From 4e7afec90cd4f54329a23fe6b165c2159bc75e79 Mon Sep 17 00:00:00 2001
From: Zoltan Kochan <z@kochan.io>
Date: Fri, 23 Jun 2023 12:30:04 +0300
Subject: [PATCH] fix: searching for auth token for URL with port (#6708)

close #6354
---
 .changeset/quiet-oranges-end.md                |  6 ++++++
 network/auth-header/src/index.ts               | 14 +++++++++++++-
 network/auth-header/test/getAuthHeaderByURI.ts |  3 +++
 3 files changed, 22 insertions(+), 1 deletion(-)
 create mode 100644 .changeset/quiet-oranges-end.md

diff --git a/.changeset/quiet-oranges-end.md b/.changeset/quiet-oranges-end.md
new file mode 100644
index 0000000000..e0dffdeb10
--- /dev/null
+++ b/.changeset/quiet-oranges-end.md
@@ -0,0 +1,6 @@
+---
+"@pnpm/network.auth-header": patch
+"pnpm": patch
+---
+
+Ignore the port in the URL, while searching for authentication token in the `.npmrc` file [#6354](https://github.com/pnpm/pnpm/issues/6354).
diff --git a/network/auth-header/src/index.ts b/network/auth-header/src/index.ts
index 5ea73ea490..a2ef6aefb0 100644
--- a/network/auth-header/src/index.ts
+++ b/network/auth-header/src/index.ts
@@ -1,4 +1,5 @@
 import nerfDart from 'nerf-dart'
+import { URL } from 'url'
 import { getAuthHeadersFromConfig } from './getAuthHeadersFromConfig'
 
 export function createGetAuthHeaderByURI (
@@ -22,12 +23,23 @@ function getMaxParts (uris: string[]) {
   }, 0)
 }
 
-function getAuthHeaderByURI (authHeaders: Record<string, string>, maxParts: number, uri: string) {
+function getAuthHeaderByURI (authHeaders: Record<string, string>, maxParts: number, uri: string): string | undefined {
   const nerfed = nerfDart(uri)
   const parts = nerfed.split('/')
   for (let i = Math.min(parts.length, maxParts) - 1; i >= 3; i--) {
     const key = `${parts.slice(0, i).join('/')}/` // eslint-disable-line
     if (authHeaders[key]) return authHeaders[key]
   }
+  const urlWithoutPort = removePort(uri)
+  if (urlWithoutPort !== uri) {
+    return getAuthHeaderByURI(authHeaders, maxParts, urlWithoutPort)
+  }
   return undefined
 }
+
+function removePort (originalUrl: string) {
+  const urlObj = new URL(originalUrl)
+  if (urlObj.port === '') return originalUrl
+  const newUrlObj = new URL(`${urlObj.protocol}//${urlObj.hostname}${urlObj.pathname}${urlObj.search}${urlObj.hash}`)
+  return newUrlObj.toString()
+}
diff --git a/network/auth-header/test/getAuthHeaderByURI.ts b/network/auth-header/test/getAuthHeaderByURI.ts
index c656ef7bd9..af891b0905 100644
--- a/network/auth-header/test/getAuthHeaderByURI.ts
+++ b/network/auth-header/test/getAuthHeaderByURI.ts
@@ -5,13 +5,16 @@ test('getAuthHeaderByURI()', () => {
     allSettings: {
       '//reg.com/:_authToken': 'abc123',
       '//reg.co/tarballs/:_authToken': 'xxx',
+      '//reg.gg:8888/:_authToken': '0000',
     },
     userSettings: {},
   })
   expect(getAuthHeaderByURI('https://reg.com/')).toBe('Bearer abc123')
   expect(getAuthHeaderByURI('https://reg.com/foo/-/foo-1.0.0.tgz')).toBe('Bearer abc123')
+  expect(getAuthHeaderByURI('https://reg.com:8080/foo/-/foo-1.0.0.tgz')).toBe('Bearer abc123')
   expect(getAuthHeaderByURI('https://reg.io/foo/-/foo-1.0.0.tgz')).toBe(undefined)
   expect(getAuthHeaderByURI('https://reg.co/tarballs/foo/-/foo-1.0.0.tgz')).toBe('Bearer xxx')
+  expect(getAuthHeaderByURI('https://reg.gg:8888/foo/-/foo-1.0.0.tgz')).toBe('Bearer 0000')
 })
 
 test('returns undefined when the auth header is not found', () => {