mirror of
https://github.com/pnpm/pnpm.git
synced 2026-04-27 18:46:18 -04:00
45a6cb6b2a
Replaces the dual `authConfig` (raw .npmrc) + `authInfos` (parsed auth) + `sslConfigs` (parsed SSL) pattern with a single structured `configByUri: Record<string, RegistryConfig>` field on Config.
### New types (`@pnpm/types`)
- **`RegistryConfig`** — per-registry config: `{ creds?: Creds, tls?: TlsConfig }`
- **`Creds`** — auth credentials: `{ authToken?, basicAuth?, tokenHelper? }`
- **`TlsConfig`** — TLS config: `{ cert?, key?, ca? }`
### Key changes
- Rewrite `createGetAuthHeaderByURI` to accept `Record<string, RegistryConfig>` instead of raw .npmrc key-value pairs
- Eliminate duplicate auth parsing between `getAuthHeadersFromConfig` and `getNetworkConfigs`
- Remove `authConfig` from the install pipeline (`StrictInstallOptions`, `HeadlessOptions`), replaced by `configByUri`
- Remove `sslConfigs` from Config — SSL fields now live in `configByUri[uri].tls`
- Remove `authConfig['registry']` mutation in `extendInstallOptions` (default registry now passed directly to `createGetAuthHeaderByURI`)
- `authConfig` remains on Config only for raw .npmrc access (config commands, error reporting, config inheritance)
### Security
- tokenHelper in project .npmrc now throws instead of being silently stripped
- tokenHelper execution uses `shell: false` to prevent shell metacharacter injection
- Basic auth uses `Buffer.from().toString('base64')` instead of `btoa()` for Unicode safety
- Dispatcher only creates custom agents when entries actually have TLS fields
259 lines
6.9 KiB
TypeScript
259 lines
6.9 KiB
TypeScript
import path from 'node:path'
|
|
|
|
import { addDependenciesToPackage, install } from '@pnpm/installing.deps-installer'
|
|
import { prepareEmpty } from '@pnpm/prepare'
|
|
import { addUser, REGISTRY_MOCK_PORT } from '@pnpm/registry-mock'
|
|
import type { RegistryConfig } from '@pnpm/types'
|
|
import { rimrafSync } from '@zkochan/rimraf'
|
|
|
|
import { testDefaults } from '../utils/index.js'
|
|
|
|
const skipOnNode17 = ['v14', 'v16'].includes(process.version.split('.')[0]) ? test : test.skip
|
|
|
|
test('a package that need authentication', async () => {
|
|
const project = prepareEmpty()
|
|
|
|
const data = await addUser({
|
|
email: 'foo@bar.com',
|
|
password: 'bar',
|
|
username: 'foo',
|
|
})
|
|
|
|
let configByUri: Record<string, RegistryConfig> = {
|
|
[`//localhost:${REGISTRY_MOCK_PORT}/`]: { creds: { authToken: data.token } },
|
|
}
|
|
const { updatedManifest: manifest } = await addDependenciesToPackage({}, ['@pnpm.e2e/needs-auth'], testDefaults({}, {
|
|
configByUri,
|
|
}, {
|
|
configByUri,
|
|
}))
|
|
|
|
project.has('@pnpm.e2e/needs-auth')
|
|
|
|
// should work when a lockfile is available
|
|
// and the registry in .npmrc is not the same as the one in lockfile
|
|
rimrafSync('node_modules')
|
|
rimrafSync(path.join('..', '.store'))
|
|
|
|
configByUri = {
|
|
[`//localhost:${REGISTRY_MOCK_PORT}/`]: { creds: { authToken: data.token } },
|
|
}
|
|
