From 1a2ba28a1c536d6e0839d87da0da1ef36418ac81 Mon Sep 17 00:00:00 2001 From: Rebecca Turner Date: Thu, 12 Jul 2018 19:07:06 -0700 Subject: [PATCH 1/2] npm-registry-client@8.6.0 Credit: @iarna --- node_modules/.gitignore | 4 +++ node_modules/npm-registry-client/CHANGELOG.md | 10 ++++++ .../npm-registry-client/lib/access.js | 14 ++++++++ .../npm-registry-client/lib/request.js | 35 +++++++++++++------ node_modules/npm-registry-client/package.json | 30 ++++++++-------- package-lock.json | 6 ++-- package.json | 2 +- 7 files changed, 70 insertions(+), 31 deletions(-) diff --git a/node_modules/.gitignore b/node_modules/.gitignore index 1de8ad6419413..6e3da2dda0006 100644 --- a/node_modules/.gitignore +++ b/node_modules/.gitignore @@ -1,6 +1,7 @@ ## Automatically generated dev dependency ignores /acorn /acorn-jsx +/ajv /ajv-keywords /ansi-escapes /argparse @@ -62,6 +63,8 @@ /esutils /events-to-array /external-editor +/fast-deep-equal +/fast-json-stable-stringify /fast-levenshtein /fbjs /figures @@ -97,6 +100,7 @@ /js-tokens /js-yaml /json +/json-schema-traverse /json-stable-stringify-without-jsonify /jsx-ast-utils /lcov-parse diff --git a/node_modules/npm-registry-client/CHANGELOG.md b/node_modules/npm-registry-client/CHANGELOG.md index bc74d3f0e88a5..138b3be2d9e5c 100644 --- a/node_modules/npm-registry-client/CHANGELOG.md +++ b/node_modules/npm-registry-client/CHANGELOG.md @@ -2,6 +2,16 @@ All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines. + +# [8.6.0](https://github.com/npm/npm-registry-client/compare/v8.5.1...v8.6.0) (2018-07-13) + + +### Features + +* **access:** Add support for npm access to set per-package 2fa requirements ([8b472d2](https://github.com/npm/npm-registry-client/commit/8b472d2)) + + + ## [8.5.1](https://github.com/npm/npm-registry-client/compare/v8.5.0...v8.5.1) (2018-03-08) diff --git a/node_modules/npm-registry-client/lib/access.js b/node_modules/npm-registry-client/lib/access.js index d8d65a9442a25..caa80b12191c1 100644 --- a/node_modules/npm-registry-client/lib/access.js +++ b/node_modules/npm-registry-client/lib/access.js @@ -16,6 +16,12 @@ subcommands.public = function (uri, params, cb) { subcommands.restricted = function (uri, params, cb) { return setAccess.call(this, 'restricted', uri, params, cb) } +subcommands['2fa-required'] = function (uri, params, cb) { + return setRequires2fa.call(this, true, uri, params, cb) +} +subcommands['2fa-not-required'] = function (uri, params, cb) { + return setRequires2fa.call(this, false, uri, params, cb) +} function setAccess (access, uri, params, cb) { return this.request(apiUri(uri, 'package', params.package, 'access'), { @@ -25,6 +31,14 @@ function setAccess (access, uri, params, cb) { }, cb) } +function setRequires2fa (requires2fa, uri, params, cb) { + return this.request(apiUri(uri, 'package', params.package, 'access'), { + method: 'POST', + auth: params.auth, + body: JSON.stringify({ publish_requires_tfa: requires2fa }) + }, cb) +} + subcommands.grant = function (uri, params, cb) { var reqUri = apiUri(uri, 'team', params.scope, params.team, 'package') return this.request(reqUri, { diff --git a/node_modules/npm-registry-client/lib/request.js b/node_modules/npm-registry-client/lib/request.js index 471546c1d29b8..5987bfa6fb0e4 100644 --- a/node_modules/npm-registry-client/lib/request.js +++ b/node_modules/npm-registry-client/lib/request.js @@ -289,13 +289,26 @@ function requestDone (method, where, cb) { } if (!parsed.error) { - er = makeError( - 'Registry returned ' + response.statusCode + - ' for ' + method + - ' on ' + where, - name, - response.statusCode - ) + if (response.statusCode === 401 && response.headers['www-authenticate']) { + const auth = response.headers['www-authenticate'].split(/,\s*/).map(s => s.toLowerCase()) + if (auth.indexOf('ipaddress') !