ProGet License Text

I'm looking to publish a Chocolatey package to the Chocolatey Community Repository which will install the Free version of Inedo ProGet.

In order to do this, I am also going to publish a package for Inedo Hub, and take a dependency. Our Community Repository requires either a LICENSE.TXT include the license terms for an application being package, or a licenseUrl listed in the Nuspec. I cannot find the Licenser terms for either product. Perhaps I am just blind! :)

Can someone point me to those terms please so that I can properly publish these packages? I greatly appreciate it!

@steviecoaster said in Question about Salt_Bytes:

Sweet mother Mary, I got it! It was the content type. I was using application/json and it wanted application/x-ww-form-urlencoded

This code works properly to set the password for a user:

function Set-ProGetUserPassword {
    [Cmdletbinding()]
    Param(
        [Parameter(Mandatory)]
        [String]
        $Username,

        [Parameter(Mandatory)]
        [SecureString]
        $OldPassword,

        [Parameter(Mandatory)]
        [SecureString]
        $NewPassword
    )

    begin {
        $confirm = Read-Host "Please re-enter your new password" -AsSecureString

        $identical = Compare-SecureString -SecureString1 $NewPassword -SecureString2 $confirm

        if (-not $identical) {
            Write-Error 'Passwords do not match!'
            break
        }
    }

    end {

        $unmanagedString = [System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($NewPassword)
        $plainTextPassword = [System.Runtime.InteropServices.Marshal]::PtrToStringBSTR($unmanagedString)
        [System.Runtime.InteropServices.Marshal]::ZeroFreeBSTR($unmanagedString) # Clean up
        $iterations = 10000
        $saltLength = 10
        $hashLength = 20

        $rfc2898 = [System.Security.Cryptography.Rfc2898DeriveBytes]::new($plainTextPassword, $saltLength, $iterations)
        $passwordBytes = $rfc2898.GetBytes($hashLength)
        $saltBytes = $rfc2898.Salt

        $base64Password = [System.Convert]::ToBase64String($passwordBytes)
        $base64Salt = [System.Convert]::ToBase64String($saltBytes)

        $body = @{
            User_Name = $Username
            Password_Bytes = $base64Password
            Salt_Bytes = $base64Salt
        }

        Write-Verbose $body

        $Params = @{
            Slug     = '/api/json/Users_SetPassword'
            Method   = 'POST'
            Body = $body
            ContentType = 'application/x-www-form-urlencoded'
        }

        Invoke-ProGet @Params
    }
}

Spoke to soon. This code functions and doesn't produce an error. However, the user cannot login with the credential set. More playing to do!

Sweet mother Mary, I got it! It was the content type. I was using application/json and it wanted application/x-ww-form-urlencoded

This code works properly to set the password for a user:

function Set-ProGetUserPassword {
    [Cmdletbinding()]
    Param(
        [Parameter(Mandatory)]
        [String]
        $Username,

        [Parameter(Mandatory)]
        [SecureString]
        $OldPassword,

        [Parameter(Mandatory)]
        [SecureString]
        $NewPassword
    )

    begin {
        $confirm = Read-Host "Please re-enter your new password" -AsSecureString

        $identical = Compare-SecureString -SecureString1 $NewPassword -SecureString2 $confirm

        if (-not $identical) {
            Write-Error 'Passwords do not match!'
            break
        }
    }

    end {

        $unmanagedString = [System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($NewPassword)
        $plainTextPassword = [System.Runtime.InteropServices.Marshal]::PtrToStringBSTR($unmanagedString)
        [System.Runtime.InteropServices.Marshal]::ZeroFreeBSTR($unmanagedString) # Clean up
        $iterations = 10000
        $saltLength = 10
        $hashLength = 20

        $rfc2898 = [System.Security.Cryptography.Rfc2898DeriveBytes]::new($plainTextPassword, $saltLength, $iterations)
        $passwordBytes = $rfc2898.GetBytes($hashLength)
        $saltBytes = $rfc2898.Salt

