diff options
| author | Marvin Hagemeister <marvin@deno.com> | 2024-10-28 12:08:51 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2024-10-28 12:08:51 +0100 |
| commit | 5389972ba5037b1ed48da11506f6798deec2b48e (patch) | |
| tree | 1b6616ed84b041e95fb8313233d9b7df1dfb3ed1 | |
| parent | 3a306c450ce99067c4322720792d909afaf78841 (diff) | |
fix(npm): match npm bearer token generation (#26544)
Spend some time stepping through the npm client code and noticed that
the bearer token was different from ours. They do some double encoding
and @dsherret helped me in matching the encoding behavior.
Fixes https://github.com/denoland/deno/issues/26033
| -rw-r--r-- | cli/npm/common.rs | 23 | ||||
| -rw-r--r-- | tests/specs/npm/npmrc_username_password/.npmrc | 6 |
2 files changed, 18 insertions, 11 deletions
diff --git a/cli/npm/common.rs b/cli/npm/common.rs index de282310a..55f1bc086 100644 --- a/cli/npm/common.rs +++ b/cli/npm/common.rs @@ -3,6 +3,7 @@ use base64::prelude::BASE64_STANDARD; use base64::Engine; use deno_core::anyhow::bail; +use deno_core::anyhow::Context; use deno_core::error::AnyError; use deno_npm::npm_rc::RegistryConfig; use http::header; @@ -36,17 +37,21 @@ pub fn maybe_auth_header_for_npm_registry( } if username.is_some() && password.is_some() { + // The npm client does some double encoding when generating the + // bearer token value, see + // https://github.com/npm/cli/blob/780afc50e3a345feb1871a28e33fa48235bc3bd5/workspaces/config/lib/index.js#L846-L851 + let pw_base64 = BASE64_STANDARD + .decode(password.unwrap()) + .with_context(|| "The password in npmrc is an invalid base64 string")?; + let bearer = BASE64_STANDARD.encode(format!( + "{}:{}", + username.unwrap(), + String::from_utf8_lossy(&pw_base64) + )); + return Ok(Some(( header::AUTHORIZATION, - header::HeaderValue::from_str(&format!( - "Basic {}", - BASE64_STANDARD.encode(format!( - "{}:{}", - username.unwrap(), - password.unwrap() - )) - )) - .unwrap(), + header::HeaderValue::from_str(&format!("Basic {}", bearer)).unwrap(), ))); } diff --git a/tests/specs/npm/npmrc_username_password/.npmrc b/tests/specs/npm/npmrc_username_password/.npmrc index c318678ae..9e1ded96a 100644 --- a/tests/specs/npm/npmrc_username_password/.npmrc +++ b/tests/specs/npm/npmrc_username_password/.npmrc @@ -1,6 +1,8 @@ @denotest:registry=http://localhost:4261/ //localhost:4261/:username=deno -//localhost:4261/:_password=land +# base64 of land +//localhost:4261/:_password=bGFuZA== @denotest2:registry=http://localhost:4262/ //localhost:4262/:username=deno -//localhost:4262/:_password=land2 +# base64 of land2 +//localhost:4262/:_password=bGFuZDI= |