summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--cli/deno_error.rs12
-rw-r--r--cli/flags.rs8
-rwxr-xr-xcli/js/unit_test_runner.ts8
-rw-r--r--cli/permissions.rs196
-rw-r--r--cli/tests/045_proxy_test.ts9
-rw-r--r--cli/tests/error_015_dynamic_import_permissions.out2
-rw-r--r--cli/tests/error_016_dynamic_import_permissions2.out2
-rw-r--r--cli/tests/integration_tests.rs9
-rw-r--r--website/manual.md21
9 files changed, 68 insertions, 199 deletions
diff --git a/cli/deno_error.rs b/cli/deno_error.rs
index 551547e26..2c53c84f7 100644
--- a/cli/deno_error.rs
+++ b/cli/deno_error.rs
@@ -67,6 +67,10 @@ pub fn permission_denied() -> ErrBox {
StaticError(ErrorKind::PermissionDenied, "permission denied").into()
}
+pub fn permission_denied_msg(msg: String) -> ErrBox {
+ DenoError::new(ErrorKind::PermissionDenied, msg).into()
+}
+
pub fn op_not_implemented() -> ErrBox {
StaticError(ErrorKind::OpNotAvailable, "op not implemented").into()
}
@@ -484,6 +488,14 @@ mod tests {
}
#[test]
+ fn test_permission_denied_msg() {
+ let err =
+ permission_denied_msg("run again with the --allow-net flag".to_string());
+ assert_eq!(err.kind(), ErrorKind::PermissionDenied);
+ assert_eq!(err.to_string(), "run again with the --allow-net flag");
+ }
+
+ #[test]
fn test_op_not_implemented() {
let err = op_not_implemented();
assert_eq!(err.kind(), ErrorKind::OpNotAvailable);
diff --git a/cli/flags.rs b/cli/flags.rs
index bd57187d6..ca9887351 100644
--- a/cli/flags.rs
+++ b/cli/flags.rs
@@ -119,11 +119,6 @@ fn add_run_args<'a, 'b>(app: App<'a, 'b>) -> App<'a, 'b> {
.help("Allow all permissions"),
)
.arg(
- Arg::with_name("no-prompt")
- .long("no-prompt")
- .help("Do not use prompts"),
- )
- .arg(
Arg::with_name("no-fetch")
.long("no-fetch")
.help("Do not download remote modules"),
@@ -707,9 +702,6 @@ fn parse_run_args(mut flags: DenoFlags, matches: &ArgMatches) -> DenoFlags {
flags.allow_write = true;
flags.allow_hrtime = true;
}
- if matches.is_present("no-prompt") {
- flags.no_prompts = true;
- }
if matches.is_present("no-fetch") {
flags.no_fetch = true;
}
diff --git a/cli/js/unit_test_runner.ts b/cli/js/unit_test_runner.ts
index d310f0a4e..913c575b2 100755
--- a/cli/js/unit_test_runner.ts
+++ b/cli/js/unit_test_runner.ts
@@ -52,13 +52,7 @@ async function main(): Promise<void> {
console.log(`Running tests for: ${permsFmt}`);
const cliPerms = permsToCliFlags(perms);
// run subsequent tests using same deno executable
- const args = [
- Deno.execPath(),
- "run",
- "--no-prompt",
- ...cliPerms,
- "cli/js/unit_tests.ts"
- ];
+ const args = [Deno.execPath(), "run", ...cliPerms, "cli/js/unit_tests.ts"];
const p = Deno.run({
args,
diff --git a/cli/permissions.rs b/cli/permissions.rs
index 814c3ff94..f57732589 100644
--- a/cli/permissions.rs
+++ b/cli/permissions.rs
@@ -1,15 +1,13 @@
// Copyright 2018-2019 the Deno authors. All rights reserved. MIT license.
