[BUG]: NuGetAuthenticate@1 doesnot properly escape URL in VSS_NUGET_URI_PREFIXES causing authentication errors

[theo-basty]

New issue checklist

• [X] I searched for existing GitHub issues
• [X] I read pipeline troubleshooting guide
• [X] I checked how to collect logs

Task name

NuGetAuthenticate@1

Task version

1.231.0

Issue Description

When authenticating for an Azure DevOps On Premise collection with a name containing non URL character (mainly spaces in our case), the Azure Credential Manager plugins fails to find the credentials for the collection's nuget feeds

The Azure Credential Manager Plugin should pickup the informations generated through the NugetAuthenticate task to then authenticate on the nuget feed hosted in the same collection than the project.

Environment type (Please select at least one enviroment where you face this issue)

• [X] Self-Hosted
• [ ] Microsoft Hosted
• [ ] VMSS Pool
• [ ] Container

Azure DevOps Server type

Azure DevOps Server (Please specify exact version in the textbox below)

Azure DevOps Server Version (if applicable)

Azure DevOps Server 2022.2 (AzureDevopsServer_20240702.1)

Operation system

Windows Server 2019

Relevant log output

NugetAuthenticate@1 tasks running with no errors

NuGetAuthenticate@1 task

  - task: NuGetAuthenticate@1
    displayName: 'Authentification NuGet'
    env:
      NODE_EXTRA_CA_CERTS: /etc/ssl/certs/ca-certificates.crt

Failing task executed after the NuGetAuthenticate@1 task

  - script: |
      echo "VSS_NUGET_URI_PREFIXES: $VSS_NUGET_URI_PREFIXES, VSS_NUGET_ACCESSTOKEN: $VSS_NUGET_ACCESSTOKEN"
      dotnet nuget push $(Build.ArtifactStagingDirectory)/*.nupkg --source Alpa.AspNetCore --api-key azp --skip-duplicate
    displayName: "Publication des paquets NuGet"
    env:
      NODE_EXTRA_CA_CERTS: /etc/ssl/certs/ca-certificates.crt

Full task logs with system.debug enabled

Logs for the authentication task

##[debug]Agent.ProxyUsername=undefined
##[debug]Agent.ProxyPassword=undefined
##[debug]Agent.ProxyBypassList=["","",""]
##[debug]Acquiring connection data for: https:///ALPA%20-%20Int%C3%A9gration/
##[debug]Successfully acquired the connection data
##[debug]Getting credentials for local feeds
##[debug]SYSTEMVSSCONNECTION exists true
##[debug]Got auth token
Configuration du fournisseur d'informations d'identification afin d'utiliser l'identité 'Service de build de collection de projets (ALPA - Intégration)' pour les flux de votre organisation/collection commençant par :
  https:///ALPA - Intégration/

##[debug]set VSS_NUGET_URI_PREFIXES=https:///ALPA - Intégration/
##[debug]Processed: ##vso[task.setvariable variable=VSS_NUGET_URI_PREFIXES;isOutput=false;issecret=false;]https:///ALPA - Intégration/
##[debug]set VSS_NUGET_ACCESSTOKEN=***
##[debug]Processed: ##vso[task.setvariable variable=VSS_NUGET_ACCESSTOKEN;isOutput=false;issecret=false;]***
##[debug]Agent.Version=3.240.1
##[debug]SYSTEM_TASKINSTANCEID=d1348d91-db23-51a7-8a76-da2cbbad589d
##[debug]SYSTEM_JOBID=12f1170f-54f2-53f3-20dd-22fc7dff55f9
##[debug]SYSTEM_PLANID=bb37a7f6-a25b-43f4-8f7c-c2ec795a5350
##[debug]SYSTEM_COLLECTIONID=1241625b-ba65-4f6a-ab96-47a1bb52b6b0
##[debug]SYSTEM_PULLREQUEST_ISFORK=False
##[debug]AGENT_ID=119
##[debug]AGENT_MACHINENAME=rxxops01
##[debug]AGENT_NAME=rxxops01.rc.lan
##[debug]AGENT_JOBSTATUS=Succeeded
##[debug]AGENT_OS=Linux
##[debug]AGENT_OSARCHITECTURE=X64
##[debug]AGENT_VERSION=3.240.1
##[debug]BUILD_BUILDID=787
##[debug]BUILD_BUILDNUMBER=20240821.5
##[debug]BUILD_BUILDURI=vstfs:///Build/Build/787
##[debug]BUILD_CONTAINERID=1647
##[debug]BUILD_DEFINITIONNAME=Alpa.AspNetCore - Publish Nugets
##[debug]BUILD_DEFINITIONVERSION=4
##[debug]BUILD_REASON=Manual
##[debug]Processed: ##vso[telemetry.publish area=Packaging;feature=NuGetAuthenticateV1]{"SYSTEM_TASKINSTANCEID":"d1348d91-db23-51a7-8a76-da2cbbad589d","SYSTEM_JOBID":"12f1170f-54f2-53f3-20dd-22fc7dff55f9","SYSTEM_PLANID":"bb37a7f6-a25b-43f4-8f7c-c2ec795a5350","SYSTEM_COLLECTIONID":"1241625b-ba65-4f6a-ab96-47a1bb52b6b0","SYSTEM_PULLREQUEST_ISFORK":"False","AGENT_ID":"119","AGENT_MACHINENAME":"rxxops01","AGENT_NAME":"rxxops01.rc.lan","AGENT_JOBSTATUS":"Succeeded","AGENT_OS":"Linux","AGENT_OSARCHITECTURE":"X64","AGENT_VERSION":"3.240.1","BUILD_BUILDID":"787","BUILD_BUILDNUMBER":"20240821.5","BUILD_BUILDURI":"vstfs:///Build/Build/787","BUILD_CONTAINERID":"1647","BUILD_DEFINITIONNAME":"Alpa.AspNetCore - Publish Nugets","BUILD_DEFINITIONVERSION":"4","BUILD_REASON":"Manual","NuGetAuthenticate.ForceReinstallCredentialProvider":false}
Fin : Authentification NuGet

