Attachment 11323 Details for Bug 58371 – Patch which should solve it (by Iván/Carlos)

[patch] Patch which should solve it (by Iván/Carlos)

58371_jfrog_auth.patch (text/plain), 2.48 KB, created by Oliver Friedrich on 2025-07-04 10:00:00 CEST

(hide)

Description:

Filename:

MIME Type:

Creator: Oliver Friedrich

Created: 2025-07-04 10:00:00 CEST

Size: 2.48 KB

patch

obsolete

>diff --git a/base/univention-updater/modules/univention/updater/tools.py b/base/univention-updater/modules/univention/updater/tools.py
>index 99d23fec06..d88644b6c4 100644
>--- a/base/univention-updater/modules/univention/updater/tools.py
>+++ b/base/univention-updater/modules/univention/updater/tools.py
>@@ -560,6 +560,25 @@ class UCSHttpServer(_UCSServer):
>             UCSHttpServer.password_manager.add_password(realm=None, uri=uri, user=self.baseurl.username, passwd=self.baseurl.password)
>         req = urllib.request.Request(uri)  # noqa: S310
> 
>+        # Add preemptive authentication for JFrog Artifactory compatibility
>+        has_credentials = False
>+        # Try to get credentials from password manager first
>+        username_pm, password_pm = UCSHttpServer.password_manager.find_user_password(None, uri)
>+        
>+        credentials_to_use = None
>+        if username_pm and password_pm:
>+            credentials_to_use = f"{username_pm}:{password_pm}"
>+            self.log.debug('Using credentials from password manager for %s', uri)
>+        elif self.baseurl.username and self.baseurl.password:
>+            credentials_to_use = f"{self.baseurl.username}:{self.baseurl.password}"
>+            self.log.debug('Using credentials from baseurl for %s', uri)
>+
>+        if credentials_to_use:
>+            has_credentials = True
>+            # Use ISO8859-1 encoding as per HTTP Basic Auth standard
>+            encoded_creds = base64.b64encode(credentials_to_use.encode('ISO8859-1')).decode('ASCII')
>+            req.add_header("Authorization", f"Basic {encoded_creds}")
>+
>         def get_host() -> str:
>             return req.host
> 
>@@ -618,6 +637,12 @@ class UCSHttpServer(_UCSServer):
>             self.log.debug("Failed %s %s: %s", req.get_method(), req.get_full_url(), res, exc_info=True)
>             if res.code == httplib.UNAUTHORIZED:  # 401
>                 raise ConfigurationError(uri, 'credentials not accepted')
>+            if res.code == httplib.FORBIDDEN:  # 403
>+                # JFrog Artifactory may return 403 instead of 401 for authentication failures
>+                if has_credentials:
>+                    raise ConfigurationError(uri, 'authentication failed (forbidden)')
>+                else:
>+                    raise ConfigurationError(uri, 'access forbidden')
>             if res.code == httplib.PROXY_AUTHENTICATION_REQUIRED:  # 407
>                 raise ProxyError(uri, 'credentials not accepted')
>             if res.code in (httplib.BAD_GATEWAY, httplib.GATEWAY_TIMEOUT):  # 502 504

Actions: View | Diff

Attachments on bug 58371: 11313 | 11323