From ef69d362fa81640ac3ca60a6e01921c17f7a76cb Mon Sep 17 00:00:00 2001 From: Gar Date: Tue, 10 Oct 2023 10:11:17 -0700 Subject: [PATCH] deps: npm-registry-fetch@16.1.0 --- node_modules/npm-registry-fetch/lib/auth.js | 64 +++++++++++++++----- node_modules/npm-registry-fetch/lib/index.js | 2 + node_modules/npm-registry-fetch/package.json | 14 ++--- package-lock.json | 8 +-- package.json | 2 +- 5 files changed, 61 insertions(+), 29 deletions(-) diff --git a/node_modules/npm-registry-fetch/lib/auth.js b/node_modules/npm-registry-fetch/lib/auth.js index 870ce0d923cd0..9270025fa8d90 100644 --- a/node_modules/npm-registry-fetch/lib/auth.js +++ b/node_modules/npm-registry-fetch/lib/auth.js @@ -4,8 +4,8 @@ const npa = require('npm-package-arg') const { URL } = require('url') // Find the longest registry key that is used for some kind of auth -// in the options. -const regKeyFromURI = (uri, opts) => { +// in the options. Returns the registry key and the auth config. +const regFromURI = (uri, opts) => { const parsed = new URL(uri) // try to find a config key indicating we have auth for this registry // can be one of :_authToken, :_auth, :_password and :username, or @@ -14,23 +14,40 @@ const regKeyFromURI = (uri, opts) => { // stopping when we reach '//'. let regKey = `//${parsed.host}${parsed.pathname}` while (regKey.length > '//'.length) { + const authKey = hasAuth(regKey, opts) // got some auth for this URI - if (hasAuth(regKey, opts)) { - return regKey + if (authKey) { + return { regKey, authKey } } // can be either //host/some/path/:_auth or //host/some/path:_auth // walk up by removing EITHER what's after the slash OR the slash itself regKey = regKey.replace(/([^/]+|\/)$/, '') } + return { regKey: false, authKey: null } } -const hasAuth = (regKey, opts) => ( - opts[`${regKey}:_authToken`] || - opts[`${regKey}:_auth`] || - opts[`${regKey}:username`] && opts[`${regKey}:_password`] || - opts[`${regKey}:certfile`] && opts[`${regKey}:keyfile`] -) +// Not only do we want to know if there is auth, but if we are calling `npm +// logout` we want to know what config value specifically provided it. This is +// so we can look up where the config came from to delete it (i.e. user vs +// project) +const hasAuth = (regKey, opts) => { + if (opts[`${regKey}:_authToken`]) { + return '_authToken' + } + if (opts[`${regKey}:_auth`]) { + return '_auth' + } + if (opts[`${regKey}:username`] && opts[`${regKey}:_password`]) { + // 'password' can be inferred to also be present + return 'username' + } + if (opts[`${regKey}:certfile`] && opts[`${regKey}:keyfile`]) { + // 'keyfile' can be inferred to also be present + return 'certfile' + } + return false +} const sameHost = (a, b) => { const parsedA = new URL(a) @@ -63,11 +80,14 @@ const getAuth = (uri, opts = {}) => { if (!uri) { throw new Error('URI is required') } - const regKey = regKeyFromURI(uri, forceAuth || opts) + const { regKey, authKey } = regFromURI(uri, forceAuth || opts) // we are only allowed to use what's in forceAuth if specified if (forceAuth && !regKey) { return new Auth({ + // if we force auth we don't want to refer back to anything in config + regKey: false, + authKey: null, scopeAuthKey: null, token: forceAuth._authToken || forceAuth.token, username: forceAuth.username, @@ -88,8 +108,8 @@ const getAuth = (uri, opts = {}) => { // registry where we logged in, but the same auth SHOULD be sent // to that artifact host, then we track where it was coming in from, // and warn the user if we get a 4xx error on it. - const scopeAuthKey = regKeyFromURI(registry, opts) - return new Auth({ scopeAuthKey }) + const { regKey: scopeAuthKey, authKey: _authKey } = regFromURI(registry, opts) + return