load non-scoped auth configs, scoped to default registry

npm · Apr 23, 2021 · 6595c31 · 6595c31
1 parent d1f9b24
commit 6595c31
Show file tree

Hide file tree

Showing 3 changed files with 77 additions and 27 deletions.
diff --git a/lib/index.js b/lib/index.js
@@ -282,6 +282,15 @@ class Config {
     // symbols, as that module also does a bunch of get operations
     this[_loaded] = true
 
+    process.emit('time', 'config:load:credentials')
+    const reg = this.get('registry')
+    // console.error('registry', reg, this)
+    const creds = this.getCredentialsByURI(reg)
+    // ignore this error because a failed set will strip out anything that
+    // might be a security hazard, which was the intention.
+    try { this.setCredentialsByURI(reg, creds) } catch (_) {}
+    process.emit('timeEnd', 'config:load:credentials')
+
     // set proper globalPrefix now that everything is loaded
     this.globalPrefix = this.get('prefix')
 

diff --git a/tap-snapshots/test/index.js.test.cjs b/tap-snapshots/test/index.js.test.cjs
@@ -8,9 +8,6 @@
 exports[`test/index.js TAP credentials management def_auth > default registry 1`] = `
 Object {
   "alwaysAuth": true,
-  "auth": "aGVsbG86d29ybGQ=",
-  "password": "world",
-  "username": "hello",
 }
 `
 
@@ -37,14 +34,6 @@ Object {
 exports[`test/index.js TAP credentials management def_passNoUser > other registry 1`] = `
 Object {
   "alwaysAuth": false,
-  "email": "i@izs.me",
-}
-`
-
-exports[`test/index.js TAP credentials management def_passNoUser > other registry after set 1`] = `
-Object {
-  "alwaysAuth": false,
-  "email": "i@izs.me",
 }
 `
 
@@ -65,14 +54,6 @@ Object {
 exports[`test/index.js TAP credentials management def_userNoPass > other registry 1`] = `
 Object {
   "alwaysAuth": false,
-  "email": "i@izs.me",
-}
-`
-
-exports[`test/index.js TAP credentials management def_userNoPass > other registry after set 1`] = `
-Object {
-  "alwaysAuth": false,
-  "email": "i@izs.me",
 }
 `
 
@@ -99,14 +80,6 @@ Object {
 exports[`test/index.js TAP credentials management def_userpass > other registry 1`] = `
 Object {
   "alwaysAuth": false,
-  "email": "i@izs.me",
-}
-`
-
-exports[`test/index.js TAP credentials management def_userpass > other registry after set 1`] = `
-Object {
-  "alwaysAuth": false,
-  "email": "i@izs.me",
 }
 `
 

diff --git a/test/index.js b/test/index.js
@@ -851,3 +851,71 @@ t.test('setting username/password/email individually', async t => {
     auth: Buffer.from('admin:admin').toString('base64'),
   })
 })
+
+t.test('nerfdart auths set at the top level into the registry', async t => {
+  const registry = 'https://registry.npmjs.org/'
+  const _auth = Buffer.from('admin:admin').toString('base64')
+  const username = 'admin'
+  const _password = Buffer.from('admin').toString('base64')
+  const email = 'i@izs.me'
+  const _authToken = 'deadbeefblahblah'
+
+  // TODO(isaacs): We should NOT be requiring that email be nerfdarted.
+  // It's not particularly secret, and is only included in the "credentials"
+  // concept as an accident of history, because the old couchdb reg used it.
+  // It should be treated just like any other plain old config field.
+
+  // name: [ini, expect]
+  const cases = {
+    // TODO: should not require email
+    // '_auth only, no email': [ `_auth=${_auth}`, {
+    //   '//registry.npmjs.org/:username': username,
+    //   '//registry.npmjs.org/:_password': _password,
+    // }],
+    '_auth with email': [ `_auth=${_auth}\nemail=${email}`, {
+      '//registry.npmjs.org/:username': username,
+      '//registry.npmjs.org/:_password': _password,
+      // TODO: change to just 'email': email
+      '//registry.npmjs.org/:email': email,
+    }],
+    '_authToken alone': [ `_authToken=${_authToken}`, {
+      '//registry.npmjs.org/:_authToken': _authToken,
+    }],
+    '_authToken and email': [ `_authToken=${_authToken}\nemail=${email}`, {
+      '//registry.npmjs.org/:_authToken': _authToken,
+      // TODO: should include (un-nerf-darted) email
+      // email,
+    }],
+    // TODO: should not require email
+    // 'username and _password': [ `username=${username}\n_password=${_password}`, {
+    //   '//registry.npmjs.org/:username': username,
+    //   '//registry.npmjs.org/:_password': _password,
+    // }],
+    'username, password, email': [ `username=${username}\n_password=${_password}\nemail=${email}`, {
+      '//registry.npmjs.org/:username': username,
+      '//registry.npmjs.org/:_password': _password,
+      '//registry.npmjs.org/:email': 'i@izs.me',
+    }],
+    // handled invalid cases
+    'username, no _password': [`username=${username}`, {}],
+    '_password, no username': [`_password=${_password}`, {}],
+  }
+
+  for (const [name, [ini, expect]] of Object.entries(cases)) {
+    //console.log({name, ini, expect})
+    t.test(name, async t => {
+      const path = t.testdir({ '.npmrc': ini })
+      const opts = {
+        shorthands: {},
+        argv: ['node', __filename, `--userconfig=${path}/.npmrc`, `--globalconfig=${path}/npmrc`],
+        definitions: {
+          registry: { default: registry },
+        },
+        npmPath: process.cwd(),
+      }
+      const c = new Config(opts)
+      await c.load()
+      t.same(c.list[3], expect)
+    })
+  }
+})