From 4e68b2c386281f4867745bc1e7387b27eb50581b Mon Sep 17 00:00:00 2001 From: toller892 Date: Tue, 2 Jun 2026 17:02:25 +0800 Subject: [PATCH] fix: skip credentials for public releases.jfrog.io downloads MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit download_to(), head_request(), and storage_request() unconditionally used JF_ACCESS_TOKEN / JF_USER credentials when set, even when downloading from the public releases.jfrog.io server. This caused 401 errors for users who have their own Artifactory credentials (JF_URL + JF_USER) configured but are not using JF_RELEASES_REPO. Guard all three functions with a REMOTE_PATH check — credentials are only sent when JF_RELEASES_REPO is configured, which means the URL points to the user's own Artifactory instance. Fixes #1339 --- buildscripts/getFrogbot.sh | 17 +++++++++++------ 1 file changed, 11 insertions(+), 6 deletions(-) diff --git a/buildscripts/getFrogbot.sh b/buildscripts/getFrogbot.sh index cdca654de..f210b6024 100755 --- a/buildscripts/getFrogbot.sh +++ b/buildscripts/getFrogbot.sh @@ -106,9 +106,12 @@ echoGreetings() { download_to() { dl_url="$1" dl_out="$2" - if [ -n "${JF_ACCESS_TOKEN:-}" ]; then + # Only use credentials when downloading from the user's own Artifactory + # (REMOTE_PATH is set when JF_RELEASES_REPO is configured). + # Public releases.jfrog.io downloads must not send user credentials. + if [ -n "${REMOTE_PATH:-}" ] && [ -n "${JF_ACCESS_TOKEN:-}" ]; then curl -fLg -H "Authorization:Bearer ${JF_ACCESS_TOKEN}" -X GET "${dl_url}" -o "${dl_out}" - elif [ -n "${JF_USER:-}" ]; then + elif [ -n "${REMOTE_PATH:-}" ] && [ -n "${JF_USER:-}" ]; then curl -fLg -u "${JF_USER}:${JF_PASSWORD:-}" -X GET "${dl_url}" -o "${dl_out}" else curl -fLg -X GET "${dl_url}" -o "${dl_out}" @@ -117,9 +120,10 @@ download_to() { head_request() { dl_url="$1" - if [ -n "${JF_ACCESS_TOKEN:-}" ]; then + # Only use credentials when targeting the user's own Artifactory. + if [ -n "${REMOTE_PATH:-}" ] && [ -n "${JF_ACCESS_TOKEN:-}" ]; then curl -sfILg -H "Authorization:Bearer ${JF_ACCESS_TOKEN}" "${dl_url}" - elif [ -n "${JF_USER:-}" ]; then + elif [ -n "${REMOTE_PATH:-}" ] && [ -n "${JF_USER:-}" ]; then curl -sfILg -u "${JF_USER}:${JF_PASSWORD:-}" "${dl_url}" else curl -sfILg "${dl_url}" @@ -142,9 +146,10 @@ artifact_url_to_storage_url() { storage_request() { local storage_url="$1" - if [ -n "${JF_ACCESS_TOKEN:-}" ]; then + # Only use credentials when targeting the user's own Artifactory. + if [ -n "${REMOTE_PATH:-}" ] && [ -n "${JF_ACCESS_TOKEN:-}" ]; then curl -sfLg -H "Authorization:Bearer ${JF_ACCESS_TOKEN}" "${storage_url}" - elif [ -n "${JF_USER:-}" ]; then + elif [ -n "${REMOTE_PATH:-}" ] && [ -n "${JF_USER:-}" ]; then curl -sfLg -u "${JF_USER}:${JF_PASSWORD:-}" "${storage_url}" else curl -sfLg "${storage_url}"