Merge branch 'stable'

* stable:
  (doc) update CHANGELOG/nuspec
  (GH-604) Add licensed source automatically
  (GH-466) Credential cache validates against base url
  (GH-607) Pack Strips Out Choco Specific Metadata
  (GH-503) Credential request should mask password

CHANGELOG.md

@@ -30,13 +30,16 @@ For 590 - if you set a custom cache directory for downloads, it will no longer u
  * Manage package templates with a specially named package and special package folder - see [#542](https://github.com/chocolatey/choco/issues/542)
  * Use the actual download file name instead of providing one - see [#435](https://github.com/chocolatey/choco/issues/435)
  * Support for custom headers - see [#332](https://github.com/chocolatey/choco/issues/332)
-* [Security] Show moderation-related information in search results - see [#493](https://github.com/chocolatey/choco/issues/493)
+ * [Security] Show moderation-related information in search results - see [#493](https://github.com/chocolatey/choco/issues/493)
 
 ### BUG FIXES
 
  * [Security] Fix - Only load the Chocolatey PowerShell module from a known location - see [#560](https://github.com/chocolatey/choco/issues/560)
+ * [Security] Fix - Package source authentication at http://location/path doesn't also use http://location/ (base url) - see [#466](https://github.com/chocolatey/choco/issues/466)
+ * [Security] Fix - When defining a proxy without credentials - proxy password is shown in plain text - see [#503](https://github.com/chocolatey/choco/issues/503)
  * Fix - Force should set allow-downgrade to true - see [#585](https://github.com/chocolatey/choco/issues/585)
  * Fix - Do not use NuGet package cache - see [#479](https://github.com/chocolatey/choco/issues/479)
+ * Fix - Pack doesn't include chocolatey-specific metadata - see [#607](https://github.com/chocolatey/choco/issues/607)
  * Fix - TEMP environment variable is 8.3 Path on some systems - see [#532](https://github.com/chocolatey/choco/issues/532)
  * Fix - `$packageName` should be present for zip uninstalls in uninstall script template - see [#534](https://github.com/chocolatey/choco/issues/534)
  * Fix - Debug/Verbose messages not logged in automation scripts (chocolateyInstall.ps1) - see [#520](https://github.com/chocolatey/choco/issues/520)
@@ -46,6 +49,7 @@ For 590 - if you set a custom cache directory for downloads, it will no longer u
  * Fix - Chocolatey command help output written to standard error instead of standard out - see [#468](https://github.com/chocolatey/choco/issues/468)
  * Fix - Logger doesn't clear cached NullLoggers - see [#516](https://github.com/chocolatey/choco/issues/516)
  * Fix - DISM "/All" argument in the wrong position - see [#480](https://github.com/chocolatey/choco/issues/480)
+ * Fix - Pro - Installing/uninstalling extensions should rename files in use - see [#594](https://github.com/chocolatey/choco/issues/594)
  * Fix - Merging assemblies on a machine running .Net 4.5 or higher produces binaries incompatible with .Net 4 - see [#392](https://github.com/chocolatey/choco/issues/392)
  * Fix - API - Incorrect log4net version in chocolatey.lib dependencies - see [#390](https://github.com/chocolatey/choco/issues/390)
  * [POSH Host] Fix - Message after Download progress is on the same line sometimes - see [#525](https://github.com/chocolatey/choco/issues/525)
@@ -63,7 +67,8 @@ For 590 - if you set a custom cache directory for downloads, it will no longer u
  * Update nuspec to make it easier to get started - see [#535](https://github.com/chocolatey/choco/issues/535)
  * Pro - Set download cache information if available - see [#562](https://github.com/chocolatey/choco/issues/562)
  * Pro - Allow commands to be added - see [#583](https://github.com/chocolatey/choco/issues/583)
- * Pro -Load/Provide hooks for licensed version - see [#584](https://github.com/chocolatey/choco/issues/584)
+ * Pro - Load/Provide hooks for licensed version - see [#584](https://github.com/chocolatey/choco/issues/584)
+ * Pro - On valid license, add pro/business source automatically - see [#604](https://github.com/chocolatey/choco/issues/604)
  * API - Add the ability to retrieve package count for a Source - see [#431](https://github.com/chocolatey/choco/issues/431)
  * API - Chocolatey Lib still marks vital package information as internal - see [#433](https://github.com/chocolatey/choco/issues/433)
  * API - Add paging to list command - see [#427](https://github.com/chocolatey/choco/issues/427)

nuget/chocolatey/chocolatey.nuspec

@@ -86,13 +86,16 @@ For 590 - if you set a custom cache directory for downloads, it will no longer u
  * Manage package templates with a specially named package and special package folder - see [#542](https://github.com/chocolatey/choco/issues/542)
  * Use the actual download file name instead of providing one - see [#435](https://github.com/chocolatey/choco/issues/435)
  * Support for custom headers - see [#332](https://github.com/chocolatey/choco/issues/332)
-* [Security] Show moderation-related information in search results - see [#493](https://github.com/chocolatey/choco/issues/493)
+ * [Security] Show moderation-related information in search results - see [#493](https://github.com/chocolatey/choco/issues/493)
 
