthenticationTypes = ValidAuthenticationTypes,
Configfile = ConfigFile,
ProtocolVersion = ProtocolVersion,
AllowInsecureConnections = AllowInsecureConnections
};
UpdateSourceRunner.Run(updateSourceArgs, () => Console);
break;
case SourcesAction.Remove:
Expand Down
9 changes: 9 additions & 0 deletions src/NuGet.Clients/NuGet.CommandLine/NuGetCommand.Designer.cs

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

3 changes: 3 additions & 0 deletions src/NuGet.Clients/NuGet.CommandLine/NuGetCommand.resx
Original file line number Diff line number Diff line change
Expand Up @@ -931,6 +931,9 @@ nuget client-certs List</value>
<data name="SourcesCommandProtocolVersionDescription" xml:space="preserve">
<value>The NuGet server protocol version to be used. Currently supported versions are 2 and 3. See https://learn.microsoft.com/nuget/api/overview for information about the version 3 protocol. Defaults to 2 if not specified.</value>
</data>
<data name="SourcesCommandAllowInsecureConnectionsDescription" xml:space="preserve">
<value>Allows HTTP connections for adding or updating packages. Note: This method is not secure. For secure options, see https://aka.ms/nuget-https-everywhere for more information.</value>
</data>
<data name="EulaDescription" xml:space="preserve">
<value>Display NuGet.exe's End User Liscence Agreement (EULA)</value>
</data>
Expand Down
37 changes: 18 additions & 19 deletions src/NuGet.Clients/NuGet.CommandLine/NuGetResources.Designer.cs

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

14 changes: 6 additions & 8 deletions src/NuGet.Clients/NuGet.CommandLine/NuGetResources.resx
Original file line number Diff line number Diff line change
Expand Up @@ -714,14 +714,6 @@ You can set the '{1}' environment variable to 'true' to temporarily reenable thi
<data name="Error_NuGetExeNeedsToBeUnblockedAfterDownloading" xml:space="preserve">
<value>NuGet.exe file on path {0} needs to be unblocked after downloading.</value>
</data>
<data name="Warning_HttpServerUsage" xml:space="preserve">
<value>You are running the '{0}' operation with an 'HTTP' source, '{1}'. Non-HTTPS access will be removed in a future version. Consider migrating to an 'HTTPS' source.</value>
<comment>0 - The command name. Ex. Push/Delete. 1 - server uri.</comment>
</data>
<data name="Warning_HttpSources_Multiple" xml:space="preserve">
<value>You are running the '{0}' operation with 'HTTP' sources: {1}
Non-HTTPS access will be removed in a future version. Consider migrating to 'HTTPS' sources.</value>
</data>
<data name="Error_SourceProviderIsNull" xml:space="preserve">
<value>Property SourceProvider is null.</value>
<comment>Don't localize 'SourceProvider'</comment>
Expand All @@ -747,4 +739,10 @@ Do not localize `SDK`, `dotnet pack`, msbuild -t:pack` and 'true'.</comment>
{1} - current command marked as deprecated, e.g., list
{2} - replacement command. For example, search</comment>
</data>
<data name="Error_HttpSources_Multiple" xml:space="preserve">
<value>You are running the '{0}' operation with 'HTTP' sources: {1}. NuGet requires HTTPS sources. To use HTTP sources, you must explicitly set 'allowInsecureConnections' to true in your NuGet.Config file. Please refer to https://aka.ms/nuget-https-everywhere.</value>
</data>
<data name="Error_HttpSource_Single" xml:space="preserve">
<value>You are running the '{0}' operation with an 'HTTP' source: {1}. NuGet requires HTTPS sources. To use an HTTP source, you must explicitly set 'allowInsecureConnections' to true in your NuGet.Config file. Please refer to https://aka.ms/nuget-https-everywhere.</value>
</data>
</root>
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
// Copyright (c) .NET Foundation. All rights reserved.
// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.