new Auth({ scopeAuthKey, regKey: scopeAuthKey, authKey: _authKey }) } } @@ -104,6 +124,8 @@ const getAuth = (uri, opts = {}) => { return new Auth({ scopeAuthKey: null, + regKey, + authKey, token, auth, username, @@ -114,8 +136,22 @@ const getAuth = (uri, opts = {}) => { } class Auth { - constructor ({ token, auth, username, password, scopeAuthKey, certfile, keyfile }) { + constructor ({ + token, + auth, + username, + password, + scopeAuthKey, + certfile, + keyfile, + regKey, + authKey, + }) { + // same as regKey but only present for scoped auth. Should have been named scopeRegKey this.scopeAuthKey = scopeAuthKey + // `${regKey}:${authKey}` will get you back to the auth config that gave us auth + this.regKey = regKey + this.authKey = authKey this.token = null this.auth = null this.isBasicAuth = false diff --git a/node_modules/npm-registry-fetch/lib/index.js b/node_modules/npm-registry-fetch/lib/index.js index 23e349c5c5b96..bb413f862d92d 100644 --- a/node_modules/npm-registry-fetch/lib/index.js +++ b/node_modules/npm-registry-fetch/lib/index.js @@ -166,6 +166,8 @@ function regFetch (uri, /* istanbul ignore next */ opts_ = {}) { return Promise.resolve(body).then(doFetch) } +module.exports.getAuth = getAuth + module.exports.json = fetchJSON function fetchJSON (uri, opts) { return regFetch(uri, opts).then(res => res.json()) diff --git a/node_modules/npm-registry-fetch/package.json b/node_modules/npm-registry-fetch/package.json index 2afadf939743b..b715d52391a93 100644 --- a/node_modules/npm-registry-fetch/package.json +++ b/node_modules/npm-registry-fetch/package.json @@ -1,6 +1,6 @@ { "name": "npm-registry-fetch", - "version": "16.0.0", + "version": "16.1.0", "description": "Fetch-based http client for use with npm registry APIs", "main": "lib", "files": [ @@ -41,7 +41,7 @@ }, "devDependencies": { "@npmcli/eslint-config": "^4.0.0", - "@npmcli/template-oss": "4.18.0", + "@npmcli/template-oss": "4.19.0", "cacache": "^18.0.0", "nock": "^13.2.4", "require-inject": "^1.4.4", @@ -61,13 +61,7 @@ }, "templateOSS": { "//@npmcli/template-oss": "This file is partially managed by @npmcli/template-oss. Edits may be overwritten.", - "version": "4.18.0", - "publish": "true", - "ciVersions": [ - "16.14.0", - "16.x", - "18.0.0", - "18.x" - ] + "version": "4.19.0", + "publish": "true" } } diff --git a/package-lock.json b/package-lock.json index 258e33a845159..dd69e0cb8ea0d 100644 --- a/package-lock.json +++ b/package-lock.json @@ -139,7 +139,7 @@ "npm-package-arg": "^11.0.1", "npm-pick-manifest": "^9.0.0", "npm-profile": "^9.0.0", - "npm-registry-fetch": "^16.0.0", + "npm-registry-fetch": "^16.1.0", "npm-user-validate": "^2.0.0", "npmlog": "^7.0.1", "p-map": "^4.0.0", @@ -10927,9 +10927,9 @@ } }, "node_modules/npm-registry-fetch": { - "version": "16.0.0", - "resolved": "https://registry.npmjs.org/npm-registry-fetch/-/npm-registry-fetch-16.0.0.tgz", - "integrity": "sha512-JFCpAPUpvpwfSydv99u85yhP68rNIxSFmDpNbNnRWKSe3gpjHnWL8v320gATwRzjtgmZ9Jfe37+ZPOLZPwz6BQ==", + "version": "16.1.0", + "resolved": "https://registry.npmjs.org/npm-registry-fetch/-/npm-registry-fetch-16.1.0.tgz", + "integrity": "sha512-PQCELXKt8Azvxnt5Y85GseQDJJlglTFM9L9U9gkv2y4e9s0k3GVDdOx3YoB6gm2Do0hlkzC39iCGXby+Wve1Bw==", "inBundle": true, "dependencies": { "make-fetch-happen": "^13.0.0", diff --git a/package.json b/package.json index 65b7e776d822f..9e4c9aafa54ab 100644 --- a/package.json +++ b/package.json @@ -101,7 +101,7 @@ "npm-package-arg": "^11.0.1", "npm-pick-manifest": "^9.0.0", "npm-profile": "^9.0.0", - "npm-registry-fetch": "^16.0.0", + "npm-registry-fetch": "^16.1.0", "npm-user-validate": "^2.0.0", "npmlog": "^7.0.1", "p-map": "^4.0.0",