LibraryManager icon indicating copy to clipboard operation
LibraryManager copied to clipboard

Published 20 hours ago verified publisher icon aspnet

(invisible) HTTPS_PROXY settings overrule explicit HTTP_PROXY settings

Open szabczy opened this issue 4 years ago • 2 comments

Functional impact

If You configure only http_proxy + http_proxy.user + http_proxy.password, but the program gets a https_proxy URL from somewhere, Your settings will never be used and the restore function fails despite entering the right values.

I don't know how, but when debugging ProxySettings.cs, private IWebProxy TryConfigureProxy(), the line if (_settings.TryGetValue(proxySettingName, out string proxyAddress)) (line 82) returned a valid URL for https_proxy, even if it wasn't configured.

Therefore my own credentials were never used.

Minimal repro steps

  1. configure: https_proxy (with no credentials) http_proxy http_proxy.user http_proxy.password

  2. Execute libman restore

  3. You will get lots of errors, like [LIB002]: The "[email protected]" library could not be resolved by the "cdnjs" provider

Expected result

I would expect that the credentials I entered would make restore possible

I can understand that not every proxy needs user name + password It would help, if at least in the documentation, the user would be instructed to set https_proxy + credentials first. Unfortunately, the current documentation only mentions http_proxy settings.

szabczy avatar May 28 '20 17:05 szabczy

Just to clarify, is this request a documentation issue, or a requested change in the behavior?

The implementation basically breaks it down into sets (https vs http) and prefers the https set if https_proxy exists at all. The settings themselves can come either from the libman.config.json file or as environment variables.

jimmylewis avatar Jun 03 '20 04:06 jimmylewis

The current behavior should stay as it is. However, there are two ways to improve user experience:

  1. Documentation: the command line help should explicitly mention https settings, like this:

Examples: libman config https_proxy libman config --set https_proxy=http://example libman config --setEncrypted https_proxy.password=passwordText

  1. Verbosity: in the method mentioned above, the results of the _settings.TryGetValue calls should appear in the verbose output

So when the user issues the command: libman restore --verbosity detailed

He/She should see some extra lines like: Setting 'https_proxy' found with value 'blabla' and Setting 'https_proxy.user' and 'https_proxy.password' found/not found

szabczy avatar Jun 03 '20 06:06 szabczy