feat(config/getNetworkConfigs): load auth info#10491
Conversation
In order to resolve merge conflicts ahead of time for #10385
There was a problem hiding this comment.
Pull request overview
This PR adds authentication information loading capabilities to the pnpm config system. It introduces a new parseAuthInfo module that handles parsing various authentication formats (_authToken, _auth base64, username/password pairs, and tokenHelper commands) from configuration files, and integrates this functionality into the existing getNetworkConfigs function.
Changes:
- Adds parsing and validation for registry authentication information from config files
- Extends Config interface to include default registry authentication at the root level
- Adds comprehensive test coverage for the new authentication parsing functionality
Reviewed changes
Copilot reviewed 6 out of 6 changed files in this pull request and generated 13 comments.
Show a summary per file
| File | Description |
|---|---|
| config/config/src/parseAuthInfo.ts | New module for parsing authentication information from various formats, including validation for tokenHelper commands |
| config/config/test/parseAuthInfo.test.ts | Comprehensive test suite for parseAuthInfo functionality |
| config/config/src/getNetworkConfigs.ts | Updated to parse and return authentication information alongside SSL configs and registries, plus new getDefaultAuthInfo function |
| config/config/test/getNetworkConfigs.test.ts | Added test cases for authentication info extraction from network configs |
| config/config/src/Config.ts | Extended Config interface to include AuthInfo properties at root level |
| config/config/src/index.ts | Integrated getDefaultAuthInfo to populate default registry auth in pnpmConfig |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| } | ||
|
|
||
| for (const key in authInfoInputs) { | ||
| const authInfo = parseAuthInfo(authInfoInputs[key]) |
There was a problem hiding this comment.
why this can't happen inside tryParseAuthSetting?
There was a problem hiding this comment.
why this can't happen inside tryParseAuthSetting?
tryParseAuthSetting mirrors the existing tryParseSslSetting. Both functions only return the setting names to target rather than the setting values. And both functions only take the keys of rawConfig, not the values.
However, there is a difference between "auth" and "ssl":
- "Ssl" is all strings, so their raw values can be assigned directly to
sslConfigsas-is. - But "auth" is structured, so their raw values must be assign to the indirect object named
authInfoInputsfirst.
Why not just assign to authInfos directly, as soon as the field is determined?
Because there are multiple fields that determine username and password (_auth, username, _password). The code must know all the fields in order to decide which fields override which fields. Furthermore, username without a _password or _password without a username result in authUserPass: undefined.
See also:
pnpm/config/config/src/parseAuthInfo.ts
Lines 68 to 89 in 2b039f0
|
There are some misspelling issues. See the error |
Should be fixed now. |
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 6 out of 6 changed files in this pull request and generated 3 comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
* chore(deps): add `libnpmpublish` to catalog * chore(deps): install `libnpmpublish` * feat: publishableManifest (wip) * feat: publishableManifest (wip) * chore(cspell): libnpmpublish * test: fix * feat: validate field and version * chore: @npm/types * chore: todo * refactor: reorganize * feat: transformRequiredFields * chore(deps): patch `libnpmpublish` * fix: `BaseManifest.config` * fix: eslint * chore(git): revert a patch that doesn't work This reverts commit 45f2c6a. We will use type casting * feat: `engines.runtime` * feat: normalize bin * fix: `bin === ''` * test: fix * refactor: inference friendly * feat: `peerDependenciesMeta` * refactor: group into a directory * refactor: use `ramda.pipe` * refactor: less intrusive type assertion * feat!: returning `ExportedManifest` * refactor: remove unnecessary file * docs: add a todo * refactor: getNetworkConfigs (#10458) Some tests are added as a bonus * feat: `publishPackedPkg` (wip) * feat: replace `\t` with 4 spaces * fix: newline * fix: newline * refactor: extract `FailedToPublishError` * test: FailedToPublishError * feat: registryConfigKeys * feat: `publishPackedPkg` (wip) * feat(config/getNetworkConfigs): load auth info * feat(config/getNetworkConfigs): load auth info (#10491) * feat: `publishPackedPkg` (wip) * refactor: extract a `static` function * fix: inheritance, override, and merge * feat: `executeTokenHelper` * fix: use the visible `globalWarn` * feat: add options * feat: add more options * docs: more links * fix: private packages * fix: --dry-run * feat: log more things * fix: name * fix: tag * refactor: remove extraneous `assertPublicPackage` * feat: use `publishPackedPkg` for directories * refactor: require only necessary fields * refactor: extractManifestFromPacked * fix: extractManifestFromPacked * test: extractManifestFromPacked * feat: isTarballPath * feat: use `publishPackedPkg` for tarballs * style: add an empty line for clarity * refactor: remove unnecessary works * feat: --otp * feat: PNPM_CONFIG_OTP * feat: oidc * test: fix name collision * fix: eslint * test: disable a false test * feat: set `provenance` * docs(todo): auto provenance * refactor: run oidc in `createPublishOptions` * fix: correct auth keys for `libnpmpublish` * docs: changeset * fix: incorrect `password` field * fix: typo, grammar * chore(git): resolve merge conflict ahead of time In preparation for #10385 * fix: field name * fix(config): decoding `_password` * fix: edge case of partial `cert`/`key` * fix: ensure `registry` always match its config key * fix: `_password` * test: correct a name * test: more specific assertions * fix: grammar * docs(changeset): fix grammar * docs: fix grammar * fix: clean up after failure * test: fix windows * feat(provenance): auto detect * refactor: consistent name * fix: correct error names * refactor: extract the `provenance` code * feat: show code and body of an error * refactor: use `encodeURIComponent` * refactor: rename a type * refactor: use the try-catch model * refactor: move `normalizeBinObject` * refactor: split `oidc` into `idToken` and `authToken` * refactor: run `next` on `stream`'s `'end'` * fix: use the correct encoding * feat: guard against weird names * test: `transform/engines` Closes #10599 * test: `transformPeerDependenciesMeta` Closes #10600 * refactor: dependency inject the `Date` too * refactor: export an interface * test: oidc Closes #10598 * refactor: re-arrange imports * refactor: remove unnecessary type casts * refactor: improve test
In order to resolve merge conflicts ahead of time for #10385