Do not warn http sources in search/list scenarios when allowInsecureC…

…onnections is set to true. (#5371)

src/NuGet.Clients/NuGet.CommandLine/Commands/SearchCommand.cs

@@ -131,7 +131,7 @@ private void WarnForHTTPSources(IList<PackageSource> packageSources)
             List<PackageSource> httpPackageSources = null;
             foreach (PackageSource packageSource in packageSources)
             {
-                if (packageSource.IsHttp && !packageSource.IsHttps)
+                if (packageSource.IsHttp && !packageSource.IsHttps && !packageSource.AllowInsecureConnections)
                 {
                     if (httpPackageSources == null)
                     {

src/NuGet.Core/NuGet.CommandLine.XPlat/Commands/PackageReferenceCommands/ListPackage/ListPackageCommandRunner.cs

@@ -164,7 +164,7 @@ private static void WarnForHttpSources(ListPackageArgs listPackageArgs, ListPack
             List<PackageSource> httpPackageSources = null;
             foreach (PackageSource packageSource in listPackageArgs.PackageSources)
             {
-                if (packageSource.IsHttp && !packageSource.IsHttps)
+                if (packageSource.IsHttp && !packageSource.IsHttps && !packageSource.AllowInsecureConnections)
                 {
                     if (httpPackageSources == null)
                     {

src/NuGet.Core/NuGet.Commands/ListCommand/ListCommandRunner.cs

@@ -69,7 +69,7 @@ private static void WarnForHTTPSources(ListArgs listArgs)
             List<PackageSource> httpPackageSources = null;
             foreach (PackageSource packageSource in listArgs.ListEndpoints)
             {
-                if (packageSource.IsHttp && !packageSource.IsHttps)
+                if (packageSource.IsHttp && !packageSource.IsHttps && !packageSource.AllowInsecureConnections)
                 {
                     if (httpPackageSources == null)
                     {

test/NuGet.Clients.FuncTests/NuGet.CommandLine.FuncTest/Commands/SearchCommandTests.cs

@@ -1,7 +1,9 @@
 // Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
+using System.IO;
 using NuGet.CommandLine.Test;
+using NuGet.Configuration.Test;
 using NuGet.Test.Utility;
 using Test.Utility;
 using Xunit;
@@ -990,24 +992,28 @@ public void SearchCommand_WhenSearchWithHttpSource_Warns()
             Assert.Contains("WARNING: You are running the 'search' operation with an 'HTTP' source", result.AllOutput);
         }
 
-        [Fact]
-        public void SearchCommand_WhenSearchWithHttpSources_Warns()
+        [Theory]
+        [InlineData("true", false)]
+        [InlineData("false", true)]
+        public void SearchCommand_WhenSearchWithHttpSourcesWithAllowInsecureConnections_WarnsCorrectly(string allowInsecureConnections, bool isHttpWarningExpected)
         {
             // Arrange
             string nugetexe = Util.GetNuGetExePath();
 
             using MockServer server1 = new MockServer();
             using MockServer server2 = new MockServer();
             using SimpleTestPathContext config = new SimpleTestPathContext();
-            CommandRunner.Run(
-                nugetexe,
-                config.WorkingDirectory,
-                $"source add -name mockSource -source {server1.Uri}v3/index.json -configfile {config.NuGetConfig}");
 
-            CommandRunner.Run(
-                nugetexe,
-                config.WorkingDirectory,
-                $"source add -name mockSource -source {server2.Uri}v3/index.json -configfile {config.NuGetConfig}");
+            // Arrange the NuGet.Config file
+            string nugetConfigContent =
+$@"<configuration>
+    <packageSources>
+        <clear />
+        <add key='http-feed1' value='{server1.Uri}v3/index.json' allowInsecureConnections=""{allowInsecureConnections}"" />
+        <add key='http-feed2' value='{server2.Uri}v3/index.json' allowInsecureConnections=""{allowInsecureConnections}"" />
+    </packageSources>
+</configuration>";
+            File.WriteAllText(config.NuGetConfig, nugetConfigContent);
 
             string index = $@"
                 {{
@@ -1085,6 +1091,7 @@ public void SearchCommand_WhenSearchWithHttpSources_Warns()
             {
                 "search",
                 "json",
+                ""
             };
 
             CommandRunnerResult result = CommandRunner.Run(
@@ -1099,7 +1106,21 @@ public void SearchCommand_WhenSearchWithHttpSources_Warns()
             Assert.True(result.Success, $"{result.AllOutput}");
             Assert.Contains("No results found.", $"{result.AllOutput}");
             Assert.DoesNotContain(">", $"{result.AllOutput}");
-            Assert.Contains("WARNING: You are running the 'search' operation with an 'HTTP' source", result.AllOutput);
+
+            string actualOutputWithoutSpace = SettingsTestUtils.RemoveWhitespace(result.Output);
+            string expectedWarningWithoutSpace = SettingsTestUtils.RemoveWhitespace($@"
+WARNING: You are running the 'search' operation with 'HTTP' sources:  
+http-feed1
+http-feed2
+Non-HTTPS access will be removed in a future version. Consider migrating to 'HTTPS' sources.");
+            if (isHttpWarningExpected)
+            {
+                Assert.Contains(expectedWarningWithoutSpace, actualOutputWithoutSpace);
+            }
+            else
+            {
+                Assert.DoesNotContain(expectedWarningWithoutSpace, actualOutputWithoutSpace);
+            }
         }
     }
 }