await addDependenciesToPackage(manifest, ['@pnpm.e2e/needs-auth'], testDefaults({}, {
|
|
configByUri,
|
|
registry: 'https://registry.npmjs.org/',
|
|
}, {
|
|
configByUri,
|
|
}))
|
|
|
|
project.has('@pnpm.e2e/needs-auth')
|
|
})
|
|
|
|
test('installing a package that need authentication, using password', async () => {
|
|
const project = prepareEmpty()
|
|
|
|
await addUser({
|
|
email: 'foo@bar.com',
|
|
password: 'bar',
|
|
username: 'foo',
|
|
})
|
|
|
|
const configByUri: Record<string, RegistryConfig> = {
|
|
[`//localhost:${REGISTRY_MOCK_PORT}/`]: { creds: { basicAuth: { username: 'foo', password: 'bar' } } },
|
|
}
|
|
await addDependenciesToPackage({}, ['@pnpm.e2e/needs-auth'], testDefaults({}, {
|
|
configByUri,
|
|
}, {
|
|
configByUri,
|
|
}))
|
|
|
|
project.has('@pnpm.e2e/needs-auth')
|
|
})
|
|
|
|
test('a package that need authentication, legacy way', async () => {
|
|
const project = prepareEmpty()
|
|
|
|
await addUser({
|
|
email: 'foo@bar.com',
|
|
password: 'bar',
|
|
username: 'foo',
|
|
})
|
|
|
|
const configByUri: Record<string, RegistryConfig> = {
|
|
'': { creds: { basicAuth: { username: 'foo', password: 'bar' } } },
|
|
}
|
|
await addDependenciesToPackage({}, ['@pnpm.e2e/needs-auth'], testDefaults({}, {
|
|
configByUri,
|
|
}, {
|
|
configByUri,
|
|
}))
|
|
|
|
project.has('@pnpm.e2e/needs-auth')
|
|
})
|
|
|
|
test('a scoped package that need authentication specific to scope', async () => {
|
|
const project = prepareEmpty()
|
|
|
|
const data = await addUser({
|
|
email: 'foo@bar.com',
|
|
password: 'bar',
|
|
username: 'foo',
|
|
})
|
|
|
|
const configByUri: Record<string, RegistryConfig> = {
|
|
[`//localhost:${REGISTRY_MOCK_PORT}/`]: { creds: { authToken: data.token } },
|
|
}
|
|
let opts = testDefaults({
|
|
registries: {
|
|
default: 'https://registry.npmjs.org/',
|
|
'@private': `http://localhost:${REGISTRY_MOCK_PORT}/`,
|
|
},
|
|
}, {
|
|
configByUri,
|
|
registry: 'https://registry.npmjs.org/',
|
|
}, {
|
|
configByUri,
|
|
})
|
|
const { updatedManifest: manifest } = await addDependenciesToPackage({}, ['@private/foo'], opts)
|
|
|
|
project.has('@private/foo')
|
|
|
|
// should work when a lockfile is available
|
|
rimrafSync('node_modules')
|
|
rimrafSync(path.join('..', '.store'))
|
|
|
|
// Recreating options to have a new storeController with clean cache
|
|
opts = testDefaults({
|
|
registries: {
|
|
default: 'https://registry.npmjs.org/',
|
|
'@private': `http://localhost:${REGISTRY_MOCK_PORT}/`,
|
|
},
|
|
}, {
|
|
configByUri,
|
|
registry: 'https://registry.npmjs.org/',
|
|
}, {
|
|
configByUri,
|
|
})
|
|
await addDependenciesToPackage(manifest, ['@private/foo'], opts)
|
|
|
|
project.has('@private/foo')
|
|
})
|
|
|
|
test('a scoped package that need legacy authentication specific to scope', async () => {
|
|
const project = prepareEmpty()
|
|
|
|
await addUser({
|
|
email: 'foo@bar.com',
|
|
password: 'bar',
|
|
username: 'foo',
|
|
})
|
|
|
|
const configByUri: Record<string, RegistryConfig> = {
|
|
