fix: Auth header when downloading images from tfs

luxdave · luxdave · commit 0e42413c57e0 · 2025-07-07T09:45:04.000+02:00
Updated the logic for setting the `Authorization` header in `HttpClient` to improve security and flexibility. The code now checks if the `sourcePersonalAccessToken` is not empty and if the `matchedSourceUri` contains "tfs/DefaultCollection". If both conditions are met, the token is encoded in Base64 with an empty username; otherwise, the token is set directly if it's not empty.
diff --git a/src/MigrationTools.Clients.TfsObjectModel/Tools/TfsEmbededImagesTool.cs b/src/MigrationTools.Clients.TfsObjectModel/Tools/TfsEmbededImagesTool.cs
@@ -132,7 +132,15 @@ private string UploadedAndRetrieveAttachmentLinkUrl(string matchedSourceUri, str
                 {
                     if (!string.IsNullOrEmpty(sourcePersonalAccessToken))
                     {
-                        httpClient.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Basic", sourcePersonalAccessToken);
+                        if (!string.IsNullOrEmpty(sourcePersonalAccessToken) && matchedSourceUri.Contains("tfs/DefaultCollection"))
+                        {
+                            string credentials = Convert.ToBase64String(Encoding.ASCII.GetBytes(string.Format("{0}:{1}", "", sourcePersonalAccessToken)));
+                            httpClient.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Basic", credentials);
+                        }
+                        else if (!string.IsNullOrEmpty(sourcePersonalAccessToken))
+                        {
+                            httpClient.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Basic", sourcePersonalAccessToken);
+                        }
                     }
                     var result = DownloadFile(httpClient, matchedSourceUri, fullImageFilePath);
                     if (!result.IsSuccessStatusCode)

Original file line number	Diff line number	Diff line change
`@@ -132,7 +132,15 @@ private string UploadedAndRetrieveAttachmentLinkUrl(string matchedSourceUri, str`
`132`	`132`	`{`
`133`	`133`	`if (!string.IsNullOrEmpty(sourcePersonalAccessToken))`
`134`	`134`	`{`
`135`		`- httpClient.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Basic", sourcePersonalAccessToken);`
	`135`	`+ if (!string.IsNullOrEmpty(sourcePersonalAccessToken) && matchedSourceUri.Contains("tfs/DefaultCollection"))`
	`136`	`+ {`
	`137`	`+ string credentials = Convert.ToBase64String(Encoding.ASCII.GetBytes(string.Format("{0}:{1}", "", sourcePersonalAccessToken)));`
	`138`	`+ httpClient.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Basic", credentials);`
	`139`	`+ }`
	`140`	`+ else if (!string.IsNullOrEmpty(sourcePersonalAccessToken))`
	`141`	`+ {`
	`142`	`+ httpClient.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Basic", sourcePersonalAccessToken);`
	`143`	`+ }`
`136`	`144`	`}`
`137`	`145`	`var result = DownloadFile(httpClient, matchedSourceUri, fullImageFilePath);`
`138`	`146`	`if (!result.IsSuccessStatusCode)`