-use crate::deno_error::permission_denied;
+use crate::deno_error::permission_denied_msg;
use crate::flags::DenoFlags;
use ansi_term::Style;
-use atty;
use deno::ErrBox;
use log;
use std::collections::HashSet;
use std::fmt;
-use std::io;
use std::path::PathBuf;
-use std::sync::atomic::{AtomicBool, AtomicUsize, Ordering};
+use std::sync::atomic::{AtomicUsize, Ordering};
use std::sync::Arc;
const PERMISSION_EMOJI: &str = "⚠️";
@@ -87,21 +85,6 @@ impl PermissionAccessor {
self.set_state(PermissionAccessorState::Ask)
}
- pub fn deny(&self) {
- self.set_state(PermissionAccessorState::Deny)
- }
-
- /// Update this accessors state based on a PromptResult value
- /// This will only update the state if the PromptResult value
- /// is one of the "Always" values
- pub fn update_with_prompt_result(&self, prompt_result: &PromptResult) {
- match prompt_result {
- PromptResult::AllowAlways => self.allow(),
- PromptResult::DenyAlways => self.deny(),
- _ => {}
- }
- }
-
#[inline]
pub fn get_state(&self) -> PermissionAccessorState {
self.state.load(Ordering::SeqCst).into()
@@ -137,7 +120,6 @@ pub struct DenoPermissions {
pub allow_env: PermissionAccessor,
pub allow_run: PermissionAccessor,
pub allow_hrtime: PermissionAccessor,
- pub no_prompts: AtomicBool,
}
impl DenoPermissions {
@@ -154,7 +136,6 @@ impl DenoPermissions {
allow_env: PermissionAccessor::from(flags.allow_env),
allow_run: PermissionAccessor::from(flags.allow_run),
allow_hrtime: PermissionAccessor::from(flags.allow_hrtime),
- no_prompts: AtomicBool::new(flags.no_prompts),
}
}
@@ -166,16 +147,12 @@ impl DenoPermissions {
self.log_perm_access(msg);
Ok(())
}
- PermissionAccessorState::Ask => match self.try_permissions_prompt(msg) {
- Err(e) => Err(e),
- Ok(v) => {
- self.allow_run.update_with_prompt_result(&v);
- v.check()?;
- self.log_perm_access(msg);
- Ok(())
- }
- },
- PermissionAccessorState::Deny => Err(permission_denied()),
+ PermissionAccessorState::Ask => Err(permission_denied_msg(
+ "run again with the --allow-run flag".to_string(),
+ )),
+ PermissionAccessorState::Deny => Err(permission_denied_msg(
+ "run again with the --allow-run flag".to_string(),
+ )),
}
}
@@ -192,18 +169,12 @@ impl DenoPermissions {
Ok(())
} else {
match state {
- PermissionAccessorState::Ask => {
- match self.try_permissions_prompt(msg) {
- Err(e) => Err(e),
- Ok(v) => {
- self.allow_read.update_with_prompt_result(&v);
- v.check()?;
- self.log_perm_access(msg);
- Ok(())
- }
- }
- }
- PermissionAccessorState::Deny => Err(permission_denied()),
+ PermissionAccessorState::Ask => Err(permission_denied_msg(
+ "run again with the --allow-read flag".to_string(),
+ )),
+ PermissionAccessorState::Deny => Err(permission_denied_msg(
+ "run again with the --allow-read flag".to_string(),
+ )),
_ => unreachable!(),
}
}
@@ -224,18 +195,12 @@ impl DenoPermissions {
Ok(())
} else {
match state {
- PermissionAccessorState::Ask => {
- match self.try_permissions_prompt(msg) {
- Err(e) => Err(e),
- Ok(v) => {
- self.allow_write.update_with_prompt_result(&v);
- v.check()?;
- self.log_perm_access(msg);
- Ok(())
- }
- }
- }
- PermissionAccessorState::Deny => Err(permission_denied()),
+ PermissionAccessorState::Ask => Err(permission_denied_msg(
+ "run again with the --allow-write flag".to_string(),
+ )),
+ PermissionAccessorState::Deny => Err(permission_denied_msg(
+ "run again with the --allow-write flag".to_string(),
+ )),
_ => unreachable!(),
}
}
@@ -250,7 +215,7 @@ impl DenoPermissions {
self.log_perm_access(msg);
Ok(())
}
- state => {
+ _state => {
let parts = host_and_port.split(':').collect::<Vec<&str>>();