 ### BUG FIXES
 
  * [Security] Fix - Only load the Chocolatey PowerShell module from a known location - see [#560](https://github.com/chocolatey/choco/issues/560)
+ * [Security] Fix - Package source authentication at http://location/path doesn't also use http://location/ (base url) - see [#466](https://github.com/chocolatey/choco/issues/466)
+ * [Security] Fix - When defining a proxy without credentials - proxy password is shown in plain text - see [#503](https://github.com/chocolatey/choco/issues/503)
  * Fix - Force should set allow-downgrade to true - see [#585](https://github.com/chocolatey/choco/issues/585)
  * Fix - Do not use NuGet package cache - see [#479](https://github.com/chocolatey/choco/issues/479)
+ * Fix - Pack doesn't include chocolatey-specific metadata - see [#607](https://github.com/chocolatey/choco/issues/607)
  * Fix - TEMP environment variable is 8.3 Path on some systems - see [#532](https://github.com/chocolatey/choco/issues/532)
  * Fix - `$packageName` should be present for zip uninstalls in uninstall script template - see [#534](https://github.com/chocolatey/choco/issues/534)
  * Fix - Debug/Verbose messages not logged in automation scripts (chocolateyInstall.ps1) - see [#520](https://github.com/chocolatey/choco/issues/520)
@@ -102,6 +105,7 @@ For 590 - if you set a custom cache directory for downloads, it will no longer u
  * Fix - Chocolatey command help output written to standard error instead of standard out - see [#468](https://github.com/chocolatey/choco/issues/468)
  * Fix - Logger doesn't clear cached NullLoggers - see [#516](https://github.com/chocolatey/choco/issues/516)
  * Fix - DISM "/All" argument in the wrong position - see [#480](https://github.com/chocolatey/choco/issues/480)
+ * Fix - Installing/uninstalling extensions should rename files in use - see [#594](https://github.com/chocolatey/choco/issues/594)
  * Fix - Merging assemblies on a machine running .Net 4.5 or higher produces binaries incompatible with .Net 4 - see [#392](https://github.com/chocolatey/choco/issues/392)
  * Fix - API - Incorrect log4net version in chocolatey.lib dependencies - see [#390](https://github.com/chocolatey/choco/issues/390)
  * [POSH Host] Fix - Message after Download progress is on the same line sometimes - see [#525](https://github.com/chocolatey/choco/issues/525)
@@ -119,7 +123,8 @@ For 590 - if you set a custom cache directory for downloads, it will no longer u
  * Update nuspec to make it easier to get started - see [#535](https://github.com/chocolatey/choco/issues/535)
  * Pro - Set download cache information if available - see [#562](https://github.com/chocolatey/choco/issues/562)
  * Pro - Allow commands to be added - see [#583](https://github.com/chocolatey/choco/issues/583)
- * Pro -Load/Provide hooks for licensed version - see [#584](https://github.com/chocolatey/choco/issues/584)
+ * Pro - Load/Provide hooks for licensed version - see [#584](https://github.com/chocolatey/choco/issues/584)
+ * Pro - On valid license, add pro/business source automatically - see [#604](https://github.com/chocolatey/choco/issues/604)
  * API - Add the ability to retrieve package count for a Source - see [#431](https://github.com/chocolatey/choco/issues/431)
  * API - Chocolatey Lib still marks vital package information as internal - see [#433](https://github.com/chocolatey/choco/issues/433)
  * API - Add paging to list command - see [#427](https://github.com/chocolatey/choco/issues/427)

src/chocolatey.console/Program.cs

@@ -24,6 +24,7 @@ namespace chocolatey.console
     using infrastructure.app.builders;
     using infrastructure.app.configuration;
     using infrastructure.app.runners;
+    using infrastructure.app.services;
     using infrastructure.commandline;
     using infrastructure.configuration;
     using infrastructure.extractors;
@@ -33,14 +34,15 @@ namespace chocolatey.console
     using infrastructure.logging;
     using infrastructure.registration;
     using resources;
+    using SimpleInjector;
     using Console = System.Console;
     using Environment = System.Environment;
 
     public sealed class Program
     {
-// ReSharper disable InconsistentNaming
+        // ReSharper disable InconsistentNaming
         private static void Main(string[] args)
-// ReSharper restore InconsistentNaming
+        // ReSharper restore InconsistentNaming
         {
             try
             {
@@ -77,19 +79,21 @@ that chocolatey.licensed.dll exists at
                     }
                 }
                 var container = SimpleInjectorContainer.Container;
-
+
+                add_or_remove_licensed_source(license, container);
+
                 var config = container.GetInstance<ChocolateyConfiguration>();
                 var fileSystem = container.GetInstance<IFileSystem>();
 
                 var warnings = new List<string>();
 
