Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Endless reprompting for credentials when invoking 'nuget push' with a bad APIKey #1684

Closed
claycompton opened this issue Oct 26, 2013 · 2 comments
Closed

Endless reprompting for credentials when invoking 'nuget push' with a bad APIKey #1684

claycompton opened this issue Oct 26, 2013 · 2 comments
Assignees
@analogrelay
Milestone
I4 - 11/1 QA - 11...

Comments

@claycompton
Copy link

This appears to be a regression in the current QA bits; I can't reproduce it in production.

To repro:

  1. Create a package and push it to qa.nugettest.org using a bad API Key. In testing I used the following:
    nuget push -ApiKey fred C:\School\Bug1647\Bug1620.1.0.0.nupkg -Source https://qa.nugettest.org
  1. You'll be prompted for a user name and password. Enter correct values for both.

Result: You'll be prompted for credentials again. This will continue ad infinitum.
Expected: I expect that any credentials check would report success or failure after the first try.
@ghost ghost assigned analogrelay Oct 27, 2013
@analogrelay
Copy link
Contributor

The issue appears to be that the Gallery used to respond with 403 Forbidden instead of 401 Unauthorized when it received a bad API Key. My vote is to fix this in the next dev sprint (i.e. not hold up our current deployment). But I will fix it.

@analogrelay
Copy link
Contributor

(The fix is that we will use 403, because that is actually more appropriate. 401 indicates that the client can do something to authorize, 403 indicates that the client is simply unable to access the resource with the provided credentials)

@analogrelay analogrelay mentioned this issue Nov 4, 2013
Merged
analogrelay added a commit that referenced this issue Nov 4, 2013
@analogrelay
Merge pull request #1713 from NuGet/anurse/1684-endlessprompting
72bee3d 
Fixed #1684 by returning a 403 when API key is present but invalid
This was referenced Nov 24, 2015
Closed
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@analogrelay analogrelay

Labels
None yet
Projects
None yet
Milestone
I4 - 11/1 QA - 11/15 Production
Development

No branches or pull requests
2 participants
@analogrelay @claycompton