Sync-HashesFromHibp - Misleading FQDN in progress info, missing Proxy param in docs, no feedback on HTTP exceptions

[barelyprofessional]

Been implementing weekly password hash syncs and have encountered a few issues.

• The FQDN in the progress bar doesn't match the actual one used by the downloader
  https://github.com/lithnet/ad-password-protection/blob/master/src/PasswordProtectionPS/SyncHashesFromHibp.cs#L23 api.haveibeenpwned.com
  https://github.com/lithnet/ad-password-protection/blob/master/src/PasswordProtection/HibpDownloader.cs#L77 api.pwnedpasswords.com
• The documentation at https://docs.lithnet.io/password-protection/advanced-help/powershell-reference/sync-hashesfromhibp makes no mention of the -Proxy parameter, nor the HIBP API URL for the purposes of whitelisting
• When exceptions are generated by the downloader for any reason (HTTP errors, TLS trust issues, locked files, etc.), there's absolutely no reporting of these exceptions nor any information on how to troubleshoot them aside from a useless AggregateException.

Sync-HashesFromHibp : One or more errors occurred.
At line:1 char:1
+ Sync-HashesFromHibp -Proxy http://antiquatedcorporateproxy:3128 -Verbose
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [Sync-HashesFromHibp], AggregateException
    + FullyQualifiedErrorId : System.AggregateException,Lithnet.ActiveDirectory.PasswordProtection.PowerShell.SyncHashesFromHibp

My suggestion to improve error reporting would be to add code to log the task's exception when its state is faulted.
https://github.com/lithnet/ad-password-protection/blob/master/src/PasswordProtectionPS/SyncHashesFromHibp.cs

I have seen in other issues you've asked people to dump the stacktrace by ToString'ing $Error[0] (here). If this could be documented as a troubleshooting step it'd make things easier.

At the very least if you could add something like this after the while loop, it would make life a lot easier. Admittedly I haven't worked with PowerShell from C# so this is just a guess on my part for how to implement this.

            if (task.IsFaulted)
            {
                WriteVerbose("HIBP downloader task faulted, dumping out inner exceptions");
                if (task.Exception == null)
                {
                    WriteVerbose("HIBP downloader task's Exception was null");
                }
                else
                {
                    foreach (var ex in task.Exception.InnerExceptions)
                    {
                        WriteError(new ErrorRecord(ex, "HibpDownloadTaskFaulted", ErrorCategory.InvalidOperation, null));
                    }
                }
            }

Ideally it there's a way to use something like NLog or log4net and have its logging bubble up to PowerShell from the HibpDownloader class, that'd be the best, but obviously a lot more effort to implement that.

[ryannewington]

@barelyprofessional Thanks for detailed feedback and taking the time to report these issues.

We might modify the code to get range '0000' before we attempt to parallel request the remaining ranges - if there's a connection error, it will fail once of the single operation, and not get wrapped in an AggregateException.

I'll have a thank about the best way to cover the remaining uses where an aggregate exception might be thrown.