Skip to content

Commit

Permalink
fix(npm): match npm bearer token generation (#26544)
Browse files Browse the repository at this point in the history 
Spend some time stepping through the npm client code and noticed that
the bearer token was different from ours. They do some double encoding
and @dsherret helped me in matching the encoding behavior.

Fixes #26033
  • Loading branch information
@marvinhagemeister @bartlomieju
marvinhagemeister authored and bartlomieju committed Oct 29, 2024
1 parent 6159888 commit 6ef2875
Show file tree
Hide file tree
Showing 2 changed files with 18 additions and 11 deletions.
23 changes: 14 additions & 9 deletions cli/npm/common.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@
use base64::prelude::BASE64_STANDARD;
use base64::Engine;
use deno_core::anyhow::bail;
use deno_core::anyhow::Context;
use deno_core::error::AnyError;
use deno_npm::npm_rc::RegistryConfig;
use http::header;
Expand Down Expand Up @@ -36,17 +37,21 @@ pub fn maybe_auth_header_for_npm_registry(
}

if username.is_some() && password.is_some() {
// The npm client does some double encoding when generating the
// bearer token value, see
// https://github.com/npm/cli/blob/780afc50e3a345feb1871a28e33fa48235bc3bd5/workspaces/config/lib/index.js#L846-L851
let pw_base64 = BASE64_STANDARD
.decode(password.unwrap())
.with_context(|| "The password in npmrc is an invalid base64 string")?;
let bearer = BASE64_STANDARD.encode(format!(
"{}:{}",
username.unwrap(),
String::from_utf8_lossy(&pw_base64)
));

return Ok(Some((
header::AUTHORIZATION,
header::HeaderValue::from_str(&format!(
"Basic {}",
BASE64_STANDARD.encode(format!(
"{}:{}",
username.unwrap(),
password.unwrap()
))
))
.unwrap(),
header::HeaderValue::from_str(&format!("Basic {}", bearer)).unwrap(),
)));
}

Expand Down
6 changes: 4 additions & 2 deletions tests/specs/npm/npmrc_username_password/.npmrc
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,8 @@
@denotest:registry=http://localhost:4261/
//localhost:4261/:username=deno
//localhost:4261/:_password=land
# base64 of land
//localhost:4261/:_password=bGFuZA==
@denotest2:registry=http://localhost:4262/
//localhost:4262/:username=deno
//localhost:4262/:_password=land2
# base64 of land2
//localhost:4262/:_password=bGFuZDI=

0 comments on commit 6ef2875

Please sign in to comment.