From 4fc2f3e05b600aa64fe5eb6b8b77bc070e5a9403 Mon Sep 17 00:00:00 2001
From: isaacs <i@izs.me>
Date: Fri, 18 Dec 2020 12:21:17 -0800
Subject: [PATCH] @npmcli/config@1.2.8

* Support setting email without username/password

Fixes: #2300
---
 node_modules/@npmcli/config/lib/index.js | 30 +++++++++++++++++-------
 node_modules/@npmcli/config/package.json |  2 +-
 package-lock.json                        | 14 +++++------
 package.json                             |  2 +-
 4 files changed, 30 insertions(+), 18 deletions(-)

diff --git a/node_modules/@npmcli/config/lib/index.js b/node_modules/@npmcli/config/lib/index.js
index a80b976a0008..e7fac96c1c8c 100644
--- a/node_modules/@npmcli/config/lib/index.js
+++ b/node_modules/@npmcli/config/lib/index.js
@@ -178,6 +178,11 @@ class Config {
       throw new Error('call config.load() before setting values')
     if (!confTypes.has(where))
       throw new Error('invalid config location param: ' + where)
+    if (key === '_auth') {
+      const { email } = this.getCredentialsByURI(this.get('registry'))
+      if (!email)
+        throw new Error('Cannot set _auth without first setting email')
+    }
     this.data.get(where).data[key] = val
 
     // this is now dirty, the next call to this.valid will have to check it
@@ -512,6 +517,9 @@ class Config {
     if (where === 'user') {
       const reg = this.get('registry')
       const creds = this.getCredentialsByURI(reg)
+      // we ignore this error because the failed set already removed
+      // anything that might be a security hazard, and it won't be
+      // saved back to the .npmrc file, so we're good.
       try { this.setCredentialsByURI(reg, creds) } catch (_) {}
     }
 
@@ -576,18 +584,22 @@ class Config {
       this.delete(`${nerfed}:email`, 'user')
       this.delete(`${nerfed}:always-auth`, 'user')
     } else if (username || password || email) {
-      if (!username)
-        throw new Error('must include username')
-      if (!password)
-        throw new Error('must include password')
+      if (username || password) {
+        if (!username)
+          throw new Error('must include username')
+        if (!password)
+          throw new Error('must include password')
+      }
       if (!email)
         throw new Error('must include email')
       this.delete(`${nerfed}:_authToken`, 'user')
-      this.set(`${nerfed}:username`, username, 'user')
-      // note: not encrypted, no idea why we bothered to do this, but oh well
-      // protects against shoulder-hacks if password is memorable, I guess?
-      const encoded = Buffer.from(password, 'utf8').toString('base64')
-      this.set(`${nerfed}:_password`, encoded, 'user')
+      if (username || password) {
+        this.set(`${nerfed}:username`, username, 'user')
+        // note: not encrypted, no idea why we bothered to do this, but oh well
+        // protects against shoulder-hacks if password is memorable, I guess?
+        const encoded = Buffer.from(password, 'utf8').toString('base64')
+        this.set(`${nerfed}:_password`, encoded, 'user')
+      }
       this.set(`${nerfed}:email`, email, 'user')
       if (alwaysAuth !== undefined)
         this.set(`${nerfed}:always-auth`, alwaysAuth, 'user')
diff --git a/node_modules/@npmcli/config/package.json b/node_modules/@npmcli/config/package.json
index 26581f385c38..a7050c73a03e 100644
--- a/node_modules/@npmcli/config/package.json
+++ b/node_modules/@npmcli/config/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@npmcli/config",
-  "version": "1.2.7",
+  "version": "1.2.8",
   "files": [
     "lib"
   ],
diff --git a/package-lock.json b/package-lock.json
index a1efbf45f7aa..7c18e3b84c78 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -356,7 +356,7 @@
       "dependencies": {
         "@npmcli/arborist": "^2.0.2",
         "@npmcli/ci-detect": "^1.2.0",
-        "@npmcli/config": "^1.2.7",
+        "@npmcli/config": "^1.2.8",
         "@npmcli/run-script": "^1.8.1",
         "abbrev": "~1.1.1",
         "ansicolors": "~0.3.2",
@@ -721,9 +721,9 @@
       "inBundle": true
     },
     "node_modules/@npmcli/config": {
-      "version": "1.2.7",
-      "resolved": "https://registry.npmjs.org/@npmcli/config/-/config-1.2.7.tgz",
-      "integrity": "sha512-zV1xhCK91UegZO03G7BdNSRMCTDVMB1UI31XDbZ8bjUB/8rUuFvbYoIRzZDMyUPT24ltzLQC15Ub2bzgg0ORSg==",
+      "version": "1.2.8",
+      "resolved": "https://registry.npmjs.org/@npmcli/config/-/config-1.2.8.tgz",
+      "integrity": "sha512-XFqg1uxUhEiy73hT1Z66xrMojgUOzAaCCYm12bEYBbi3wxmaer8MDRQ8ZViCacHFSZhkLVLqt/osPwKKJPduPw==",
       "inBundle": true,
       "dependencies": {
         "ini": "^2.0.0",
@@ -9892,9 +9892,9 @@
       "integrity": "sha512-oN3y7FAROHhrAt7Rr7PnTSwrHrZVRTS2ZbyxeQwSSYD0ifwM3YNgQqbaRmjcWoPyq77MjchusjJDspbzMmip1Q=="
     },
     "@npmcli/config": {
-      "version": "1.2.7",
-      "resolved": "https://registry.npmjs.org/@npmcli/config/-/config-1.2.7.tgz",
-      "integrity": "sha512-zV1xhCK91UegZO03G7BdNSRMCTDVMB1UI31XDbZ8bjUB/8rUuFvbYoIRzZDMyUPT24ltzLQC15Ub2bzgg0ORSg==",
+      "version": "1.2.8",
+      "resolved": "https://registry.npmjs.org/@npmcli/config/-/config-1.2.8.tgz",
+      "integrity": "sha512-XFqg1uxUhEiy73hT1Z66xrMojgUOzAaCCYm12bEYBbi3wxmaer8MDRQ8ZViCacHFSZhkLVLqt/osPwKKJPduPw==",
       "requires": {
         "ini": "^2.0.0",
         "mkdirp-infer-owner": "^2.0.0",
diff --git a/package.json b/package.json
index 8e2917c5edca..53db374c9506 100644
--- a/package.json
+++ b/package.json
@@ -44,7 +44,7 @@
   "dependencies": {
     "@npmcli/arborist": "^2.0.2",
     "@npmcli/ci-detect": "^1.2.0",
-    "@npmcli/config": "^1.2.7",
+    "@npmcli/config": "^1.2.8",
     "@npmcli/run-script": "^1.8.1",
     "abbrev": "~1.1.1",
     "ansicolors": "~0.3.2",