using System.Globalization;
using System.Windows.Forms;
using NuGet.Configuration;
using NuGet.VisualStudio.Internal.Contracts;
Expand Down Expand Up @@ -36,12 +37,22 @@ public override AccessibleObject GetChild(int index)
PackageSource packageSource = new PackageSource(item.Source, item.Name);
if (packageSource.IsHttp && !packageSource.IsHttps && !packageSource.AllowInsecureConnections)
{
var sourceMessage = string.Concat(
Resources.Warning_HTTPSource,
var sourceMessage = string.Format(
CultureInfo.CurrentCulture,
Resources.Error_HttpSource_Single,
packageSource.Source);
return new CheckedListBoxItemAccessibleObject(this, packageSource.Name, index, sourceMessage);
}

if (packageSource.AllowInsecureConnections)
{
var insecureConnectionMessage = string.Format(
CultureInfo.CurrentCulture,
Resources.Warning_HTTPSource,
packageSource.Source);
return new CheckedListBoxItemAccessibleObject(this, packageSource.Name, index, insecureConnectionMessage);
}

return new CheckedListBoxItemAccessibleObject(this, packageSource.Name, index, packageSource.Source);
}
else
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,8 @@ internal class PackageSourceCheckedListBox : CheckedListBox
{
public Size CheckBoxSize { get; set; }

private static Icon ErrorIcon { get; set; }

private static Icon WarningIcon { get; set; }

private Icon GetWarningIcon()
Expand Down Expand Up @@ -47,6 +49,31 @@ private Icon GetWarningIcon()
return WarningIcon;
}

private static Icon GetErrorIcon()
{
ThreadHelper.ThrowIfNotOnUIThread();

if (ErrorIcon == null)
{
ImageAttributes attributes = new ImageAttributes
{
StructSize = Marshal.SizeOf(typeof(ImageAttributes)),
ImageType = (uint)_UIImageType.IT_Icon,
Format = (uint)_UIDataFormat.DF_WinForms,
LogicalWidth = 16,
LogicalHeight = 16,
Flags = (uint)_ImageAttributesFlags.IAF_RequiredFlags
};

IVsImageService2 imageService = (IVsImageService2)Microsoft.VisualStudio.Shell.Package.GetGlobalService(typeof(SVsImageService));
IVsUIObject uIObj = imageService.GetImage(KnownMonikers.StatusError, attributes);

ErrorIcon = (Icon)GelUtilities.GetObjectData(uIObj);
}

return ErrorIcon;
}

public override int ItemHeight
{
get
Expand Down Expand Up @@ -137,23 +164,37 @@ protected override void OnDrawItem(DrawItemEventArgs e)

var packageSource = new PackageSource(currentItem.Source, currentItem.Name);
packageSource.AllowInsecureConnections = currentItem.AllowInsecureConnections;
var shouldShowHttpWarningIcon = packageSource.IsHttp && !packageSource.IsHttps && !packageSource.AllowInsecureConnections;
Rectangle warningBounds = default;
var shouldShowHttpErrorIcon = packageSource.IsHttp && !packageSource.IsHttps && !packageSource.AllowInsecureConnections;
Rectangle bounds = default;

if (shouldShowHttpWarningIcon)
if (shouldShowHttpErrorIcon)
{
var errorIcon = GetErrorIcon();

bounds = new Rectangle(
nameBounds.Left,
nameBounds.Bottom,
errorIcon.Width,
errorIcon.Height);
graphics.DrawIcon(errorIcon, bounds);
}

if (packageSource.AllowInsecureConnections)
{
var warningIcon = GetWarningIcon();

warningBounds = new Rectangle(
bounds = new Rectangle(
nameBounds.Left,
nameBounds.Bottom,
warningIcon.Width,
warningIcon.Height);
graphics.DrawIcon(warningIcon, warningBounds);
graphics.DrawIcon(warningIcon, bounds);
}

bool showWarningOrError = shouldShowHttpErrorIcon || packageSource.AllowInsecureConnections;

var sourceBounds = new Rectangle(
shouldShowHttpWarningIcon ? warningBounds.Right : nameBounds.Left,
showWarningOrError ? bounds.Right : nameBounds.Left,
nameBounds.Bottom,
textWidth,
e.Bounds.Bottom - nameBounds.Bottom);
Expand Down
Loading

0 comments on commit 66161fc

Please sign in to comment.