azrepos: support GCM_ALLOW_UNSAFE_REMOTES option

mjcheetham · mjcheetham · commit 7a613f3c2b80 · 2024-10-07T12:49:16.000+01:00
diff --git a/src/shared/Microsoft.AzureRepos/AzureReposHostProvider.cs b/src/shared/Microsoft.AzureRepos/AzureReposHostProvider.cs
@@ -59,7 +59,7 @@ public bool IsSupported(InputArguments input)
                 return false;
             }
 
-            // We do not support unencrypted HTTP communications to Azure Repos,
+            // We do not recommend unencrypted HTTP communications to Azure Repos,
             // but we report `true` here for HTTP so that we can show a helpful
             // error message for the user in `CreateCredentialAsync`.
             return input.TryGetHostAndPort(out string hostName, out _)
@@ -208,16 +208,22 @@ protected override void ReleaseManagedResources()
             base.ReleaseManagedResources();
         }
 
-        private async Task<ICredential> GeneratePersonalAccessTokenAsync(InputArguments input)
+        private void ThrowIfUnsafeRemote(InputArguments input)
         {
-            ThrowIfDisposed();
-
-            // We should not allow unencrypted communication and should inform the user
-            if (StringComparer.OrdinalIgnoreCase.Equals(input.Protocol, "http"))
+            if (!_context.Settings.AllowUnsafeRemotes &&
+                StringComparer.OrdinalIgnoreCase.Equals(input.Protocol, "http"))
             {
                 throw new Trace2Exception(_context.Trace2,
-                    "Unencrypted HTTP is not supported for Azure Repos. Ensure the repository remote URL is using HTTPS.");
+                    "Unencrypted HTTP is not recommended for Azure Repos. " +
+                    "Ensure the repository remote URL is using HTTPS " +
+                    $"or see {Constants.HelpUrls.GcmUnsafeRemotes} about how to allow unsafe remotes.");
             }
+        }
+
+        private async Task<ICredential> GeneratePersonalAccessTokenAsync(InputArguments input)
+        {
+            ThrowIfDisposed();
+            ThrowIfUnsafeRemote(input);
 
             Uri remoteUserUri = input.GetRemoteUri(includeUser: true);
             Uri orgUri = UriHelpers.CreateOrganizationUri(remoteUserUri, out _);
@@ -257,16 +263,11 @@ private async Task<ICredential> GeneratePersonalAccessTokenAsync(InputArguments
 
         private async Task<IMicrosoftAuthenticationResult> GetAzureAccessTokenAsync(InputArguments input)
         {
+            ThrowIfUnsafeRemote(input);
+
             Uri remoteWithUserUri = input.GetRemoteUri(includeUser: true);
             string userName = input.UserName;
 
-            // We should not allow unencrypted communication and should inform the user
-            if (StringComparer.OrdinalIgnoreCase.Equals(remoteWithUserUri.Scheme, "http"))
-            {
-                throw new Trace2Exception(_context.Trace2,
-                    "Unencrypted HTTP is not supported for Azure Repos. Ensure the repository remote URL is using HTTPS.");
-            }
-
             Uri orgUri = UriHelpers.CreateOrganizationUri(remoteWithUserUri, out string orgName);
 
             _context.Trace.WriteLine($"Determining Microsoft Authentication authority for Azure DevOps organization '{orgName}'...");
