[NEXUS-21836] NPM proxy repo does not honor remote url configuration change - Sonatype JIRA

XML

Word

Printable

Details

Type: Bug
Status: Closed
Priority: Critical
Resolution: Fixed
Affects Version/s: 3.15.2, 3.20.0, 3.22.0
Fix Version/s: 3.21.0
Component/s: NPM
Labels:

Notability:
3

Description

1. Create an npm proxy pointing to remote url https://registry.npmjs.org/
2. Retrieve lodash. Verify it was downloaded to the proxy. Then delete the asset from the proxy.
3. Change the proxy configuration to an invalid remote URL

2019-11-21 16:49:54,448-0800 INFO [qtp1908233178-3484] admin org.sonatype.nexus.repository.manager.internal.RepositoryManagerImpl - Updating repository: npm-proxy -> Configuration{repositoryName='npm-proxy', recipeName='npm-proxy', attributes={proxy=

{remoteUrl=https://invalidservername.org/, contentMaxAge=1440.0, metadataMaxAge=1440.0}

, httpclient={blocked=false, autoBlock=true, connection={useTrustStore=false}}, storage=

{blobStoreName=default, strictContentTypeValidation=true}

, negativeCache=

{enabled=true, timeToLive=1440.0}

}}

4. Clear local npm cache and retrieve lodash again. The nexus.log shows a connection established to registry.npmjs.org

2019-11-21 16:50:18,230-0800 DEBUG [qtp1908233178-3500] *UNKNOWN org.apache.http.impl.execchain.MainClientExec - Opening connection

{s}

->https://registry.npmjs.org:443
2019-11-21 16:50:18,232-0800 DEBUG [qtp1908233178-3500] *UNKNOWN org.apache.http.impl.conn.DefaultHttpClientConnectionOperator - Connecting to registry.npmjs.org/104.16.26.35:443
2019-11-21 16:50:18,232-0800 DEBUG [qtp1908233178-3500] *UNKNOWN org.apache.http.conn.ssl.SSLConnectionSocketFactory - Connecting socket to registry.npmjs.org/104.16.26.35:443 with timeout 20000

2019-11-21 16:50:18,261-0800 DEBUG [qtp1908233178-3500] *UNKNOWN org.apache.http.impl.execchain.MainClientExec - Executing request GET /lodash/-/lodash-4.17.15.tgz HTTP/1.1
2019-11-21 16:50:18,261-0800 DEBUG [qtp1908233178-3500] *UNKNOWN org.apache.http.impl.execchain.MainClientExec - Target auth state: UNCHALLENGED
2019-11-21 16:50:18,262-0800 DEBUG [qtp1908233178-3500] *UNKNOWN org.apache.http.impl.execchain.MainClientExec - Proxy auth state: UNCHALLENGED
2019-11-21 16:50:18,262-0800 DEBUG [qtp1908233178-3500] *UNKNOWN org.apache.http.headers - http-outgoing-106 >> GET /lodash/-/lodash-4.17.15.tgz HTTP/1.1
2019-11-21 16:50:18,262-0800 DEBUG [qtp1908233178-3500] *UNKNOWN org.apache.http.headers - http-outgoing-106 >> Host: registry.npmjs.org
2019-11-21 16:50:18,263-0800 DEBUG [qtp1908233178-3500] *UNKNOWN org.apache.http.headers - http-outgoing-106 >> Connection: Keep-Alive
2019-11-21 16:50:18,263-0800 DEBUG [qtp1908233178-3500] *UNKNOWN org.apache.http.headers - http-outgoing-106 >> User-Agent: Nexus/3.19.0-01 (PRO; Mac OS X; 10.13.6; x86_64; 1.8.0_192)

5. Browse the npm proxy and verify that lodash was retrieved again.

Expected:
retrieving lodash would fail when the proxy configuration changed to an invalid remote url

Actual:
proxy used the old remote url

Attachments

Options
- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List
- Download All

Attachments

Screen Shot 2020-04-15 at 12.48.35 pm.png
189 kB
04/15/20 03:20 AM

Issue Links

is related to

NEXUS-8063 expired caches and metadata not updated for npm proxy repos

Closed

mentioned in: Page Loading...

Activity

People

Assignee:: Dawid Sawa

Reporter:: Cassandra Seney

CC:: Andrew Clark

Last Updated By:: Wes Wannemacher

Team:: NXRM - Operations/Groot

Votes:: 1 Vote for this issue

Watchers:: 8 Start watching this issue

Dates

Created:: 11/22/19 01:08 AM

Updated:: 08/07/20 05:14 PM

Resolved:: 06/23/20 04:54 PM

Date of First Response:: 22/Nov/19 4:00 AM

Details

Description

Attachments

Attachments

Issue Links

Activity

People

Dates

tigCommentSecurity.panel-title