Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

cabal-install: update curl transport to support Basic authentication #10089

Merged
merged 4 commits into from
Aug 22, 2024
Merged

cabal-install: update curl transport to support Basic authentication #10089

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
813b100
cabal-install: extract url scheme checks
frasertweedale Jun 9, 2024
95c3a5d
cabal-install: refactor and document transport checks
frasertweedale Jun 9, 2024
6364221
cabal-install: allow Basic authentication in curl transport
frasertweedale Jun 9, 2024
05e7933
Merge branch 'master' into fix/curl-transport-support-basic
mergify[bot] Aug 22, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
45 changes: 33 additions & 12 deletions cabal-install/src/Distribution/Client/HttpUtils.hs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -192,7 +192,7 @@ downloadURI transport verbosity uri path = do
-- Only use the external http transports if we actually have to
-- (or have been told to do so)
let transport'
| uriScheme uri == "http:"
| isHttpURI uri
, not (transportManuallySelected transport) =
plainHttpTransport
| otherwise =
Expand Down Expand Up @@ -251,20 +251,35 @@ downloadURI transport verbosity uri path = do
-- Utilities for repo url management
--

-- | If the remote repo is accessed over HTTPS, ensure that the transport
-- supports HTTPS.
remoteRepoCheckHttps :: Verbosity -> HttpTransport -> RemoteRepo -> IO ()
remoteRepoCheckHttps verbosity transport repo
| uriScheme (remoteRepoURI repo) == "https:"
, not (transportSupportsHttps transport) =
dieWithException verbosity $ RemoteRepoCheckHttps (unRepoName (remoteRepoName repo)) requiresHttpsErrorMessage
| otherwise = return ()
remoteRepoCheckHttps verbosity transport repo =
transportCheckHttpsWithError verbosity transport (remoteRepoURI repo) $
RemoteRepoCheckHttps (unRepoName (remoteRepoName repo)) requiresHttpsErrorMessage

-- | If the URI scheme is HTTPS, ensure the transport supports HTTPS.
transportCheckHttps :: Verbosity -> HttpTransport -> URI -> IO ()
transportCheckHttps verbosity transport uri
| uriScheme uri == "https:"
transportCheckHttps verbosity transport uri =
transportCheckHttpsWithError verbosity transport uri $
TransportCheckHttps uri requiresHttpsErrorMessage

-- | If the URI scheme is HTTPS, ensure the transport supports HTTPS.
-- If not, fail with the given error.
transportCheckHttpsWithError
:: Verbosity -> HttpTransport -> URI -> CabalInstallException -> IO ()
transportCheckHttpsWithError verbosity transport uri err
| isHttpsURI uri
, not (transportSupportsHttps transport) =
ffaf1 marked this conversation as resolved.
Show resolved Hide resolved
dieWithException verbosity $ TransportCheckHttps uri requiresHttpsErrorMessage
dieWithException verbosity err
| otherwise = return ()

isHttpsURI :: URI -> Bool
isHttpsURI uri = uriScheme uri == "https:"

isHttpURI :: URI -> Bool
isHttpURI uri = uriScheme uri == "http:"

requiresHttpsErrorMessage :: String
requiresHttpsErrorMessage =
"requires HTTPS however the built-in HTTP implementation "
Expand All @@ -280,12 +295,12 @@ requiresHttpsErrorMessage =
remoteRepoTryUpgradeToHttps :: Verbosity -> HttpTransport -> RemoteRepo -> IO RemoteRepo
remoteRepoTryUpgradeToHttps verbosity transport repo
| remoteRepoShouldTryHttps repo
, uriScheme (remoteRepoURI repo) == "http:"
, isHttpURI (remoteRepoURI repo)
, not (transportSupportsHttps transport)
, not (transportManuallySelected transport) =
dieWithException verbosity $ TryUpgradeToHttps [name | (name, _, True, _) <- supportedTransports]
| remoteRepoShouldTryHttps repo
, uriScheme (remoteRepoURI repo) == "http:"
, isHttpURI (remoteRepoURI repo)
, transportSupportsHttps transport =
return
repo
Expand Down Expand Up @@ -505,12 +520,18 @@ curlTransport prog =
(Just (Left (uname, passwd)), _) -> Just $ Left (uname ++ ":" ++ passwd)
(Nothing, Just a) -> Just $ Left a
(Nothing, Nothing) -> Nothing
let authnSchemeArg
-- When using TLS, we can accept Basic authentication. Let curl
-- decide based on the scheme(s) offered by the server.
| isHttpsURI uri = "--anyauth"
-- When not using TLS, force Digest scheme
| otherwise = "--digest"
case mbAuthStringToken of
Just (Left up) ->
progInvocation
{ progInvokeInput =
Just . IODataText . unlines $
[ "--digest"
[ authnSchemeArg
, "--user " ++ up
]
, progInvokeArgs = ["--config", "-"] ++ progInvokeArgs progInvocation
Expand Down
12 changes: 12 additions & 0 deletions changelog.d/pr-10089
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
synopsis: `curl` transport now supports Basic authentication
packages: cabal-install
prs: #10089

description: {

- The `curl` HTTP transport previously only supported the HTTP Digest
authentication scheme. Basic authentication is now supported
when using HTTPS; Curl will use the scheme offered by the server.
The `wget` transport already supports HTTPS.

}
Loading