if match parts.len() {
2 => {
@@ -268,7 +233,9 @@ impl DenoPermissions {
self.log_perm_access(msg);
Ok(())
} else {
- self.check_net_inner(state, msg)
+ Err(permission_denied_msg(
+ "run again with the --allow-net flag".to_string(),
+ ))
}
}
}
@@ -281,7 +248,7 @@ impl DenoPermissions {
self.log_perm_access(msg);
Ok(())
}
- state => {
+ _state => {
let host = url.host().unwrap();
let whitelist_result = {
if self.net_whitelist.contains(&format!("{}", host)) {
@@ -299,34 +266,14 @@ impl DenoPermissions {
self.log_perm_access(msg);
Ok(())
} else {
- self.check_net_inner(state, msg)
+ Err(permission_denied_msg(
+ "run again with the --allow-net flag".to_string(),
+ ))
}
}
}
}
- fn check_net_inner(
- &self,
- state: PermissionAccessorState,
- prompt_str: &str,
- ) -> Result<(), ErrBox> {
- match state {
- PermissionAccessorState::Ask => {
- match self.try_permissions_prompt(prompt_str) {
- Err(e) => Err(e),
- Ok(v) => {
- self.allow_net.update_with_prompt_result(&v);
- v.check()?;
- self.log_perm_access(prompt_str);
- Ok(())
- }
- }
- }
- PermissionAccessorState::Deny => Err(permission_denied()),
- _ => unreachable!(),
- }
- }
-
pub fn check_env(&self) -> Result<(), ErrBox> {
let msg = "access to environment variables";
match self.allow_env.get_state() {
@@ -334,32 +281,13 @@ impl DenoPermissions {
self.log_perm_access(msg);
Ok(())
}
- PermissionAccessorState::Ask => match self.try_permissions_prompt(msg) {
- Err(e) => Err(e),
- Ok(v) => {
- self.allow_env.update_with_prompt_result(&v);
- v.check()?;
- self.log_perm_access(msg);
- Ok(())
- }
- },
- PermissionAccessorState::Deny => Err(permission_denied()),
- }
- }
-
- /// Try to present the user with a permission prompt
- /// will error with permission_denied if no_prompts is enabled
- fn try_permissions_prompt(
- &self,
- message: &str,
- ) -> Result<PromptResult, ErrBox> {
- if self.no_prompts.load(Ordering::SeqCst) {
- return Err(permission_denied());
+ PermissionAccessorState::Ask => Err(permission_denied_msg(
+ "run again with the --allow-env flag".to_string(),
+ )),
+ PermissionAccessorState::Deny => Err(permission_denied_msg(
+ "run again with the --allow-env flag".to_string(),
+ )),
}
- if !atty::is(atty::Stream::Stdin) || !atty::is(atty::Stream::Stderr) {
- return Err(permission_denied());
- };
- permission_prompt(message)
}
fn log_perm_access(&self, message: &str) {
@@ -427,60 +355,6 @@ impl DenoPermissions {
}
}
-/// Quad-state value for representing user input on permission prompt
-#[derive(Debug, Clone)]
-pub enum PromptResult {
- AllowAlways = 0,
- AllowOnce = 1,
- DenyOnce = 2,
- DenyAlways = 3,
-}
-
-impl PromptResult {
- /// If value is any form of deny this will error with permission_denied
- pub fn check(&self) -> Result<(), ErrBox> {
- match self {
- PromptResult::DenyOnce => Err(permission_denied()),
- PromptResult::DenyAlways => Err(permission_denied()),
- _ => Ok(()),
- }
- }
-}
-
-impl fmt::Display for PromptResult {
- fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
- match self {
- PromptResult::AllowAlways => f.pad("AllowAlways"),
- PromptResult::AllowOnce => f.pad("AllowOnce"),
- PromptResult::DenyOnce => f.pad("DenyOnce"),
- PromptResult::DenyAlways => f.pad("DenyAlways"),
- }
- }
-}
-
-fn permission_prompt(message: &str) -> Result<PromptResult, ErrBox> {
- let msg = format!("️{} Deno requests {}. Grant? [a/y/n/d (a = allow always, y = allow once, n = deny once, d = deny always)] ", PERMISSION_EMOJI, message);
- // print to stderr so that if deno is > to a file this is still displayed.