-               ConfigurationBuilder.set_up_configuration(
-                    args,
-                    config,
-                    container,
-                    license,
-                    warning => { warnings.Add(warning); }
-                    );
+                ConfigurationBuilder.set_up_configuration(
+                     args,
+                     config,
+                     container,
+                     license,
+                     warning => { warnings.Add(warning); }
+                     );
                 Config.initialize_with(config);
 
                 report_version_and_exit_if_requested(args, config);
@@ -112,12 +116,12 @@ that chocolatey.licensed.dll exists at
                     }
 #endif
                 }
-                
+
                 if (warnings.Count != 0 && config.RegularOutput)
                 {
                     foreach (var warning in warnings.or_empty_list_if_null())
                     {
-                        "chocolatey".Log().Warn(ChocolateyLoggers.Important, warning);    
+                        "chocolatey".Log().Warn(ChocolateyLoggers.Important, warning);
                     }
                 }
 
@@ -142,7 +146,7 @@ that chocolatey.licensed.dll exists at
                         "redirects",
                         "tools"
                     };
-                AssemblyFileExtractor.extract_all_resources_to_relative_directory(fileSystem, Assembly.GetAssembly(typeof (ChocolateyResourcesAssembly)), ApplicationParameters.InstallLocation, folders, ApplicationParameters.ChocolateyFileResources);
+                AssemblyFileExtractor.extract_all_resources_to_relative_directory(fileSystem, Assembly.GetAssembly(typeof(ChocolateyResourcesAssembly)), ApplicationParameters.InstallLocation, folders, ApplicationParameters.ChocolateyFileResources);
 
                 var application = new ConsoleApplication();
                 application.run(args, config, container);
@@ -218,6 +222,36 @@ private static void remove_old_chocolatey_exe(IFileSystem fileSystem)
             }
         }
 
+        private static void add_or_remove_licensed_source(ChocolateyLicense license, Container container)
+        {
+            var addOrUpdate = license.IsValid;
+            var config = new ChocolateyConfiguration {
+                    RegularOutput = false,
+                };
+
+            var sourceService = container.GetInstance<IChocolateyConfigSettingsService>();
+            var sources = sourceService.source_list(config);
+
+            config.SourceCommand.Name = ApplicationParameters.ChocolateyLicensedFeedSourceName;
+            config.Sources = ApplicationParameters.ChocolateyLicensedFeedSource;
+            config.SourceCommand.Username = "customer";
+            config.SourceCommand.Password = license.Id;
+            config.SourceCommand.Priority = 10;
+
+            if (addOrUpdate && !sources.Any(s => 
+                    s.Id.is_equal_to(ApplicationParameters.ChocolateyLicensedFeedSourceName)
+                    && s.Authenticated)
+                )
+            {
+                sourceService.source_add(config);
+            }
+
+            if (!addOrUpdate)
+            {
+                sourceService.source_remove(config);
+            }
+        }
+
         private static void pause_execution_if_debug()
         {
 #if DEBUG

src/chocolatey/infrastructure.app/ApplicationParameters.cs

@@ -58,6 +58,8 @@ public static class ApplicationParameters
         public static readonly string TemplatesLocation = _fileSystem.combine_paths(InstallLocation, "templates");
         public static readonly string ChocolateyCommunityFeedPushSource = "https://chocolatey.org/";
         public static readonly string ChocolateyCommunityFeedSource = "https://chocolatey.org/api/v2/";
+        public static readonly string ChocolateyLicensedFeedSource = "https://licensedpackages.chocolatey.org/api/v2/";
+        public static readonly string ChocolateyLicensedFeedSourceName = "chocolatey.licensed";
         public static readonly string UserAgent = "Chocolatey Command Line";
         public static readonly string RegistryValueInstallLocation = "InstallLocation";
         public static readonly string AllPackages = "all";

src/chocolatey/infrastructure.app/nuget/ChocolateyNugetCredentialProvider.cs

@@ -18,6 +18,7 @@ namespace chocolatey.infrastructure.app.nuget
     using System;
     using System.Linq;
     using System.Net;
+    using commandline;
     using NuGet;
     using configuration;
     using logging;
@@ -56,10 +57,27 @@ public ICredentials GetCredentials(Uri uri, IWebProxy proxy, CredentialType cred
 