== -1) { + er = makeError('Login is not allowed from your IP address', name, response.statusCode, 'EAUTHIP') + } else if (auth.indexOf('otp') !== -1) { + er = makeError('OTP required for this operation', name, response.statusCode, 'EOTP') + } else { + er = makeError('Unable to authenticate, need: ' + response.headers['www-authenticate'], name, response.statusCode, 'EAUTHUNKNOWN') + } + } else { + const msg = parsed.message ? ': ' + parsed.message : '' + er = makeError( + 'Registry returned ' + response.statusCode + + ' for ' + method + + ' on ' + where + + msg, + name, + response.statusCode + ) + } } else if (name && parsed.error === 'not_found') { er = makeError('404 Not Found: ' + name, name, response.statusCode) } else if (name && parsed.error === 'User not found') { @@ -312,12 +325,12 @@ function requestDone (method, where, cb) { }.bind(this) } -function makeError (message, name, code) { +function makeError (message, name, statusCode, code) { var er = new Error(message) if (name) er.pkgid = name - if (code) { - er.statusCode = code - er.code = 'E' + code + if (statusCode) { + er.statusCode = statusCode + er.code = code || 'E' + statusCode } return er } diff --git a/node_modules/npm-registry-client/package.json b/node_modules/npm-registry-client/package.json index 6058da582b930..277a1668b18e5 100644 --- a/node_modules/npm-registry-client/package.json +++ b/node_modules/npm-registry-client/package.json @@ -1,14 +1,8 @@ { - "_args": [ - [ - "npm-registry-client@8.5.1", - "/Users/rebecca/code/npm" - ] - ], - "_from": "npm-registry-client@8.5.1", - "_id": "npm-registry-client@8.5.1", + "_from": "npm-registry-client@8.6.0", + "_id": "npm-registry-client@8.6.0", "_inBundle": false, - "_integrity": "sha512-7rjGF2eA7hKDidGyEWmHTiKfXkbrcQAsGL/Rh4Rt3x3YNRNHhwaTzVJfW3aNvvlhg4G62VCluif0sLCb/i51Hg==", + "_integrity": "sha512-Qs6P6nnopig+Y8gbzpeN/dkt+n7IyVd8f45NTMotGk6Qo7GfBmzwYx6jRLoOOgKiMnaQfYxsuyQlD8Mc3guBhg==", "_location": "/npm-registry-client", "_phantomChildren": { "safe-buffer": "5.1.2" @@ -16,18 +10,20 @@ "_requested": { "type": "version", "registry": true, - "raw": "npm-registry-client@8.5.1", + "raw": "npm-registry-client@8.6.0", "name": "npm-registry-client", "escapedName": "npm-registry-client", - "rawSpec": "8.5.1", + "rawSpec": "8.6.0", "saveSpec": null, - "fetchSpec": "8.5.1" + "fetchSpec": "8.6.0" }, "_requiredBy": [ + "#USER", "/" ], - "_resolved": "https://registry.npmjs.org/npm-registry-client/-/npm-registry-client-8.5.1.tgz", - "_spec": "8.5.1", + "_resolved": "https://registry.npmjs.org/npm-registry-client/-/npm-registry-client-8.6.0.tgz", + "_shasum": "7f1529f91450732e89f8518e0f21459deea3e4c4", + "_spec": "npm-registry-client@8.6.0", "_where": "/Users/rebecca/code/npm", "author": { "name": "Isaac Z. Schlueter", @@ -37,6 +33,7 @@ "bugs": { "url": "https://github.com/npm/npm-registry-client/issues" }, + "bundleDependencies": false, "dependencies": { "concat-stream": "^1.5.2", "graceful-fs": "^4.1.6", @@ -51,6 +48,7 @@ "slide": "^1.1.3", "ssri": "^5.2.4" }, + "deprecated": false, "description": "Client for the npm registry", "devDependencies": { "negotiator": "^0.6.1", @@ -60,7 +58,7 @@ "rimraf": "^2.5.4", "standard": "^11.0.0", "standard-version": "^4.3.0", - "tap": "^11.1.2" + "tap": "^12.0.1" }, "files": [ "lib", @@ -83,5 +81,5 @@ "release": "standard-version -s", "test": "tap --nyc-arg=--all --coverage test/*.js" }, - "version": "8.5.1" + "version": "8.6.0" } diff --git a/package-lock.json b/package-lock.json index 2e9b08188d273..cb6b7ed973015 100644 --- a/package-lock.json +++ b/package-lock.json @@ -3189,9 +3189,9 @@ } }, "npm-registry-client": { - "version": "8.5.1", - "resolved": "https://registry.npmjs.org/npm-registry-client/-/npm-registry-client-8.5.1.tgz", - "integrity": "sha512-7rjGF2eA7hKDidGyEWmHTiKfXkbrcQAsGL/Rh4Rt3x3YNRNHhwaTzVJfW3aNvvlhg4G62VCluif0sLCb/i51Hg==", + "version": "8.6.0", + "resolved": "https://registry.npmjs.org/npm-registry-client/-/npm-registry-client-8.6.0.tgz", + "integrity": "sha512-Qs6P6nnopig+Y8gbzpeN/dkt+n7IyVd8f45NTMotGk6Qo7GfBmzwYx6jRLoOOgKiMnaQfYxsuyQlD8Mc3guBhg==", "requires": { "concat-stream": "^1.5.2", "graceful-fs": "^4.1.6", diff --git a/package.json b/package.json index 954ab3b3e9d01..d36ba2531c5be 100644 --- a/package.json +++ b/package.json @@ -97,7 +97,7 @@ "npm-packlist": "~1.1.10", "npm-pick-manifest": "^2.1.0", "npm-profile": "^3.0.2", - "npm-registry-client": "^8.5.1", + "npm-registry-client": "^8.6.0", "npm-registry-fetch": "^1.1.0", "npm-user-validate": "~1.0.0", "npmlog": "~4.1.2", From 573ca5058046a80f04c0014a545227f56089750e Mon Sep 17 00:00:00 2001 From: Rebecca Turner Date: Thu, 12 Jul 2018 18:24:31 -0700 Subject: [PATCH 2/2] access: Add support for requiring per-package 2fa Credit: @iarna PR-URL: https://github.com/npm/cli/pull/11 --- doc/cli/npm-access.md | 7 +++++++ lib/access.js | 30 ++++++++++++++++++++---------- 2 files changed, 27 insertions(+), 10 deletions(-) diff --git a/doc/cli/npm-access.md b/doc/cli/npm-access.md index bbccfc70937c7..96b780567e215 100644 --- a/doc/cli/npm-access.md +++ b/doc/cli/npm-access.md @@ -6,6 +6,9 @@ npm-access(1) -- Set access level on published packages npm access public [] npm access restricted [] + npm access 2fa-required [] + npm access 2fa-not-required [] + npm access grant [] npm access revoke [] @@ -24,6 +27,10 @@ subcommand. * public / restricted: Set a package to be either publicly accessible or restricted. +* 2fa-required / 2fa-not-required: + Set a package as requiring or not requiring that the publisher have two + factor authentication enabled on their account. + * grant / revoke: Add or remove the ability of users and teams to have read-only or read-write access to a package. diff --git a/lib/access.js b/lib/access.js index 164ea3b7d741a..450c8c335ede9 100644 --- a/lib/access.js +++ b/lib/access.js @@ -7,6 +7,9 @@ var readPackageJson = require('read-package-json') var mapToRegistry = require('./utils/map-to-registry.js') var npm = require('./npm.js') var output = require('./utils/output.js') +const readUserInfo = require('./utils/read-user-info.js') +const Bluebird = require('bluebird') +const registryAccess = Bluebird.promisify(npm.registry.access.bind(npm.registry)) var whoami = require('./whoami') @@ -17,6 +20,8 @@ access.usage = 'npm access restricted []\n' + 'npm access grant []\n' + 'npm access revoke []\n' + + 'npm access 2fa-required \n' + + 'npm access 2fa-not-required \n' + 'npm access ls-packages [||]\n' + 'npm access ls-collaborators [ []]\n' + 'npm access edit []' @@ -61,17 +66,22 @@ function access (args, cb) { function invokeCmd (err, uri, auth, base) { if (err) { return cb(err) } - params.auth = auth - try { - return npm.registry.access(cmd, uri, params, function (err, data) { - if (!err && data) { - output(JSON.stringify(data, undefined, 2)) - } - cb(err, data) + return Bluebird.try(() => { + params.auth = auth + try { + return registryAccess(cmd, uri, params) + } catch (err) { + throw err.message + '\n\nUsage:\n' + access.usage + } + }).catch(err => { + if (err.code !== 'EOTP') throw err + return readUserInfo.otp('Enter OTP: ').then(otp => { + params.auth.otp = otp + return registryAccess(cmd, uri, params) }) - } catch (e) { - cb(e.message + '\n\nUsage:\n' + access.usage) - } + }).then(data => { + return output(data ? JSON.stringify(data, undefined, 2) : '"ok"') + }).asCallback(cb) } }