        $base64Password = [System.Convert]::ToBase64String($passwordBytes)
        $base64Salt = [System.Convert]::ToBase64String($saltBytes)

        $body = @{
            User_Name = $Username
            Password_Bytes = $base64Password
            Salt_Bytes = $base64Salt
        }

        Write-Verbose $body

        $Params = @{
            Slug     = '/api/json/Users_SetPassword'
            Method   = 'POST'
            Body = $body
            ContentType = 'application/x-www-form-urlencoded'
        }

        Invoke-ProGet @Params
    }
}

In my playing around yesterday, I did try to convert that to base64 and it still produced the same error. I'm very perplexed! For my use case I really need this functionality so I'm hopeful I can find a solution.

Here's what I'm using currently, but it's complaining about Salt_Bytes. I'm fairly certain this is a PowerShell problem, but more eyes on it never hurt.

function Set-ProGetUserPassword {
    [Cmdletbinding()]
    Param(
        [Parameter(Mandatory)]
        [String]
        $Username,

        [Parameter(Mandatory)]
        [SecureString]
        $OldPassword,

        [Parameter(Mandatory)]
        [SecureString]
        $NewPassword
    )

    begin {
        $confirm = Read-Host "Please re-enter your new password" -AsSecureString

        $identical = Compare-SecureString -SecureString1 $NewPassword -SecureString2 $confirm

        if(-not $identical){
            Write-Error 'Passwords do not match!'
            break
        }
    }

    end {

        $unmanagedString = [System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($NewPassword)
        $plainTextPassword = [System.Runtime.InteropServices.Marshal]::PtrToStringBSTR($unmanagedString)
        [System.Runtime.InteropServices.Marshal]::ZeroFreeBSTR($unmanagedString) # Clean up
        $iterations = 10000
        $saltLength = 10
        $hashLength = 20

        $rfc2898 = [System.Security.Cryptography.Rfc2898DeriveBytes]::new($plainTextPassword, $saltLength, $iterations)
        $passwordBytes = $rfc2898.GetBytes($hashLength)
        $saltBytes = $rfc2898.Salt

        $base64Password = [System.Convert]::ToBase64String($passwordBytes)

        $body = @{
            User_Name = $UserName
            Password_Bytes = $base64Password
            Salt_Bytes = $saltBytes
        }

        Write-Verbose ($body | ConvertTo-Json)

        $Params = @{
            Slug = '/api/json/Users_SetPassword'
            Method = 'POST'
            Body = $body
        }

        Invoke-ProGet @Params
    }
}

Re: Reset ProGet Admin Password via API

I've got code using the Native API which creates a user account and works wonders. But as I'm doing this programmatically I need to also generate a random password for the account, and set it. Seems pretty straightforward to do....but I'm unsure about what to do with the Salt_Bytes parameter available on the API. Any pointers would be outstanding.

Are we sure this is a ProGet problem and not a Docker problem? Assuming the asset is outside the container and you're trying to upload it into ProGet inside the container, you may be hitting a setting inside Docker.

@dean-houston thanks for that info! I think that'll do nicely. I'll have to play around with it to be sure, but from what I can tell it looks straightforward to implement. Thank you!

@dean-houston said in API ability to control Feed Access:

I believe it's possible to configure security with the Native API, but obviously not as easy. So I would explore that, it's probably close to what you wnat.

Do you have documentation/guidance on that? Whilst I'm a fan of DevTools in a browser and bending things to my will, I'd much more a fan of using documented non-hacky processes, particularly when I'm going to be potentially work in a customer environment.

This conversation may be best served taken off the forum and into more direct communications. There's a method to my madness here, and it doesn't really have any reason to be hashed out here publicly.

I'm looking to automate the setup and configuration of ProGet as much as I can. I've found the API to be really good so far, and Ive been able to automate 90% of the things that I require (I build a lot of repository instances). One thing that is super important to me is configuring Read-Only access to the feed to a particular user account, and configuring a Chocolatey client to use that credential to authenticate to the source.

There doesn't seem to be an API endpoint exposed to be able to configure local accounts programmatically. I know it's a non-trivial ask, but, could we get one?