Proxy for private repository with basic auth about nexus-repository-composer HOT 13 CLOSED

I have the same issue.

from nexus-repository-composer.

Hi,

I got the exact same error. I double-checked my Magento credentials (using curl), but still, repo.magento.com sends HTTP 401 error.

Here is a verbose trace about the problem: nexus.log

from nexus-repository-composer.

Additional info. It seems that this plugin does not use the username/password to send to the remote composer repo. Below is request/response from my log. There is no Authentication header:

2020-12-11 09:04:50,843+0000 DEBUG [qtp1778681424-212]  *UNKNOWN org.apache.http.headers - http-outgoing-4 >> GET /packages.json HTTP/1.1
2020-12-11 09:04:50,844+0000 DEBUG [qtp1778681424-212]  *UNKNOWN org.apache.http.headers - http-outgoing-4 >> Host: repo.magento.com
2020-12-11 09:04:50,844+0000 DEBUG [qtp1778681424-212]  *UNKNOWN org.apache.http.headers - http-outgoing-4 >> Connection: Keep-Alive
2020-12-11 09:04:50,844+0000 DEBUG [qtp1778681424-212]  *UNKNOWN org.apache.http.headers - http-outgoing-4 >> User-Agent: Nexus/3.29.0-02 (OSS; Linux; 4.9.53-5.ph2-esx; amd64; 1.8.0_272) Composer/1.9.9 (Unknown; Unknown; 7.4.0; 1.1)
2020-12-11 09:04:50,845+0000 DEBUG [qtp1778681424-212]  *UNKNOWN org.apache.http.headers - http-outgoing-4 >> Accept-Encoding: gzip,deflate
2020-12-11 09:04:51,106+0000 DEBUG [qtp1778681424-212]  *UNKNOWN org.apache.http.headers - http-outgoing-4 << HTTP/1.1 401 Unauthorized
2020-12-11 09:04:51,107+0000 DEBUG [qtp1778681424-212]  *UNKNOWN org.apache.http.headers - http-outgoing-4 << Date: Fri, 11 Dec 2020 09:07:22 GMT
2020-12-11 09:04:51,107+0000 DEBUG [qtp1778681424-212]  *UNKNOWN org.apache.http.headers - http-outgoing-4 << Content-Type: application/json
2020-12-11 09:04:51,107+0000 DEBUG [qtp1778681424-212]  *UNKNOWN org.apache.http.headers - http-outgoing-4 << Transfer-Encoding: chunked
2020-12-11 09:04:51,108+0000 DEBUG [qtp1778681424-212]  *UNKNOWN org.apache.http.headers - http-outgoing-4 << Connection: keep-alive
2020-12-11 09:04:51,108+0000 DEBUG [qtp1778681424-212]  *UNKNOWN org.apache.http.headers - http-outgoing-4 << Server: nginx
2020-12-11 09:04:51,108+0000 DEBUG [qtp1778681424-212]  *UNKNOWN org.apache.http.headers - http-outgoing-4 << Cache-Control: no-cache, private
2020-12-11 09:04:51,108+0000 DEBUG [qtp1778681424-212]  *UNKNOWN org.apache.http.headers - http-outgoing-4 << X-Frame-Options: DENY
2020-12-11 09:04:51,109+0000 DEBUG [qtp1778681424-212]  *UNKNOWN org.apache.http.headers - http-outgoing-4 << Strict-Transport-Security: max-age=15984000

from nexus-repository-composer.

I have the same issue . is there any workaround to solve this problem ?

from nexus-repository-composer.

I have the same issue but with APT proxy repository.

Can we please someone from Sonatype tell us if this is going to be fixed in near time?

from nexus-repository-composer.

Can we please someone from Sonatype tell us if this is going to be fixed in near time?

The code for composer and apt isn't related.

from nexus-repository-composer.

I am also experiencing an issue that sounds the same as this one. The repository I am unable to add as a proxy is https://composer.freemius.com/ The proxy repo is not working because of authentication.

from nexus-repository-composer.

I have a composer repo that does authenticate so I compared the debug logs between them. It seems the one that does work is unauthenticated at first, responds back with this header 'WWW-Authenticate: Basic realm="SatisPress"' and because of that nexus composer then authenticates. I see in the logs
2021-12-29 19:33:59,169+0000 DEBUG [qtp968825879-1005] davidsch org.apache.http.impl.client.TargetAuthenticationStrategy - Authentication schemes in the order of preference: [Digest, Basic]

Looking at the same similar log lines when it attempts to connect to the repo that is not authenticating I see no 'WWW-Authenticate' response so instead of it logging in, in replace of the log line above I see:
2021-12-29 18:30:11,909+0000 DEBUG [qtp968825879-885] davidsch org.apache.http.impl.auth.HttpAuthenticator - Response contains no authentication challenges

from nexus-repository-composer.

So I guess the issue is that the http client is "too" much conforming to HTTP standards while Composer isn't?
If I understand correctly Composer repos don't provide the authentification methods in the response which is why Nexus doesn't try to authenticate? This could probably be "solved" / worked around by having a small proxy in between requests that adds the headers?

from nexus-repository-composer.

There are many composer repos on there and it seems some do not respond back with the WWW-Authenticate header the Java library nexus (and this plugin) needs to decide what authentication information to use on a subsequent request. We dug into the code but with other issues experienced with Nexus' composer plugin we have decided to no longer use it. We are moving to use Satis which can (essentially) "proxy" to all the repos we need.

Other repositories on the market do have composer built in. Hopefully at some point sonatype builds composer repos directly into nexus since this separate unsupported plugin has a number of holes / bugs in it.

Thanks

from nexus-repository-composer.

I dug a little bit into this:

• Supporting authentification for those repos is actually super easy, and already supported by both Nexus and the HTTP Client settings. It's the "preemptive" authentification which needs to be available, the UI type nx-coreui-repository-httpclient-facet-with-preemptive-auth needs to be used to display the setting in the repository setting and enabling it just works. I'll open a PR to display that.
• The reason why repo.magento.com and possibly other repos don't work actually isn't mainly because of missing authentification: It's because the repos don't provide a package list, which this plugin currently (hardcoded(!)) expects to be at /packages/list.json. And that's issue #85.

from nexus-repository-composer.

Fixed in: 68b2946

from nexus-repository-composer.

I dug a little bit into this:

• Supporting authentification for those repos is actually super easy, and already supported by both Nexus and the HTTP Client settings. It's the "preemptive" authentification which needs to be available, the UI type nx-coreui-repository-httpclient-facet-with-preemptive-auth needs to be used to display the setting in the repository setting and enabling it just works. I'll open a PR to display that.
• The reason why repo.magento.com and possibly other repos don't work actually isn't mainly because of missing authentification: It's because the repos don't provide a package list, which this plugin currently (hardcoded(!)) expects to be at /packages/list.json. And that's issue Relying on optional list key in packages.json makes it incompatible with certain repositories #85.

Any news with repo.magento.com? I can't proxy to this repo and I need it.
Thanks.

from nexus-repository-composer.