Uploaded image for project: 'Dev - Nexus Repo'
  1. Dev - Nexus Repo
  2. NEXUS-21836

NPM proxy repo does not honor remote url configuration change

    XMLWordPrintable

    Details

    • Notability:
      3

      Description

      1. Create an npm proxy pointing to remote url https://registry.npmjs.org/
      2. Retrieve lodash. Verify it was downloaded to the proxy. Then delete the asset from the proxy.
      3. Change the proxy configuration to an invalid remote URL

      2019-11-21 16:49:54,448-0800 INFO [qtp1908233178-3484] admin org.sonatype.nexus.repository.manager.internal.RepositoryManagerImpl - Updating repository: npm-proxy -> Configuration{repositoryName='npm-proxy', recipeName='npm-proxy', attributes={proxy=

      {remoteUrl=https://invalidservername.org/, contentMaxAge=1440.0, metadataMaxAge=1440.0}

      , httpclient={blocked=false, autoBlock=true, connection={useTrustStore=false}}, storage=

      {blobStoreName=default, strictContentTypeValidation=true}

      , negativeCache=

      {enabled=true, timeToLive=1440.0}

      }}

      4. Clear local npm cache and retrieve lodash again. The nexus.log shows a connection established to registry.npmjs.org

      2019-11-21 16:50:18,230-0800 DEBUG [qtp1908233178-3500] *UNKNOWN org.apache.http.impl.execchain.MainClientExec - Opening connection

      {s}

      ->https://registry.npmjs.org:443
      2019-11-21 16:50:18,232-0800 DEBUG [qtp1908233178-3500] *UNKNOWN org.apache.http.impl.conn.DefaultHttpClientConnectionOperator - Connecting to registry.npmjs.org/104.16.26.35:443
      2019-11-21 16:50:18,232-0800 DEBUG [qtp1908233178-3500] *UNKNOWN org.apache.http.conn.ssl.SSLConnectionSocketFactory - Connecting socket to registry.npmjs.org/104.16.26.35:443 with timeout 20000

      2019-11-21 16:50:18,261-0800 DEBUG [qtp1908233178-3500] *UNKNOWN org.apache.http.impl.execchain.MainClientExec - Executing request GET /lodash/-/lodash-4.17.15.tgz HTTP/1.1
      2019-11-21 16:50:18,261-0800 DEBUG [qtp1908233178-3500] *UNKNOWN org.apache.http.impl.execchain.MainClientExec - Target auth state: UNCHALLENGED
      2019-11-21 16:50:18,262-0800 DEBUG [qtp1908233178-3500] *UNKNOWN org.apache.http.impl.execchain.MainClientExec - Proxy auth state: UNCHALLENGED
      2019-11-21 16:50:18,262-0800 DEBUG [qtp1908233178-3500] *UNKNOWN org.apache.http.headers - http-outgoing-106 >> GET /lodash/-/lodash-4.17.15.tgz HTTP/1.1
      2019-11-21 16:50:18,262-0800 DEBUG [qtp1908233178-3500] *UNKNOWN org.apache.http.headers - http-outgoing-106 >> Host: registry.npmjs.org
      2019-11-21 16:50:18,263-0800 DEBUG [qtp1908233178-3500] *UNKNOWN org.apache.http.headers - http-outgoing-106 >> Connection: Keep-Alive
      2019-11-21 16:50:18,263-0800 DEBUG [qtp1908233178-3500] *UNKNOWN org.apache.http.headers - http-outgoing-106 >> User-Agent: Nexus/3.19.0-01 (PRO; Mac OS X; 10.13.6; x86_64; 1.8.0_192)

      5. Browse the npm proxy and verify that lodash was retrieved again.

      Expected:
      retrieving lodash would fail when the proxy configuration changed to an invalid remote url

      Actual:
      proxy used the old remote url

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              dsawa Dawid Sawa
              Reporter:
              cseney Cassandra Seney
              CC:
              Andrew Clark
              Last Updated By:
              Michael Prescott Michael Prescott
              Team:
              NXRM - Groot
              Votes:
              1 Vote for this issue
              Watchers:
              8 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:
                Date of First Response:

                  tigCommentSecurity.panel-title