@npmcli/config
Advanced tools
Comparing version 2.1.0 to 2.2.0
@@ -200,7 +200,2 @@ // TODO: set the scope config from package.json or explicit cli config | ||
throw new Error('invalid config location param: ' + where) | ||
if (key === '_auth') { | ||
const { email } = this.getCredentialsByURI(this.get('registry')) | ||
if (!email) | ||
throw new Error('Cannot set _auth without first setting email') | ||
} | ||
this[_checkDeprecated](key) | ||
@@ -286,2 +281,10 @@ const { data } = this.data.get(where) | ||
process.emit('time', 'config:load:credentials') | ||
const reg = this.get('registry') | ||
const creds = this.getCredentialsByURI(reg) | ||
// ignore this error because a failed set will strip out anything that | ||
// might be a security hazard, which was the intention. | ||
try { this.setCredentialsByURI(reg, creds) } catch (_) {} | ||
process.emit('timeEnd', 'config:load:credentials') | ||
// set proper globalPrefix now that everything is loaded | ||
@@ -593,10 +596,13 @@ this.globalPrefix = this.get('prefix') | ||
if (def === nerfed) { | ||
// do not delete email, that shouldn't be nerfed any more. | ||
// just delete the nerfed copy, if one exists. | ||
this.delete(`-authtoken`, 'user') | ||
this.delete(`_authToken`, 'user') | ||
this.delete(`_authtoken`, 'user') | ||
this.delete(`_auth`, 'user') | ||
this.delete(`_password`, 'user') | ||
this.delete(`username`, 'user') | ||
this.delete(`email`, 'user') | ||
} | ||
this.delete(`${nerfed}:-authtoken`, 'user') | ||
this.delete(`${nerfed}:_authtoken`, 'user') | ||
this.delete(`${nerfed}:_authToken`, 'user') | ||
@@ -609,3 +615,3 @@ this.delete(`${nerfed}:_auth`, 'user') | ||
setCredentialsByURI (uri, { token, username, password, email, alwaysAuth }) { | ||
setCredentialsByURI (uri, { token, username, password, email }) { | ||
const nerfed = nerfDart(uri) | ||
@@ -618,9 +624,26 @@ const def = nerfDart(this.get('registry')) | ||
this.delete('username', 'user') | ||
this.delete('email', 'user') | ||
this.delete('_auth', 'user') | ||
this.delete('_authtoken', 'user') | ||
this.delete('-authtoken', 'user') | ||
this.delete('_authToken', 'user') | ||
} | ||
this.delete(`${nerfed}:-authtoken`) | ||
// email used to be nerfed always. if we're using the default | ||
// registry, de-nerf it. | ||
if (nerfed === def) { | ||
email = email || | ||
this.get('email', 'user') || | ||
this.get(`${nerfed}:email`, 'user') | ||
if (email) | ||
this.set('email', email, 'user') | ||
} | ||
// field that hasn't been used as documented for a LONG time, | ||
// and as of npm 7.10.0, isn't used at all. We just always | ||
// send auth if we have it, only to the URIs under the nerf dart. | ||
this.delete(`${nerfed}:always-auth`, 'user') | ||
this.delete(`${nerfed}:-authtoken`, 'user') | ||
this.delete(`${nerfed}:_authtoken`, 'user') | ||
this.delete(`${nerfed}:email`, 'user') | ||
if (token) { | ||
@@ -630,26 +653,13 @@ this.set(`${nerfed}:_authToken`, token, 'user') | ||
this.delete(`${nerfed}:username`, 'user') | ||
this.delete(`${nerfed}:email`, 'user') | ||
this.delete(`${nerfed}:always-auth`, 'user') | ||
} else if (username || password || email) { | ||
if (username || password) { | ||
if (!username) | ||
throw new Error('must include username') | ||
if (!password) | ||
throw new Error('must include password') | ||
} | ||
if (!email) | ||
throw new Error('must include email') | ||
} else if (username || password) { | ||
if (!username) | ||
throw new Error('must include username') | ||
if (!password) | ||
throw new Error('must include password') | ||
this.delete(`${nerfed}:_authToken`, 'user') | ||
if (username || password) { | ||
this.set(`${nerfed}:username`, username, 'user') | ||
// note: not encrypted, no idea why we bothered to do this, but oh well | ||
// protects against shoulder-hacks if password is memorable, I guess? | ||
const encoded = Buffer.from(password, 'utf8').toString('base64') | ||
this.set(`${nerfed}:_password`, encoded, 'user') | ||
} | ||
this.set(`${nerfed}:email`, email, 'user') | ||
if (alwaysAuth !== undefined) | ||
this.set(`${nerfed}:always-auth`, alwaysAuth, 'user') | ||
else | ||
this.delete(`${nerfed}:always-auth`, 'user') | ||
this.set(`${nerfed}:username`, username, 'user') | ||
// note: not encrypted, no idea why we bothered to do this, but oh well | ||
// protects against shoulder-hacks if password is memorable, I guess? | ||
const encoded = Buffer.from(password, 'utf8').toString('base64') | ||
this.set(`${nerfed}:_password`, encoded, 'user') | ||
} else { | ||
@@ -665,9 +675,2 @@ throw new Error('No credentials to set.') | ||
// you can set always-auth for a single registry, or as a default | ||
const alwaysAuthReg = this.get(`${nerfed}:always-auth`) | ||
if (alwaysAuthReg !== undefined) | ||
creds.alwaysAuth = !!alwaysAuthReg | ||
else | ||
creds.alwaysAuth = this.get('always-auth') | ||
const email = this.get(`${nerfed}:email`) || this.get('email') | ||
@@ -678,2 +681,3 @@ if (email) | ||
const tokenReg = this.get(`${nerfed}:_authToken`) || | ||
this.get(`${nerfed}:_authtoken`) || | ||
this.get(`${nerfed}:-authtoken`) || | ||
@@ -697,2 +701,12 @@ nerfed === nerfDart(this.get('registry')) && this.get('_authToken') | ||
const authReg = this.get(`${nerfed}:_auth`) | ||
if (authReg) { | ||
const authDecode = Buffer.from(authReg, 'base64').toString('utf8') | ||
const authSplit = authDecode.split(':') | ||
creds.username = authSplit.shift() | ||
creds.password = authSplit.join(':') | ||
creds.auth = authReg | ||
return creds | ||
} | ||
// at this point, we can only use the values if the URI is the | ||
@@ -699,0 +713,0 @@ // default registry. |
{ | ||
"name": "@npmcli/config", | ||
"version": "2.1.0", | ||
"version": "2.2.0", | ||
"files": [ | ||
@@ -27,3 +27,3 @@ "lib" | ||
"devDependencies": { | ||
"tap": "^14.10.8" | ||
"tap": "^15.0.4" | ||
}, | ||
@@ -30,0 +30,0 @@ "dependencies": { |
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
43986
952