             var source = _config.MachineSources.FirstOrDefault(s =>
                 {
-                    var sourceUri = s.Key.TrimEnd('/');
-                    return sourceUri.is_equal_to(uri.OriginalString.TrimEnd('/')) 
-                        && !string.IsNullOrWhiteSpace(s.Username)
-                        && !string.IsNullOrWhiteSpace(s.EncryptedPassword);
+                    var sourceUrl = s.Key.TrimEnd('/');
+
+                    var equalAtFullUri = sourceUrl.is_equal_to(uri.OriginalString.TrimEnd('/'))
+                       && !string.IsNullOrWhiteSpace(s.Username)
+                       && !string.IsNullOrWhiteSpace(s.EncryptedPassword);
+
+                    if (equalAtFullUri) return true;
+
+                    try
+                    {
+                        var sourceUri = new Uri(sourceUrl);
+                        return sourceUri.Host.is_equal_to(uri.Host.TrimEnd('/'))
+                            && !string.IsNullOrWhiteSpace(s.Username)
+                            && !string.IsNullOrWhiteSpace(s.EncryptedPassword);
+                    }
+                    catch (Exception)
+                    {
+                        this.Log().Error("Source '{0}' is not a valid Uri".format_with(sourceUrl));
+                    }
+
+                    return false;
                 });
 
             if (source == null)
@@ -87,7 +105,7 @@ public ICredentials get_credentials_from_user(Uri uri, IWebProxy proxy, Credenti
             Console.Write("User name: ");
             string username = Console.ReadLine();
             Console.Write("Password: ");
-            var password = Console.ReadLine();
+            var password = InteractivePrompt.get_password(_config.PromptForConfirmation);
 
             //todo: set this up as secure
             //using (var securePassword = new SecureString())

src/chocolatey/infrastructure/commandline/InteractivePrompt.cs

@@ -27,6 +27,7 @@ namespace chocolatey.infrastructure.commandline
     public class InteractivePrompt
     {
         private static Lazy<IConsole> _console = new Lazy<IConsole>(() => new Console());
+        private const int TIMEOUT_IN_SECONDS = 30;
 
         [EditorBrowsable(EditorBrowsableState.Never)]
         public static void initialize_with(Lazy<IConsole> console)
@@ -106,5 +107,41 @@ public static string prompt_for_confirmation(string prompt, IEnumerable<string>
 
             return choiceDictionary[selected];
         }
+
+        public static string get_password(bool interactive)
+        {
+            var password = string.Empty;
+            var possibleNonInteractive = !interactive;
+            ConsoleKeyInfo info = possibleNonInteractive ? Console.ReadKey(TIMEOUT_IN_SECONDS * 1000) : Console.ReadKey(true);
+            while (info.Key != ConsoleKey.Enter)
+            {
+                if (info.Key != ConsoleKey.Backspace)
+                {
+                    Console.Write("*");
+                    password += info.KeyChar;
+                    info = possibleNonInteractive ? Console.ReadKey(TIMEOUT_IN_SECONDS * 1000) : Console.ReadKey(true);
+                }
+                else if (info.Key == ConsoleKey.Backspace)
+                {
+                    if (!string.IsNullOrEmpty(password))
+                    {
+                        password = password.Substring(0, password.Length - 1);
+                        // get the location of the cursor
+                        int pos = System.Console.CursorLeft;
+                        // move the cursor to the left by one character
+                        System.Console.SetCursorPosition(pos - 1, System.Console.CursorTop);
+                        // replace it with space
+                        Console.Write(" ");
+                        // move the cursor to the left by one character again
+                        System.Console.SetCursorPosition(pos - 1, System.Console.CursorTop);
+                    }
+                    info = possibleNonInteractive ? Console.ReadKey(TIMEOUT_IN_SECONDS * 1000) : Console.ReadKey(true);
+                }
+            }
+            for (int i = 0; i < password.Length; i++) Console.Write("*");
+            System.Console.WriteLine("");
+
+            return password;
+        }
     }
 }

src/chocolatey/infrastructure/licensing/ChocolateyLicense.cs

@@ -19,6 +19,7 @@ namespace chocolatey.infrastructure.licensing
 
     public sealed class ChocolateyLicense
     {
+        public string Id { get; set; }
         public string Name { get; set; }
         public ChocolateyLicenseType LicenseType { get; set; }
         public bool IsValid { get; set; }

src/chocolatey/infrastructure/licensing/LicenseValidation.cs

@@ -66,7 +66,8 @@ public static ChocolateyLicense validate()
 
                 chocolateyLicense.ExpirationDate = license.ExpirationDate;
                 chocolateyLicense.Name = license.Name;
-
+                chocolateyLicense.Id = license.UserId.to_string();
+
                 //todo: if it is expired, provide a warning. 
                 // one month after it should stop working
             }