test/NuGet.Clients.Tests/NuGet.CommandLine.Test/NuGetListCommandTest.cs

@@ -9,6 +9,7 @@
 using System.Text;
 using FluentAssertions;
 using NuGet.Common;
+using NuGet.Configuration.Test;
 using NuGet.Packaging;
 using NuGet.Test.Utility;
 using Test.Utility;
@@ -1128,8 +1129,10 @@ public void ListCommand_WithAuthenticatedSourceV2_AppliesCredentialsFromSettings
             }
         }
 
-        [Fact]
-        public void ListCommand_WhenListWithHttpSource_Warns()
+        [PlatformTheory(Platform.Windows)]
+        [InlineData("true", false)]
+        [InlineData("false", true)]
+        public void ListCommand_WhenListWithHttpSourceAndAllowInsecureConnections_WarnsCorrectly(string allowInsecureConnections, bool isHttpWarningExpected)
         {
             var nugetexe = Util.GetNuGetExePath();
 
@@ -1152,8 +1155,17 @@ public void ListCommand_WhenListWithHttpSource_Warns()
 
             server.Start();
 
+            // create the config file
+            Util.CreateFile(packageDirectory, "nuget.config", $@"
+<configuration>
+    <packageSources>
+        <add key='http-feed' value='{server.Uri}nuget' allowInsecureConnections=""{allowInsecureConnections}"" />
+    </packageSources>
+</configuration>");
+            var configFile = Path.Combine(packageDirectory, "nuget.config");
+
             // Act
-            var args = "list test -Source " + server.Uri + "nuget";
+            var args = "list test -ConfigFile " + configFile;
             var result = CommandRunner.Run(
                 nugetexe,
                 packageDirectory,
@@ -1166,7 +1178,14 @@ public void ListCommand_WhenListWithHttpSource_Warns()
             // verify that only package id & version is displayed
             var expectedOutput = "testPackage1 1.1.0";
             Assert.Contains(expectedOutput, result.Output);
-            Assert.Contains("WARNING: You are running the 'list' operation with an 'HTTP' source", result.AllOutput);
+            if (isHttpWarningExpected)
+            {
+                Assert.Contains("WARNING: You are running the 'list' operation with an 'HTTP' source", result.AllOutput);
+            }
+            else
+            {
+                Assert.DoesNotContain("WARNING: You are running the 'list' operation with an 'HTTP' source", result.AllOutput);
+            }
         }
 
         [Fact]

test/NuGet.Core.FuncTests/Dotnet.Integration.Test/DotnetListPackageTests.cs

@@ -625,8 +625,10 @@ public void DotnetListPackage_VerbositySwitchTogglesHttpVisibility(string args,
             }
         }
 
-        [PlatformFact(Platform.Windows)]
-        public async Task ListPackage_WithHttpSource_Warns()
+        [PlatformTheory(Platform.Windows)]
+        [InlineData("true", false)]
+        [InlineData("false", true)]
+        public async Task ListPackage_WithHttpSourceAndAllowInsecureConnections_WarnsCorrectly(string allowInsecureConnections, bool isHttpWarningExpected)
         {
             // Arrange
             using var pathContext = _fixture.CreateSimpleTestPathContext();
@@ -647,7 +649,7 @@ await SimpleTestPackageUtility.CreatePackagesAsync(
 
             using var mockServer = new FileSystemBackedV3MockServer(pathContext.PackageSource);
             mockServer.Start();
-            pathContext.Settings.AddSource("http-source", mockServer.ServiceIndexUri);
+            pathContext.Settings.AddSource("http-source", mockServer.ServiceIndexUri, allowInsecureConnections);
 
             _fixture.RunDotnetExpectSuccess(Directory.GetParent(projectA.ProjectPath).FullName, $"add package A --version 1.0.0");
 
@@ -658,7 +660,14 @@ await SimpleTestPackageUtility.CreatePackagesAsync(
             // Assert
             var lines = listResult.AllOutput.Split(new[] { Environment.NewLine }, StringSplitOptions.RemoveEmptyEntries);
             Assert.True(lines.Any(l => l.Contains("> A                    1.0.0       1.0.0      2.0.0")), listResult.AllOutput);
-            Assert.True(lines.Any(l => l.Contains("warn : You are running the 'list package' operation with an 'HTTP' source")), listResult.AllOutput);
+            if (isHttpWarningExpected)
+            {
+                Assert.Contains("warn : You are running the 'list package' operation with an 'HTTP' source", listResult.AllOutput);
+            }
+            else
+            {
+                Assert.DoesNotContain("warn : You are running the 'list package' operation with an 'HTTP' source", listResult.AllOutput);
+            }
         }
 
         private static string CollapseSpaces(string input)