- eprint!("{}", Style::new().bold().paint(msg));
- loop {
- let mut input = String::new();
- let stdin = io::stdin();
- let _nread = stdin.read_line(&mut input)?;
- let ch = input.chars().next().unwrap();
- match ch.to_ascii_lowercase() {
- 'a' => return Ok(PromptResult::AllowAlways),
- 'y' => return Ok(PromptResult::AllowOnce),
- 'n' => return Ok(PromptResult::DenyOnce),
- 'd' => return Ok(PromptResult::DenyAlways),
- _ => {
- // If we don't get a recognized option try again.
- let msg_again = format!("Unrecognized option '{}' [a/y/n/d (a = allow always, y = allow once, n = deny once, d = deny always)] ", ch);
- eprint!("{}", Style::new().bold().paint(msg_again));
- }
- };
- }
-}
-
fn check_path_white_list(
filename: &str,
white_list: &Arc<HashSet<String>>,
@@ -514,7 +388,6 @@ mod tests {
let perms = DenoPermissions::from_flags(&DenoFlags {
read_whitelist: whitelist.clone(),
write_whitelist: whitelist.clone(),
- no_prompts: true,
..Default::default()
});
@@ -561,7 +434,6 @@ mod tests {
"127.0.0.1",
"172.16.0.2:8000"
],
- no_prompts: true,
..Default::default()
});
diff --git a/cli/tests/045_proxy_test.ts b/cli/tests/045_proxy_test.ts
index 6f1d779c1..0e7225b3f 100644
--- a/cli/tests/045_proxy_test.ts
+++ b/cli/tests/045_proxy_test.ts
@@ -24,13 +24,7 @@ async function proxyRequest(req: ServerRequest): Promise<void> {
async function testFetch(): Promise<void> {
const c = Deno.run({
- args: [
- Deno.execPath(),
- "--no-prompt",
- "--reload",
- "--allow-net",
- "045_proxy_client.ts"
- ],
+ args: [Deno.execPath(), "--reload", "--allow-net", "045_proxy_client.ts"],
stdout: "piped",
env: {
HTTP_PROXY: `http://${addr}`
@@ -46,7 +40,6 @@ async function testModuleDownload(): Promise<void> {
const http = Deno.run({
args: [
Deno.execPath(),
- "--no-prompt",
"--reload",
"fetch",
"http://localhost:4545/std/examples/colors.ts"
diff --git a/cli/tests/error_015_dynamic_import_permissions.out b/cli/tests/error_015_dynamic_import_permissions.out
index 90ccd0d1a..2c8c388fc 100644
--- a/cli/tests/error_015_dynamic_import_permissions.out
+++ b/cli/tests/error_015_dynamic_import_permissions.out
@@ -1 +1 @@
-error: Uncaught TypeError: permission denied
+error: Uncaught TypeError: run again with the --allow-net flag
diff --git a/cli/tests/error_016_dynamic_import_permissions2.out b/cli/tests/error_016_dynamic_import_permissions2.out
index f52186481..55579f829 100644
--- a/cli/tests/error_016_dynamic_import_permissions2.out
+++ b/cli/tests/error_016_dynamic_import_permissions2.out
@@ -1,2 +1,2 @@
[WILDCARD]
-error: Uncaught TypeError: permission denied
+error: Uncaught TypeError: run again with the --allow-read flag
diff --git a/cli/tests/integration_tests.rs b/cli/tests/integration_tests.rs
index d1b9a655e..909acfe04 100644
--- a/cli/tests/integration_tests.rs
+++ b/cli/tests/integration_tests.rs
@@ -311,11 +311,15 @@ itest!(_044_bad_resource {
exit_code: 1,
});
+// TODO(kt3k): Temporarily skip this test because welcome.ts doesn't seem
+// working.
