diff options
author | Jon Jensen <jenseng@gmail.com> | 2022-07-20 21:29:07 +0300 |
---|---|---|
committer | GitHub <noreply@github.com> | 2022-07-20 21:29:07 +0300 |
commit | 5ef53eedad2871a32611f47001e1c9ca9b813c07 (patch) | |
tree | d963581a8906f6d5333e120d78339a3640329ab8 /lib/utils | |
parent | 51b12a085e087609c99befccfd6a98ef8a9919d0 (diff) |
feat: accept registry-scoped certfile and keyfile as credentials (#5160)
Closes #4765
RFC: https://github.com/npm/rfcs/pull/591
While this doesn't directly allow top-level cert/key as credentials (per the
original issue), it's a more targeted/secure approach that accomplishes the
same end-result; the new options are scoped to a specific registry, and the
actual cert/key contents are much less likely to be exposed. See the RFC for
more context.
Depends on:
* https://github.com/npm/npm-registry-fetch/pull/125
* https://github.com/npm/config/pull/69
Diffstat (limited to 'lib/utils')
-rw-r--r-- | lib/utils/config/definitions.js | 7 | ||||
-rw-r--r-- | lib/utils/get-identity.js | 4 |
2 files changed, 6 insertions, 5 deletions
diff --git a/lib/utils/config/definitions.js b/lib/utils/config/definitions.js index 665ed1efe..7d6af2473 100644 --- a/lib/utils/config/definitions.js +++ b/lib/utils/config/definitions.js @@ -436,8 +436,8 @@ define('cert', { cert="-----BEGIN CERTIFICATE-----\\nXXXX\\nXXXX\\n-----END CERTIFICATE-----" \`\`\` - It is _not_ the path to a certificate file (and there is no "certfile" - option). + It is _not_ the path to a certificate file, though you can set a registry-scoped + "certfile" path like "//other-registry.tld/:certfile=/path/to/cert.pem". `, flatten, }) @@ -1118,7 +1118,8 @@ define('key', { key="-----BEGIN PRIVATE KEY-----\\nXXXX\\nXXXX\\n-----END PRIVATE KEY-----" \`\`\` - It is _not_ the path to a key file (and there is no "keyfile" option). + It is _not_ the path to a key file, though you can set a registry-scoped + "keyfile" path like "//other-registry.tld/:keyfile=/path/to/key.pem". `, flatten, }) diff --git a/lib/utils/get-identity.js b/lib/utils/get-identity.js index f4aedb89b..41d882473 100644 --- a/lib/utils/get-identity.js +++ b/lib/utils/get-identity.js @@ -9,8 +9,8 @@ module.exports = async (npm, opts) => { return creds.username } - // No username, but we have a token; fetch the username from registry - if (creds.token) { + // No username, but we have other credentials; fetch the username from registry + if (creds.token || creds.certfile && creds.keyfile) { const registryData = await npmFetch.json('/-/whoami', { ...opts }) return registryData.username } |