fix: delete auth from proper location on logout

wraithgar · wraithgar · commit 8423d4f133a4 · 2023-10-12T09:20:39.000-07:00
diff --git a/lib/commands/logout.js b/lib/commands/logout.js
@@ -19,6 +19,9 @@ class Logout extends BaseCommand {
 
     const auth = getAuth(reg, this.npm.flatOptions)
 
+    const level = this.npm.config.find(`${auth.regKey}:${auth.authKey}`)
+
+    // find the config level and only delete from there
     if (auth.token) {
       log.verbose('logout', `clearing token for ${reg}`)
       await npmFetch(`/-/user/token/${encodeURIComponent(auth.token)}`, {
@@ -34,12 +37,12 @@ class Logout extends BaseCommand {
     }
 
     if (scope) {
-      this.npm.config.delete(regRef, 'user')
+      this.npm.config.delete(regRef, level)
     }
 
-    this.npm.config.clearCredentialsByURI(reg)
+    this.npm.config.clearCredentialsByURI(reg, level)
 
-    await this.npm.config.save('user')
+    await this.npm.config.save(level)
   }
 }
 module.exports = Logout
diff --git a/workspaces/config/lib/index.js b/workspaces/config/lib/index.js
@@ -774,29 +774,29 @@ class Config {
     await chmod(conf.source, mode)
   }
 
-  clearCredentialsByURI (uri) {
+  clearCredentialsByURI (uri, level = 'user') {
     const nerfed = nerfDart(uri)
     const def = nerfDart(this.get('registry'))
     if (def === nerfed) {
-      this.delete(`-authtoken`, 'user')
-      this.delete(`_authToken`, 'user')
-      this.delete(`_authtoken`, 'user')
-      this.delete(`_auth`, 'user')
-      this.delete(`_password`, 'user')
-      this.delete(`username`, 'user')
+      this.delete(`-authtoken`, level)
+      this.delete(`_authToken`, level)
+      this.delete(`_authtoken`, level)
+      this.delete(`_auth`, level)
+      this.delete(`_password`, level)
+      this.delete(`username`, level)
       // de-nerf email if it's nerfed to the default registry
-      const email = this.get(`${nerfed}:email`, 'user')
+      const email = this.get(`${nerfed}:email`, level)
       if (email) {
-        this.set('email', email, 'user')
+        this.set('email', email, level)
       }
     }
-    this.delete(`${nerfed}:_authToken`, 'user')
-    this.delete(`${nerfed}:_auth`, 'user')
-    this.delete(`${nerfed}:_password`, 'user')
-    this.delete(`${nerfed}:username`, 'user')
-    this.delete(`${nerfed}:email`, 'user')
-    this.delete(`${nerfed}:certfile`, 'user')
-    this.delete(`${nerfed}:keyfile`, 'user')
+    this.delete(`${nerfed}:_authToken`, level)
+    this.delete(`${nerfed}:_auth`, level)
+    this.delete(`${nerfed}:_password`, level)
+    this.delete(`${nerfed}:username`, level)
+    this.delete(`${nerfed}:email`, level)
+    this.delete(`${nerfed}:certfile`, level)
+    this.delete(`${nerfed}:keyfile`, level)
   }
 
   setCredentialsByURI (uri, { token, username, password, email, certfile, keyfile }) {

Original file line number	Diff line number	Diff line change
`@@ -19,6 +19,9 @@ class Logout extends BaseCommand {`
`19`	`19`
`20`	`20`	`const auth = getAuth(reg, this.npm.flatOptions)`
`21`	`21`
	`22`	+ const level = this.npm.config.find(`${auth.regKey}:${auth.authKey}`)
	`23`	`+`
	`24`	`+ // find the config level and only delete from there`
`22`	`25`	`if (auth.token) {`
`23`	`26`	log.verbose('logout', `clearing token for ${reg}`)
`24`	`27`	await npmFetch(`/-/user/token/${encodeURIComponent(auth.token)}`, {
`@@ -34,12 +37,12 @@ class Logout extends BaseCommand {`
`34`	`37`	`}`
`35`	`38`
`36`	`39`	`if (scope) {`
`37`		`- this.npm.config.delete(regRef, 'user')`
	`40`	`+ this.npm.config.delete(regRef, level)`
`38`	`41`	`}`
`39`	`42`
`40`		`- this.npm.config.clearCredentialsByURI(reg)`
	`43`	`+ this.npm.config.clearCredentialsByURI(reg, level)`
`41`	`44`
`42`		`- await this.npm.config.save('user')`
	`45`	`+ await this.npm.config.save(level)`
`43`	`46`	`}`
`44`	`47`	`}`
`45`	`48`	`module.exports = Logout`