Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

cert auth deps updates #5187

Merged
merged 2 commits into from Jul 19, 2022
Merged

cert auth deps updates #5187

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
c0ef010
deps: @npmcli/config@4.2.0
wraithgar Jul 18, 2022
a31b886
deps: npm-registry-fetch@13.3.0
wraithgar Jul 18, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
19 changes: 17 additions & 2 deletions node_modules/@npmcli/config/lib/index.js
View file
Open in desktop
Expand Up @@ -698,9 +698,11 @@ class Config {
this.delete(`${nerfed}:_password`, 'user')
this.delete(`${nerfed}:username`, 'user')
this.delete(`${nerfed}:email`, 'user')
this.delete(`${nerfed}:certfile`, 'user')
this.delete(`${nerfed}:keyfile`, 'user')
}

setCredentialsByURI (uri, { token, username, password, email }) {
setCredentialsByURI (uri, { token, username, password, email, certfile, keyfile }) {
const nerfed = nerfDart(uri)
const def = nerfDart(this.get('registry'))

Expand Down Expand Up @@ -733,6 +735,11 @@ class Config {
this.delete(`${nerfed}:-authtoken`, 'user')
this.delete(`${nerfed}:_authtoken`, 'user')
this.delete(`${nerfed}:email`, 'user')
if (certfile && keyfile) {
this.set(`${nerfed}:certfile`, certfile, 'user')
this.set(`${nerfed}:keyfile`, keyfile, 'user')
// cert/key may be used in conjunction with other credentials, thus no `else`
}
if (token) {
this.set(`${nerfed}:_authToken`, token, 'user')
this.delete(`${nerfed}:_password`, 'user')
Expand All @@ -750,7 +757,7 @@ class Config {
// protects against shoulder-hacks if password is memorable, I guess?
const encoded = Buffer.from(password, 'utf8').toString('base64')
this.set(`${nerfed}:_password`, encoded, 'user')
} else {
} else if (!certfile || !keyfile) {
throw new Error('No credentials to set.')
}
}
Expand All @@ -765,6 +772,14 @@ class Config {
creds.email = email
}

const certfileReg = this.get(`${nerfed}:certfile`)
const keyfileReg = this.get(`${nerfed}:keyfile`)
if (certfileReg && keyfileReg) {
creds.certfile = certfileReg
creds.keyfile = keyfileReg
// cert/key may be used in conjunction with other credentials, thus no `return`
}

const tokenReg = this.get(`${nerfed}:_authToken`) ||
this.get(`${nerfed}:_authtoken`) ||
this.get(`${nerfed}:-authtoken`) ||
Expand Down
6 changes: 3 additions & 3 deletions node_modules/@npmcli/config/package.json
View file
Open in desktop
@@ -1,6 +1,6 @@
{
"name": "@npmcli/config",
"version": "4.1.0",
"version": "4.2.0",
"files": [
"bin/",
"lib/"
Expand Down Expand Up @@ -31,7 +31,7 @@
},
"devDependencies": {
"@npmcli/eslint-config": "^3.0.1",
"@npmcli/template-oss": "3.3.2",
"@npmcli/template-oss": "3.5.0",
"tap": "^16.0.1"
},
"dependencies": {
Expand All @@ -49,6 +49,6 @@
},
"templateOSS": {
"//@npmcli/template-oss": "This file is partially managed by @npmcli/template-oss. Edits may be overwritten.",
"version": "3.3.2"
"version": "3.5.0"
}
}
37 changes: 34 additions & 3 deletions node_modules/npm-registry-fetch/lib/auth.js
View file
Open in desktop
@@ -1,4 +1,5 @@
'use strict'
const fs = require('fs')
const npa = require('npm-package-arg')
const { URL } = require('url')