2024-08-21T08:06:37.7762222Z ##[debug]Evaluating condition for step: 'Publication des paquets NuGet'
2024-08-21T08:06:37.7763095Z ##[debug]Evaluating: SucceededNode()
2024-08-21T08:06:37.7763262Z ##[debug]Evaluating SucceededNode:
2024-08-21T08:06:37.7763616Z ##[debug]=> True
2024-08-21T08:06:37.7763788Z ##[debug]Result: True
2024-08-21T08:06:37.7764003Z ##[section]Démarrage : Publication des paquets NuGet
2024-08-21T08:06:37.7768287Z ==============================================================================
2024-08-21T08:06:37.7768407Z Task         : Ligne de commande
2024-08-21T08:06:37.7768459Z Description  : Exécuter un script de ligne de commande via Bash sur Linux et macOS, et cmd.exe sur Windows
2024-08-21T08:06:37.7768561Z Version      : 2.231.0
2024-08-21T08:06:37.7768622Z Author       : Microsoft Corporation
2024-08-21T08:06:37.7768679Z Help         : https://docs.microsoft.com/azure/devops/pipelines/tasks/utility/command-line
2024-08-21T08:06:37.7768765Z ==============================================================================
2024-08-21T08:06:37.8190532Z ##[debug]Resource Utilization warnings is disabled, switch "DISABLE_RESOURCE_UTILIZATION_WARNINGS" variable to "true" if you want to enable it
2024-08-21T08:06:37.8725431Z ##[debug]Using node path: /opt/ALPA.RC.Agent1/externals/node16/bin/node
2024-08-21T08:06:37.9769055Z ##[debug]agent.TempDirectory=/opt/Agent1/_work/_temp
2024-08-21T08:06:37.9825147Z ##[debug]loading inputs and endpoints
2024-08-21T08:06:37.9831308Z ##[debug]loading INPUT_SCRIPT
2024-08-21T08:06:37.9843576Z ##[debug]loading INPUT_WORKINGDIRECTORY
2024-08-21T08:06:37.9846992Z ##[debug]loading INPUT_FAILONSTDERR
2024-08-21T08:06:37.9851067Z ##[debug]loading ENDPOINT_AUTH_SYSTEMVSSCONNECTION
2024-08-21T08:06:37.9854452Z ##[debug]loading ENDPOINT_AUTH_SCHEME_SYSTEMVSSCONNECTION
2024-08-21T08:06:37.9857773Z ##[debug]loading ENDPOINT_AUTH_PARAMETER_SYSTEMVSSCONNECTION_ACCESSTOKEN
2024-08-21T08:06:37.9863835Z ##[debug]loading SECRET_SYSTEM_ACCESSTOKEN
2024-08-21T08:06:37.9867957Z ##[debug]loaded 7
2024-08-21T08:06:37.9873167Z ##[debug]Agent.ProxyUrl=http://172.22.92.30:3128
2024-08-21T08:06:37.9874574Z ##[debug]Agent.ProxyUsername=undefined
2024-08-21T08:06:37.9876901Z ##[debug]Agent.ProxyPassword=undefined
2024-08-21T08:06:37.9878335Z ##[debug]Agent.ProxyBypassList=["","",""]
2024-08-21T08:06:37.9880971Z ##[debug]expose agent proxy configuration.
2024-08-21T08:06:37.9882968Z ##[debug]Agent.CAInfo=undefined
2024-08-21T08:06:37.9884179Z ##[debug]Agent.ClientCert=undefined
2024-08-21T08:06:37.9885422Z ##[debug]Agent.SkipCertValidation=undefined
2024-08-21T08:06:37.9992428Z ##[debug]check path : /opt/Agent1/_work/_tasks/CmdLine_d9bafed4-0b18-4f58-968d-86655b4d2ce9/2.231.0/task.json
2024-08-21T08:06:37.9995517Z ##[debug]adding resource file: /opt/Agent1/_work/_tasks/CmdLine_d9bafed4-0b18-4f58-968d-86655b4d2ce9/2.231.0/task.json
2024-08-21T08:06:37.9996182Z ##[debug]system.culture=fr-FR
2024-08-21T08:06:38.0010189Z ##[debug]failOnStderr=false
2024-08-21T08:06:38.0013808Z ##[debug]script=echo "VSS_NUGET_URI_PREFIXES: $VSS_NUGET_URI_PREFIXES, VSS_NUGET_ACCESSTOKEN: $VSS_NUGET_ACCESSTOKEN"
dotnet nuget push /opt/Agent1/_work/7/a/*.nupkg --source Alpa.AspNetCore --api-key azp --skip-duplicate
2024-08-21T08:06:38.0016397Z ##[debug]workingDirectory=/opt/Agent1/_work/7/s
2024-08-21T08:06:38.0017846Z ##[debug]check path : /opt/Agent1/_work/7/s
2024-08-21T08:06:38.0030662Z Génération du script.
2024-08-21T08:06:38.0033444Z ##[debug]Agent.Version=3.240.1
2024-08-21T08:06:38.0034532Z ##[debug]agent.tempDirectory=/opt/Agent1/_work/_temp
2024-08-21T08:06:38.0035128Z ##[debug]check path : /opt/Agent1/_work/_temp
