Uploaded image for project: 'Dev - Nexus Repo'
  1. Dev - Nexus Repo
  2. NEXUS-12452

bower install fails when user has only group level privileges

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 3.2.1
    • Fix Version/s: 3.8.0
    • Component/s: Bower, Security
    • Labels:
    • Story Points:
      1

      Description

      If a user has read privileges to a bower group, but not the underlying bower proxy, then the "bower install <package>" will fail for any package that is not locally cached.

      Steps to reproduce:

      1. Setup a bower group bower-group that has a bower proxy bower-proxy as a member
      2. Setup a user (boweruser) that only has view access to bower-group (i.e. nx-repository-view-bower-bower-group-*)
      3. Try to install a bower package that is not locally cached in proxy bower-proxy
      4. Configure .bowerrc to use the boweruser user:
        {
            "registry" :  "http://localhost:8081/repository/bower-group" ,
            "resolvers"  : [  "bower-nexus3-resolver" ],
            "nexus" : {
              "username" : "boweruser",
              "password" : "boweruser"
            }
        }
        

      The bower install command will fail like the following:

      % bower install mongoose
      bower mongoose#*            not-cached nexus+http://localhost:8081/repository/bower-group/mongoose#*
      bower mongoose#*               resolve nexus+http://localhost:8081/repository/bower-group/mongoose#*
      bower mongoose#*                 error http://boweruser:boweruser@localhost:8081/repository/bower-group/mongoose/versions.json (HTTP 403)
      
      Stack trace:
      Error: http://boweruser:boweruser@localhost:8081/repository/bower-group/mongoose/versions.json (HTTP 403)
          at Request._callback (/usr/local/lib/node_modules/bower-nexus3-resolver/src/index.js:214:20)
          at Request.self.callback (/usr/local/lib/node_modules/bower-nexus3-resolver/node_modules/request/request.js:198:22)
          at emitTwo (events.js:106:13)
          at Request.emit (events.js:192:7)
          at Request.<anonymous> (/usr/local/lib/node_modules/bower-nexus3-resolver/node_modules/request/request.js:1035:10)
          at emitOne (events.js:101:20)
          at Request.emit (events.js:189:7)
          at IncomingMessage.<anonymous> (/usr/local/lib/node_modules/bower-nexus3-resolver/node_modules/request/request.js:962:12)
          at emitNone (events.js:91:20)
          at IncomingMessage.emit (events.js:186:7)
      
      Console trace:
      Error
          at StandardRenderer.error (/usr/local/lib/node_modules/bower/lib/renderers/StandardRenderer.js:81:37)
          at Logger.<anonymous> (/usr/local/lib/node_modules/bower/lib/bin/bower.js:110:26)
          at emitOne (events.js:96:13)
          at Logger.emit (events.js:189:7)
          at Logger.emit (/usr/local/lib/node_modules/bower/lib/node_modules/bower-logger/lib/Logger.js:29:39)
          at /usr/local/lib/node_modules/bower/lib/commands/index.js:48:20
          at _rejected (/usr/local/lib/node_modules/bower/lib/node_modules/q/q.js:844:24)
          at /usr/local/lib/node_modules/bower/lib/node_modules/q/q.js:870:30
          at Promise.when (/usr/local/lib/node_modules/bower/lib/node_modules/q/q.js:1122:31)
          at Promise.promise.promiseDispatch (/usr/local/lib/node_modules/bower/lib/node_modules/q/q.js:788:41)
      System info:
      Bower version: 1.8.0
      Node version: 7.6.0
      OS: Darwin 16.4.0 x64
      

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              jtom Joe Tom
              Reporter:
              bradbeck Brad Beck
              Last Updated By:
              Peter Lynch
              Team:
              Nexus - Formats
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:
                Date of First Response:

                  tigCommentSecurity.panel-title