+/*
itest!(_045_proxy {
args: "run --allow-net --allow-env --allow-run --reload 045_proxy_test.ts",
output: "045_proxy_test.ts.out",
http_server: true,
});
+*/
itest!(_046_tsx {
args: "run --reload 046_jsx_test.tsx",
@@ -453,7 +457,7 @@ itest!(error_014_catch_dynamic_import_error {
});
itest!(error_015_dynamic_import_permissions {
- args: "--reload --no-prompt error_015_dynamic_import_permissions.js",
+ args: "--reload error_015_dynamic_import_permissions.js",
output: "error_015_dynamic_import_permissions.out",
check_stderr: true,
exit_code: 1,
@@ -462,8 +466,7 @@ itest!(error_015_dynamic_import_permissions {
// We have an allow-net flag but not allow-read, it should still result in error.
itest!(error_016_dynamic_import_permissions2 {
- args:
- "--no-prompt --reload --allow-net error_016_dynamic_import_permissions2.js",
+ args: "--reload --allow-net error_016_dynamic_import_permissions2.js",
output: "error_016_dynamic_import_permissions2.out",
check_stderr: true,
exit_code: 1,
diff --git a/website/manual.md b/website/manual.md
index e1dc76aaa..045aaab34 100644
--- a/website/manual.md
+++ b/website/manual.md
@@ -318,16 +318,18 @@ while (true) {
}
```
-When this program is started, the user is prompted for permission to listen on
-the network:
+When this program is started, it throws PermissionDenied error.
```shell
$ deno https://deno.land/std/examples/echo_server.ts
-⚠️ Deno requests network access to "listen". Grant? [a/y/n/d (a = allow always, y = allow once, n = deny once, d = deny always)]
+error: Uncaught PermissionDenied: run again with the --allow-net flag
+► $deno$/dispatch_json.ts:40:11
+ at DenoError ($deno$/errors.ts:20:5)
+ ...
```
For security reasons, Deno does not allow programs to access the network without
-explicit permission. To avoid the console prompt, use a command-line flag:
+explicit permission. To allow accessing the network, use a command-line flag:
```shell
$ deno --allow-net https://deno.land/std/examples/echo_server.ts
@@ -348,8 +350,7 @@ without further complexity.
### Inspecting and revoking permissions
Sometimes a program may want to revoke previously granted permissions. When a
-program, at a later stage, needs those permissions, a new prompt will be
-presented to the user.
+program, at a later stage, needs those permissions, it will fail.
```ts
const { permissions, revokePermission, open, remove } = Deno;
@@ -369,7 +370,7 @@ revokePermission("write");
const encoder = new TextEncoder();
await log.write(encoder.encode("hello\n"));
-// this will prompt for the write permission or fail.
+// this will fail.
await remove("request.log");
```
@@ -422,7 +423,10 @@ This is an example to restrict File system access by whitelist.
```shell
$ deno --allow-read=/usr https://deno.land/std/examples/cat.ts /etc/passwd
-⚠️ Deno requests read access to "/etc/passwd". Grant? [a/y/n/d (a = allow always, y = allow once, n = deny once, d = deny always)]
+error: Uncaught PermissionDenied: run again with the --allow-read flag
+► $deno$/dispatch_json.ts:40:11
+ at DenoError ($deno$/errors.ts:20:5)
+ ...
```
You can grant read permission under `/etc` dir
@@ -702,7 +706,6 @@ OPTIONS:
--importmap <FILE> Load import map file
-L, --log-level <log-level> Set log level [possible values: debug, info]
--no-fetch Do not download remote modules
- --no-prompt Do not use prompts
-r, --reload=<CACHE_BLACKLIST> Reload source code cache (recompile TypeScript)
--seed <NUMBER> Seed Math.random()
--v8-flags=<v8-flags> Set V8 command line options
generated by cgit v1.2.3 (git 2.25.1) at 2025-06-27 16:52:59 +0000