2024-08-21T08:06:38.0040995Z ========================== Starting Command Output ===========================
2024-08-21T08:06:38.0043410Z ##[debug]which 'bash'
2024-08-21T08:06:38.0053004Z ##[debug]found: '/usr/bin/bash'
2024-08-21T08:06:38.0054757Z ##[debug]which '/usr/bin/bash'
2024-08-21T08:06:38.0080859Z ##[debug]found: '/usr/bin/bash'
2024-08-21T08:06:38.0082197Z ##[debug]/usr/bin/bash arg: --noprofile
2024-08-21T08:06:38.0082616Z ##[debug]/usr/bin/bash arg: --norc
2024-08-21T08:06:38.0083031Z ##[debug]/usr/bin/bash arg: /opt/Agent1/_work/_temp/43f45cf9-0a7f-4ff0-9f67-ab1ef9da32c1.sh
2024-08-21T08:06:38.0161042Z ##[debug]exec tool: /usr/bin/bash
2024-08-21T08:06:38.0162389Z ##[debug]arguments:
2024-08-21T08:06:38.0162876Z ##[debug]   --noprofile
2024-08-21T08:06:38.0163270Z ##[debug]   --norc
2024-08-21T08:06:38.0163891Z ##[debug]   /opt/Agent1/_work/_temp/43f45cf9-0a7f-4ff0-9f67-ab1ef9da32c1.sh
2024-08-21T08:06:38.0164274Z [command]/usr/bin/bash --noprofile --norc /opt/Agent1/_work/_temp/43f45cf9-0a7f-4ff0-9f67-ab1ef9da32c1.sh
2024-08-21T08:06:38.0188226Z VSS_NUGET_URI_PREFIXES: https:///ALPA - Intégration/, VSS_NUGET_ACCESSTOKEN: ***
2024-08-21T08:06:39.2333544Z warn : The plugin credential provider could not acquire credentials. Authentication may require manual action. Consider re-running the command with --interactive for `dotnet`, /p:NuGetInteractive="true" for MSBuild or removing the -NonInteractive switch for `NuGet`
2024-08-21T08:06:39.6275990Z ##[debug]Ressources d’environnement de l’agent – Disque : / 14026,00 Mo disponible(s) sur 118616,00 Mo, Mémoire : 1434,00 Mo utilisé(s) sur 3911,00 Mo, Utilisation de l’UC : 29,61 %
2024-08-21T08:06:40.4038202Z warn : The plugin credential provider could not acquire credentials. Authentication may require manual action. Consider re-running the command with --interactive for `dotnet`, /p:NuGetInteractive="true" for MSBuild or removing the -NonInteractive switch for `NuGet`
2024-08-21T08:06:41.4289796Z warn : The plugin credential provider could not acquire credentials. Authentication may require manual action. Consider re-running the command with --interactive for `dotnet`, /p:NuGetInteractive="true" for MSBuild or removing the -NonInteractive switch for `NuGet`
2024-08-21T08:06:42.5862503Z warn : The plugin credential provider could not acquire credentials. Authentication may require manual action. Consider re-running the command with --interactive for `dotnet`, /p:NuGetInteractive="true" for MSBuild or removing the -NonInteractive switch for `NuGet`
2024-08-21T08:06:44.6270717Z ##[debug]Ressources d’environnement de l’agent – Disque : / 14026,00 Mo disponible(s) sur 118616,00 Mo, Mémoire : 1437,00 Mo utilisé(s) sur 3911,00 Mo, Utilisation de l’UC : 22,66 %
2024-08-21T08:06:44.7343034Z error: Unable to load the service index for source https:///ALPA%20-%20Int%C3%A9gration/_packaging/ALPA.AspNetCore/nuget/v3/index.json.
2024-08-21T08:06:44.7343759Z error:   Response status code does not indicate success: 401 (Unauthorized).
2024-08-21T08:06:44.7721689Z ##[debug]Exit code 1 received from tool '/usr/bin/bash'
2024-08-21T08:06:44.8061663Z ##[debug]STDIO streams have closed for tool '/usr/bin/bash'
2024-08-21T08:06:44.8095549Z ##[error]Arrêt de Bash. Code de sortie : '1'.
2024-08-21T08:06:44.8103562Z ##[debug]Processed: ##vso[task.issue type=error;]Arrêt de Bash. Code de sortie : '1'.
2024-08-21T08:06:44.8104486Z ##[debug]task result: Failed
2024-08-21T08:06:44.8106615Z ##[debug]Processed: ##vso[task.complete result=Failed;done=true;]
2024-08-21T08:06:44.8122250Z ##[section]Fin : Publication des paquets NuGet

