Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Credential change not detected if the change is only in the case #3543

Open
6 tasks done
pauby opened this issue Oct 29, 2024 · 0 comments
Open
6 tasks done

Credential change not detected if the change is only in the case #3543

pauby opened this issue Oct 29, 2024 · 0 comments
Labels
0 - Backlog Bug

Comments

@pauby
Copy link
Member

pauby commented Oct 29, 2024
edited
Loading

Checklist

  • I confirm there are no unresolved issues reported on the Chocolatey Status page.
  • I have verified this is the correct repository for opening this issue.
  • I have verified no other issues exist related to my problem.
  • I have verified this is not an issue for a specific package.
  • I have verified this issue is not security related.
  • I confirm I am using official, and not unofficial, or modified, Chocolatey products.

What You Are Seeing?

Authenticated sources that require correction of incorrectly cased usernames or passwords will not update the values, because Chocolatey CLI converts the string to lower-case before comparing it.

This can be an issue on, for instance, Nexus, where the username is case sensitive.

What is Expected?

Chocolatey CLI should update the value if it is different, even if all the letters match.

How Did You Get This To Happen?

  1. Install Chocolatey CLI: irm https://ch0.co/go | iex
  2. Add an authenticated source to your install: choco source add --name='test' --source='https://example.com/api/v2/' --username='bob' --password='bob1999'
  3. Realising you should have capitalised 'Bob', attempt to update your source: choco source add --name='test' --source='https://example.com/api/v2/' --username='Bob' --password='bob1999' or password: choco source add --name='test' --source='https://example.com/api/v2/' --username='bob' --password='BOB1999'

Results in: Nothing to change. Config already set.

Image

System Details

  • Operating System: Windows 11
  • Windows PowerShell Version: 5
  • Chocolatey CLI Version: 2.3
  • Chocolatey Licensed Extension version: 6.3
  • Chocolatey License type (Professional / Business / ?): Business
  • Terminal/Emulator: Windows Terminal

Installed Packages

N/A

Output Log

N/A

Additional Context

Workaround

  1. Set the password or username to something that doesn't insensitively match the previous value, e.g. 'helen1999'.
  2. Change it back to the correctly cased original value.

(similar to working with Windows filenames)

Proposed Solution

Source checks the values and says no changes needed. This is because we specifically use ignoreCase: true in IsEqualTo

I guess my recommended fix would be to either add an IsEqualToSensitive or to add a parameter to the existing method for ignoreCase that defaults to true. That shouldn't break things, but I haven't investigated all uses of IsEqualTo() in the codebase.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
0 - Backlog Bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@pauby