diff options
| author | Jon Jensen <jenseng@gmail.com> | 2022-07-20 21:29:07 +0300 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-07-20 21:29:07 +0300 |
| commit | 5ef53eedad2871a32611f47001e1c9ca9b813c07 (patch) | |
| tree | d963581a8906f6d5333e120d78339a3640329ab8 /test | |
| parent | 51b12a085e087609c99befccfd6a98ef8a9919d0 (diff) | |
feat: accept registry-scoped certfile and keyfile as credentials (#5160)
Closes #4765
RFC: https://github.com/npm/rfcs/pull/591
While this doesn't directly allow top-level cert/key as credentials (per the
original issue), it's a more targeted/secure approach that accomplishes the
same end-result; the new options are scoped to a specific registry, and the
actual cert/key contents are much less likely to be exposed. See the RFC for
more context.
Depends on:
* https://github.com/npm/npm-registry-fetch/pull/125
* https://github.com/npm/config/pull/69
Diffstat (limited to 'test')
| -rw-r--r-- | test/lib/commands/publish.js | 31 | ||||
| -rw-r--r-- | test/lib/commands/whoami.js | 14 |
2 files changed, 44 insertions, 1 deletions
diff --git a/test/lib/commands/publish.js b/test/lib/commands/publish.js index 3cbe96238..16b79df53 100644 --- a/test/lib/commands/publish.js +++ b/test/lib/commands/publish.js @@ -327,7 +327,7 @@ t.test('no auth for scope configured registry', async t => { ) }) -t.test('has auth for scope configured registry', async t => { +t.test('has token auth for scope configured registry', async t => { const spec = npa('@npm/test-package') const { npm, joinedOutput } = await loadMockNpm(t, { config: { @@ -356,6 +356,35 @@ t.test('has auth for scope configured registry', async t => { t.matchSnapshot(joinedOutput(), 'new package version') }) +t.test('has mTLS auth for scope configured registry', async t => { + const spec = npa('@npm/test-package') + const { npm, joinedOutput } = await loadMockNpm(t, { + config: { + '@npm:registry': alternateRegistry, + [`${alternateRegistry.slice(6)}/:certfile`]: '/some.cert', + [`${alternateRegistry.slice(6)}/:keyfile`]: '/some.key', + }, + prefixDir: { + 'package.json': JSON.stringify({ + name: '@npm/test-package', + version: '1.0.0', + }, null, 2), + }, + globals: ({ prefix }) => ({ + 'process.cwd': () => prefix, + }), + }) + const registry = new MockRegistry({ + tap: t, + registry: alternateRegistry, + }) + registry.nock.put(`/${spec.escapedName}`, body => { + return t.match(body, { name: '@npm/test-package' }) + }).reply(200, {}) + await npm.exec('publish', []) + t.matchSnapshot(joinedOutput(), 'new package version') +}) + t.test('workspaces', t => { const dir = { 'package.json': JSON.stringify( diff --git a/test/lib/commands/whoami.js b/test/lib/commands/whoami.js index ad7c22388..d63b49015 100644 --- a/test/lib/commands/whoami.js +++ b/test/lib/commands/whoami.js @@ -34,6 +34,20 @@ t.test('npm whoami --json', async t => { t.equal(JSON.parse(joinedOutput()), username, 'should print username') }) +t.test('npm whoami using mTLS', async t => { + const { npm, joinedOutput } = await loadMockNpm(t, { config: { + '//registry.npmjs.org/:certfile': '/some.cert', + '//registry.npmjs.org/:keyfile': '/some.key', + } }) + const registry = new MockRegistry({ + tap: t, + registry: npm.config.get('registry'), + }) + registry.whoami({ username }) + await npm.exec('whoami', []) + t.equal(joinedOutput(), username, 'should print username') +}) + t.test('credentials from token', async t => { const { npm, joinedOutput } = await loadMockNpm(t, { config: { |