### Repro steps 1. Create an azure devops on premise instance 2. Create a collection containing Specail characters. Our case : "ALPA - Intégration" 3. Create a pipeline that tries to push a nuget package in this collection's feed with the following tasks : ```yml steps: - task: NuGetToolInstaller@1 inputs: forceReinstallCredentialProvider: true env: NODE_EXTRA_CA_CERTS: /etc/ssl/certs/ca-certificates.crt - task: NuGetAuthenticate@1 displayName: 'Authentification NuGet' env: NODE_EXTRA_CA_CERTS: /etc/ssl/certs/ca-certificates.crt - task: DotNetCoreCLI@2 displayName: "Génération des paquets NuGet" inputs: command: 'pack' packagesToPack: '**/*.csproj' versioningScheme: 'off' env: NODE_EXTRA_CA_CERTS: /etc/ssl/certs/ca-certificates.crt - script: | echo "VSS_NUGET_URI_PREFIXES: $VSS_NUGET_URI_PREFIXES, VSS_NUGET_ACCESSTOKEN: $VSS_NUGET_ACCESSTOKEN" dotnet nuget push $(Build.ArtifactStagingDirectory)/*.nupkg --source Alpa.AspNetCore --api-key azp --skip-duplicate displayName: "Publication des paquets NuGet" env: NODE_EXTRA_CA_CERTS: /etc/ssl/certs/ca-certificates.crt ```

[theo-basty]

For the record, I've been able to temporarily solve this by adding a task that replace the content of the env variable with a properly encoded URL.

  - script: |
      echo "##vso[task.setvariable variable=VSS_NUGET_URI_PREFIXES;isOutput=false;issecret=false;]https://<REDACTED>/ALPA%20-%20Int%C3%A9gration/"
    displayName: "Contournement bug tâche d'authentification"