Expand All @@ -7,7 +8,8 @@ const { URL } = require('url')
const regKeyFromURI = (uri, opts) => {
const parsed = new URL(uri)
// try to find a config key indicating we have auth for this registry
// can be one of :_authToken, :_auth, or :_password and :username
// can be one of :_authToken, :_auth, :_password and :username, or
// :certfile and :keyfile
// We walk up the "path" until we're left with just //<host>[:<port>],
// stopping when we reach '//'.
let regKey = `//${parsed.host}${parsed.pathname}`
Expand All @@ -26,7 +28,8 @@ const regKeyFromURI = (uri, opts) => {
const hasAuth = (regKey, opts) => (
opts[`${regKey}:_authToken`] ||
opts[`${regKey}:_auth`] ||
opts[`${regKey}:username`] && opts[`${regKey}:_password`]
opts[`${regKey}:username`] && opts[`${regKey}:_password`] ||
opts[`${regKey}:certfile`] && opts[`${regKey}:keyfile`]
)

const sameHost = (a, b) => {
Expand All @@ -44,6 +47,17 @@ const getRegistry = opts => {
return scopeReg || opts.registry
}

const maybeReadFile = file => {
try {
return fs.readFileSync(file, 'utf8')
} catch (er) {
if (er.code !== 'ENOENT') {
throw er
}
return null
}
}

const getAuth = (uri, opts = {}) => {
const { forceAuth } = opts
if (!uri) {
Expand All @@ -59,6 +73,8 @@ const getAuth = (uri, opts = {}) => {
username: forceAuth.username,
password: forceAuth._password || forceAuth.password,
auth: forceAuth._auth || forceAuth.auth,
certfile: forceAuth.certfile,
keyfile: forceAuth.keyfile,
})
}

Expand All @@ -82,6 +98,8 @@ const getAuth = (uri, opts = {}) => {
[`${regKey}:username`]: username,
[`${regKey}:_password`]: password,
[`${regKey}:_auth`]: auth,
[`${regKey}:certfile`]: certfile,
[`${regKey}:keyfile`]: keyfile,
} = opts

return new Auth({
Expand All @@ -90,15 +108,19 @@ const getAuth = (uri, opts = {}) => {
auth,
username,
password,
certfile,
keyfile,
})
}

class Auth {
constructor ({ token, auth, username, password, scopeAuthKey }) {
constructor ({ token, auth, username, password, scopeAuthKey, certfile, keyfile }) {
this.scopeAuthKey = scopeAuthKey
this.token = null
this.auth = null
this.isBasicAuth = false
this.cert = null
this.key = null
if (token) {
this.token = token
} else if (auth) {
Expand All @@ -108,6 +130,15 @@ class Auth {
this.auth = Buffer.from(`${username}:${p}`, 'utf8').toString('base64')
this.isBasicAuth = true
}
// mTLS may be used in conjunction with another auth method above
if (certfile && keyfile) {
const cert = maybeReadFile(certfile, 'utf-8')
const key = maybeReadFile(keyfile, 'utf-8')
if (cert && key) {
this.cert = cert
this.key = key
}
}
}
}

