Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

NuGet push returns 401 (Unauthorized) when using --api-key #20717

Closed
A9G-Data-Droid opened this issue Aug 8, 2022 · 7 comments · Fixed by #20721 or #21242
Closed

NuGet push returns 401 (Unauthorized) when using --api-key #20717

A9G-Data-Droid opened this issue Aug 8, 2022 · 7 comments · Fixed by #20721 or #21242
Labels
topic/packages type/feature Completely new functionality. Can only be merged if feature freeze is not active.

Comments

@A9G-Data-Droid
Copy link

Description

I created an organization with my main account. I can use my account to push nuget packages in to the repository for my organization. Then I generated an API token using the GUI, saved that to my password manager. I've been having trouble using that token.

When I run this command:

dotnet nuget push --source gitea {package_file} --api-key {gitea_token}

The response is:

error: Response status code does not indicate success: 401 (Unauthorized).

Gitea Version

Gitea Version: 1.17.0

Can you reproduce the bug on the Gitea demo site?

No

Log Gist

2022/08/04 14:59:45 ...kages/nuget/nuget.go:25:apiError() [E] [62ec4151-12] context canceled

Screenshots

No response

Git Version

git version 2.31.1

Operating System

Operating System: Red Hat Enterprise Linux 8.6 (Ootpa) CPE OS Name: cpe:/o:redhat:enterprise_linux:8::baseos Kernel: Linux 4.18.0-372.16.1.el8_6.x86_64

How are you running Gitea?

Installed from binary, running as a service.

Database

PostgreSQL

@KN4CK3R
Copy link
Member

KN4CK3R commented Aug 8, 2022

That's simple, --api-key is not supported. You can just use your token instead of the password when creating the source.

Changed into feature request.

@KN4CK3R KN4CK3R added type/feature Completely new functionality. Can only be merged if feature freeze is not active. topic/packages and removed type/bug labels Aug 8, 2022
@KN4CK3R
Copy link
Member

KN4CK3R commented Aug 8, 2022

I have added this in #20717.

@viceice
Copy link
Contributor

viceice commented Sep 22, 2022

I still get 401 when using an api-key on 1.17.2

> dotnet nuget push -s https://gitea.domain.test/api/packages/org/nuget/index.json -k some-api-key .\bin\some.package.2.1.6.nupkg --force-english-output
error: Unable to load the service index for source https://gitea.domain.test/api/packages/org/nuget/index.json.
error:   Response status code does not indicate success: 401 (Unauthorized).

@techknowlogick
Copy link
Member

@viceice this was added in 1.18.0-dev, and was not backported to 1.17.2

@viceice
Copy link
Contributor

viceice commented Sep 22, 2022

@techknowlogick what about #20734 ? Isn't that the backport to v1.17.1 ? 😕

Also mentioned in release notes:
https://github.com/go-gitea/gitea/releases/tag/v1.17.1

@KN4CK3R
Copy link
Member

KN4CK3R commented Sep 22, 2022

Looked at this again, and yes it does not work the way you use it. :-)
If you use it with --source <name> it does work (that's how I tested #20734). You use it with --source <url/index.json>. Here the client makes a request to .../index.json but WITHOUT the token. This request fails then. I will add a second PR to handle this.

@KN4CK3R KN4CK3R reopened this Sep 22, 2022
wxiaoguang added a commit that referenced this issue Sep 24, 2022
Addition to #20734, Fixes #20717

The `/index.json` endpoint needs to be accessible even if the registry
is private. The NuGet client uses this endpoint without
authentification.

The old fix only works if the NuGet cli is used with `--source <name>`
but not with `--source <url>/index.json`.

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
KN4CK3R added a commit to KN4CK3R/gitea that referenced this issue Sep 27, 2022
Addition to go-gitea#20734, Fixes go-gitea#20717

The `/index.json` endpoint needs to be accessible even if the registry
is private. The NuGet client uses this endpoint without
authentification.

The old fix only works if the NuGet cli is used with `--source <name>`
but not with `--source <url>/index.json`.

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
@KN4CK3R
Copy link
Member

KN4CK3R commented Dec 10, 2022 via email

@go-gitea go-gitea locked and limited conversation to collaborators May 3, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
topic/packages type/feature Completely new functionality. Can only be merged if feature freeze is not active.
Projects
None yet
4 participants