diff --git a/.gitignore b/.gitignore index 479ff93a9..95da521cf 100644 --- a/.gitignore +++ b/.gitignore @@ -5,11 +5,19 @@ verdaccio-*.tgz ### !bin/verdaccio test-storage* - node_modules + +# Istanbul +coverage/ +.nyc* + # Visual Studio Code .vscode/* .jscsrc .jshintrc jsconfig.json + + +# Yarn +yarn* \ No newline at end of file diff --git a/README.md b/README.md index 664407891..6eac39509 100644 --- a/README.md +++ b/README.md @@ -107,7 +107,7 @@ There's two options here: 1. You want to create a separate fork and stop synchronizing with public version. - If you want to do that, you should modify your configuration file so verdaccio won't make requests regarding this package to npmjs anymore. Add a separate entry for this package to *config.yaml* and remove `npmjs` from `proxy_access` list and restart the server. + If you want to do that, you should modify your configuration file so verdaccio won't make requests regarding this package to npmjs anymore. Add a separate entry for this package to *config.yaml* and remove `npmjs` from `proxy` list and restart the server. When you publish your package locally, you should probably start with version string higher than existing one, so it won't conflict with existing package in the cache. diff --git a/conf/docker.yaml b/conf/docker.yaml index f3405296d..0b770deb3 100644 --- a/conf/docker.yaml +++ b/conf/docker.yaml @@ -11,7 +11,7 @@ storage: /verdaccio/storage auth: htpasswd: - file: /verdaccio/config/htpasswd + file: /verdaccio/conf/htpasswd # Maximum amount of users allowed to register, defaults to "+inf". # You can set this to -1 to disable registration. #max_users: 1000 diff --git a/lib/GUI/entry.hbs b/lib/GUI/entry.hbs index 6e63d3713..a28fe423d 100644 --- a/lib/GUI/entry.hbs +++ b/lib/GUI/entry.hbs @@ -8,7 +8,7 @@
- By: {{ _npmUser.name }} + By: {{ author.name }}
diff --git a/lib/auth.js b/lib/auth.js index 9e2647171..1addcba6e 100644 --- a/lib/auth.js +++ b/lib/auth.js @@ -195,9 +195,9 @@ Auth.prototype.basic_middleware = function() { var scheme = parts[0] if (scheme === 'Basic') { - var credentials = Buffer(parts[1], 'base64').toString() + var credentials = new Buffer(parts[1], 'base64').toString() } else if (scheme === 'Bearer') { - var credentials = self.aes_decrypt(Buffer(parts[1], 'base64')).toString('utf8') + var credentials = self.aes_decrypt(new Buffer(parts[1], 'base64')).toString('utf8') if (!credentials) return next() } else { return next() @@ -286,7 +286,7 @@ Auth.prototype.cookie_middleware = function() { req.remote_user = AuthenticatedUser(user.u, user.g) req.remote_user.token = token next()*/ - var credentials = self.aes_decrypt(Buffer(token, 'base64')).toString('utf8') + var credentials = self.aes_decrypt(new Buffer(token, 'base64')).toString('utf8') if (!credentials) return next() var index = credentials.indexOf(':') @@ -314,13 +314,13 @@ Auth.prototype.issue_token = function(user) { t: ~~(Date.now()/1000), }, { indent: false }) - data = Buffer(data, 'utf8') + data = new Buffer(data, 'utf8') var mac = Crypto.createHmac('sha256', this.secret).update(data).digest() return Buffer.concat([ data, mac ]).toString('base64') } Auth.prototype.decode_token = function(str, expire_time) { - var buf = Buffer(str, 'base64') + var buf = new Buffer(str, 'base64') if (buf.length <= 32) throw Error[401]('invalid token') var data = buf.slice(0, buf.length - 32) @@ -355,7 +355,7 @@ Auth.prototype.aes_decrypt = function(buf) { var b1 = c.update(buf) var b2 = c.final() } catch(_) { - return Buffer(0) + return new Buffer(0) } return Buffer.concat([ b1, b2 ]) } diff --git a/lib/index-api.js b/lib/index-api.js index 224573fb7..f53d152e1 100644 --- a/lib/index-api.js +++ b/lib/index-api.js @@ -364,7 +364,7 @@ module.exports = function(config, auth, storage) { }) // this is dumb and memory-consuming, but what choices do we have? - stream.end(Buffer(data.data, 'base64')) + stream.end(new Buffer(data.data, 'base64')) stream.done() } diff --git a/lib/plugins/htpasswd/index.js b/lib/plugins/htpasswd/index.js