[`//localhost:${REGISTRY_MOCK_PORT}/`]: { creds: { basicAuth: { username: 'foo', password: 'bar' } } },
|
|
}
|
|
let opts = testDefaults({
|
|
registries: {
|
|
default: 'https://registry.npmjs.org/',
|
|
'@private': `http://localhost:${REGISTRY_MOCK_PORT}/`,
|
|
},
|
|
}, {
|
|
configByUri,
|
|
registry: 'https://registry.npmjs.org/',
|
|
}, {
|
|
configByUri,
|
|
})
|
|
const { updatedManifest: manifest } = await addDependenciesToPackage({}, ['@private/foo'], opts)
|
|
|
|
project.has('@private/foo')
|
|
|
|
// should work when a lockfile is available
|
|
rimrafSync('node_modules')
|
|
rimrafSync(path.join('..', '.store'))
|
|
|
|
// Recreating options to have a new storeController with clean cache
|
|
opts = testDefaults({
|
|
registries: {
|
|
default: 'https://registry.npmjs.org/',
|
|
'@private': `http://localhost:${REGISTRY_MOCK_PORT}/`,
|
|
},
|
|
}, {
|
|
configByUri,
|
|
registry: 'https://registry.npmjs.org/',
|
|
}, {
|
|
configByUri,
|
|
})
|
|
await addDependenciesToPackage(manifest, ['@private/foo'], opts)
|
|
|
|
project.has('@private/foo')
|
|
})
|
|
|
|
skipOnNode17('a package that need authentication reuses authorization tokens for tarball fetching', async () => {
|
|
const project = prepareEmpty()
|
|
|
|
const data = await addUser({
|
|
email: 'foo@bar.com',
|
|
password: 'bar',
|
|
username: 'foo',
|
|
})
|
|
|
|
const configByUri: Record<string, RegistryConfig> = {
|
|
[`//127.0.0.1:${REGISTRY_MOCK_PORT}/`]: { creds: { authToken: data.token } },
|
|
}
|
|
await addDependenciesToPackage({}, ['@pnpm.e2e/needs-auth'], testDefaults({
|
|
registries: {
|
|
default: `http://127.0.0.1:${REGISTRY_MOCK_PORT}`,
|
|
},
|
|
}, {
|
|
configByUri,
|
|
registry: `http://127.0.0.1:${REGISTRY_MOCK_PORT}`,
|
|
}, {
|
|
configByUri,
|
|
}))
|
|
|
|
project.has('@pnpm.e2e/needs-auth')
|
|
})
|
|
|
|
skipOnNode17('a package that need authentication reuses authorization tokens for tarball fetching when meta info is cached', async () => {
|
|
const project = prepareEmpty()
|
|
|
|
const data = await addUser({
|
|
email: 'foo@bar.com',
|
|
password: 'bar',
|
|
username: 'foo',
|
|
})
|
|
|
|
const configByUri: Record<string, RegistryConfig> = {
|
|
[`//127.0.0.1:${REGISTRY_MOCK_PORT}/`]: { creds: { authToken: data.token } },
|
|
}
|
|
let opts = testDefaults({
|
|
registries: {
|
|
default: `http://127.0.0.1:${REGISTRY_MOCK_PORT}`,
|
|
},
|
|
}, {
|
|
configByUri,
|
|
registry: `http://127.0.0.1:${REGISTRY_MOCK_PORT}`,
|
|
}, {
|
|
configByUri,
|
|
})
|
|
|
|
const { updatedManifest: manifest } = await addDependenciesToPackage({}, ['@pnpm.e2e/needs-auth'], opts)
|
|
|
|
rimrafSync('node_modules')
|
|
rimrafSync(path.join('..', '.registry'))
|
|
rimrafSync(path.join('..', '.store'))
|
|
|
|
// Recreating options to clean store cache
|
|
opts = testDefaults({
|
|
registries: {
|
|
default: `http://127.0.0.1:${REGISTRY_MOCK_PORT}`,
|
|
},
|
|
}, {
|
|
configByUri,
|
|
registry: `http://127.0.0.1:${REGISTRY_MOCK_PORT}`,
|
|
}, {
|
|
configByUri,
|
|
})
|
|
await install(manifest, opts)
|
|
|
|
project.has('@pnpm.e2e/needs-auth')
|
|
})
|