Expand Down
4 changes: 2 additions & 2 deletions node_modules/npm-registry-fetch/lib/index.js
View file
Open in desktop
Expand Up @@ -112,10 +112,10 @@ function regFetch (uri, /* istanbul ignore next */ opts_ = {}) {
cache: getCacheMode(opts),
cachePath: opts.cache,
ca: opts.ca,
cert: opts.cert,
cert: auth.cert || opts.cert,
headers,
integrity: opts.integrity,
key: opts.key,
key: auth.key || opts.key,
localAddress: opts.localAddress,
maxSockets: opts.maxSockets,
memoize: opts.memoize,
Expand Down
2 changes: 1 addition & 1 deletion node_modules/npm-registry-fetch/package.json
View file
Open in desktop
@@ -1,6 +1,6 @@
{
"name": "npm-registry-fetch",
"version": "13.2.0",
"version": "13.3.0",
"description": "Fetch-based http client for use with npm registry APIs",
"main": "lib",
"files": [
Expand Down
16 changes: 8 additions & 8 deletions package-lock.json
View file
Open in desktop
Expand Up @@ -90,7 +90,7 @@
"@isaacs/string-locale-compare": "^1.1.0",
"@npmcli/arborist": "^5.0.4",
"@npmcli/ci-detect": "^2.0.0",
"@npmcli/config": "^4.1.0",
"@npmcli/config": "^4.2.0",
"@npmcli/fs": "^2.1.0",
"@npmcli/map-workspaces": "^2.0.3",
"@npmcli/package-json": "^2.0.0",
Expand Down Expand Up @@ -135,7 +135,7 @@
"npm-package-arg": "^9.1.0",
"npm-pick-manifest": "^7.0.1",
"npm-profile": "^6.2.0",
"npm-registry-fetch": "^13.2.0",
"npm-registry-fetch": "^13.3.0",
"npm-user-validate": "^1.0.1",
"npmlog": "^6.0.2",
"opener": "^1.5.2",
Expand Down Expand Up @@ -867,9 +867,9 @@
}
},
"node_modules/@npmcli/config": {
"version": "4.1.0",
"resolved": "https://registry.npmjs.org/@npmcli/config/-/config-4.1.0.tgz",
"integrity": "sha512-cPQmIQ2Q0vuOfrenrA3isikdMFMAHgzlXV+EmvZ8f2JeJsU5xTU2bG7ipXECiMvPF9nM+QDnMLuIg8QLw9H4xg==",
"version": "4.2.0",
"resolved": "https://registry.npmjs.org/@npmcli/config/-/config-4.2.0.tgz",
"integrity": "sha512-imWNz5dNWb2u+y41jyxL2WB389tkhu3a01Rchn16O/ur6GrnKySgOqdNG3N/9Z+mqxdISMEGKXI/POCauzz0dA==",
"inBundle": true,
"dependencies": {
"@npmcli/map-workspaces": "^2.0.2",
Expand Down Expand Up @@ -5188,9 +5188,9 @@
}
},
"node_modules/npm-registry-fetch": {
"version": "13.2.0",
"resolved": "https://registry.npmjs.org/npm-registry-fetch/-/npm-registry-fetch-13.2.0.tgz",
"integrity": "sha512-NEKnK02Co31+cnDtnAvEdq9xn6E9yKPK/aOHXZieVbw/qVOcFd7su6kviZjImYoszjM2GykMfGMiyyPUQjUkag==",
"version": "13.3.0",
"resolved": "https://registry.npmjs.org/npm-registry-fetch/-/npm-registry-fetch-13.3.0.tgz",
"integrity": "sha512-10LJQ/1+VhKrZjIuY9I/+gQTvumqqlgnsCufoXETHAPFTS3+M+Z5CFhZRDHGavmJ6rOye3UvNga88vl8n1r6gg==",
"inBundle": true,
"dependencies": {
"make-fetch-happen": "^10.0.6",
Expand Down
4 changes: 2 additions & 2 deletions package.json
View file
Open in desktop
Expand Up @@ -58,7 +58,7 @@
"@isaacs/string-locale-compare": "^1.1.0",
"@npmcli/arborist": "^5.0.4",
"@npmcli/ci-detect": "^2.0.0",
"@npmcli/config": "^4.1.0",
"@npmcli/config": "^4.2.0",
"@npmcli/fs": "^2.1.0",
"@npmcli/map-workspaces": "^2.0.3",
"@npmcli/package-json": "^2.0.0",
Expand Down Expand Up @@ -103,7 +103,7 @@
"npm-package-arg": "^9.1.0",
"npm-pick-manifest": "^7.0.1",
"npm-profile": "^6.2.0",
"npm-registry-fetch": "^13.2.0",
"npm-registry-fetch": "^13.3.0",
"npm-user-validate": "^1.0.1",
"npmlog": "^6.0.2",
"opener": "^1.5.2",
Expand Down