index 2eb4e986b..69ea5fb48 100644 --- a/lib/plugins/htpasswd/index.js +++ b/lib/plugins/htpasswd/index.js @@ -100,8 +100,6 @@ HTPasswd.prototype.adduser = function (user, password, real_cb) { if (s_err) return cb(s_err) try { - console.log('body = utils.add_user_to_htpasswd(body, user, password)') - console.log(user, password) body = utils.add_user_to_htpasswd(body, user, password) } catch (err) { return cb(err) diff --git a/lib/plugins/htpasswd/utils.js b/lib/plugins/htpasswd/utils.js index 229662f9f..425e7b085 100644 --- a/lib/plugins/htpasswd/utils.js +++ b/lib/plugins/htpasswd/utils.js @@ -1,5 +1,6 @@ var crypto = require('crypto') var crypt3 = require('./crypt3') +var md5 = require('apache-md5') var locker = require('../../file-locking') // this function neither unlocks file nor closes it @@ -32,10 +33,12 @@ function verify_password(user, passwd, hash) { return passwd === hash.substr(7) } else if (hash.indexOf('{SHA}') === 0) { return crypto.createHash('sha1').update(passwd, 'binary').digest('base64') === hash.substr(5) - } else if (crypt3) { - return crypt3(passwd, hash) === hash } else { - return false + return ( + // for backwards compatibility, first check md5 then check crypt3 + md5(passwd, hash) === hash || + crypt3(passwd, hash) === hash + ) } } diff --git a/package.json b/package.json index 1a7e20f4d..705ee5b8c 100644 --- a/package.json +++ b/package.json @@ -16,6 +16,7 @@ }, "dependencies": { "JSONStream": "^1.1.1", + "apache-md5": "^1.1.2", "async": "^2.0.1", "body-parser": "^1.15.0", "bunyan": "^1.8.0", @@ -42,20 +43,21 @@ "unix-crypt-td-js": "^1.0.0" }, "devDependencies": { - "rimraf": "^2.5.2", "bluebird": "^3.3.5", - "mocha": "^2.4.5", - "eslint": "^2.9.0", "browserify": "^13.0.0", "browserify-handlebars": "^1.0.0", + "eslint": "^2.9.0", "grunt": "^1.0.1", - "grunt-cli": "^1.2.0", "grunt-browserify": "^5.0.0", + "grunt-cli": "^1.2.0", "grunt-contrib-less": "^1.3.0", "grunt-contrib-watch": "^1.0.0", - "unopinionate": "^0.0.4", + "mocha": "^2.4.5", + "nyc": "^10.1.2", "onclick": "^0.1.0", - "transition-complete": "^0.0.2" + "rimraf": "^2.5.2", + "transition-complete": "^0.0.2", + "unopinionate": "^0.0.4" }, "keywords": [ "private", @@ -68,7 +70,8 @@ ], "scripts": { "test": "eslint . && mocha ./test/functional ./test/unit", - "test-travis": "eslint . && mocha -R spec ./test/functional ./test/unit", + "test:coverage": "nyc --reporter=html --reporter=text mocha -R spec ./test/functional ./test/unit", + "test-travis": "eslint . && npm run test:coverage", "test-only": "mocha ./test/functional ./test/unit", "lint": "eslint ." }, diff --git a/test/functional/adduser.js b/test/functional/adduser.js index 0402f297b..b0c6bcf53 100644 --- a/test/functional/adduser.js +++ b/test/functional/adduser.js @@ -1,4 +1,6 @@ var Server = require('./lib/server') +var fs = require('fs') +var path = require('path') module.exports = function() { var server = new Server('http://localhost:55551/') @@ -26,4 +28,20 @@ module.exports = function() { .body_error(/maximum amount of users reached/) }) }) + + describe('adduser created with htpasswd', function() { + var user = 'preexisting' + var pass = 'preexisting' + before(function () { + return fs.appendFileSync( + path.join(__dirname, 'test-storage', '.htpasswd'), + 'preexisting:$apr1$4YSboUa9$yVKjE7.PxIOuK3M4D7VjX.' + ) + }) + it('should log in', function () { + return server.auth(user, pass) + .status(201) + .body_ok(/you are authenticated as/) + }) + }) } diff --git a/test/functional/lib/server.js b/test/functional/lib/server.js index 4a1af0ef7..0a720b14c 100644 --- a/test/functional/lib/server.js +++ b/test/functional/lib/server.js @@ -27,7 +27,7 @@ Server.prototype.request = function(options) { } Server.prototype.auth = function(user, pass) { - this.authstr = 'Basic '+(Buffer(user+':'+pass)).toString('base64') + this.authstr = 'Basic '+(new Buffer(user+':'+pass)).toString('base64') return this.request({ uri: '/-/user/org.couchdb.user:'+encodeURIComponent(user)+'/-rev/undefined', method: 'PUT',