diff --git a/packages/plugins/auth-memory/.babelrc b/packages/plugins/auth-memory/.babelrc new file mode 100644 index 000000000..851856e59 --- /dev/null +++ b/packages/plugins/auth-memory/.babelrc @@ -0,0 +1,3 @@ +{ + "extends": "../../../.babelrc" +} diff --git a/packages/plugins/auth-memory/CHANGELOG.md b/packages/plugins/auth-memory/CHANGELOG.md new file mode 100644 index 000000000..4d6ff4e8f --- /dev/null +++ b/packages/plugins/auth-memory/CHANGELOG.md @@ -0,0 +1,346 @@ +# Change Log + +All notable changes to this project will be documented in this file. +See [Conventional Commits](https://conventionalcommits.org) for commit guidelines. + +## [9.7.2](https://github.com/verdaccio/monorepo/compare/v9.7.1...v9.7.2) (2020-07-20) + +**Note:** Version bump only for package verdaccio-auth-memory + + + + + +## [9.7.1](https://github.com/verdaccio/monorepo/compare/v9.7.0...v9.7.1) (2020-07-10) + +**Note:** Version bump only for package verdaccio-auth-memory + + + + + +# [9.7.0](https://github.com/verdaccio/monorepo/compare/v9.6.1...v9.7.0) (2020-06-24) + +**Note:** Version bump only for package verdaccio-auth-memory + + + + + +## [9.6.1](https://github.com/verdaccio/monorepo/compare/v9.6.0...v9.6.1) (2020-06-07) + +**Note:** Version bump only for package verdaccio-auth-memory + + + + + +# [9.5.0](https://github.com/verdaccio/monorepo/compare/v9.4.1...v9.5.0) (2020-05-02) + +**Note:** Version bump only for package verdaccio-auth-memory + + + + + +# [9.4.0](https://github.com/verdaccio/monorepo/compare/v9.3.4...v9.4.0) (2020-03-21) + +**Note:** Version bump only for package verdaccio-auth-memory + + + + + +## [9.3.2](https://github.com/verdaccio/monorepo/compare/v9.3.1...v9.3.2) (2020-03-08) + +**Note:** Version bump only for package verdaccio-auth-memory + + + + + +## [9.3.1](https://github.com/verdaccio/monorepo/compare/v9.3.0...v9.3.1) (2020-02-23) + +**Note:** Version bump only for package verdaccio-auth-memory + + + + + +# [9.3.0](https://github.com/verdaccio/monorepo/compare/v9.2.0...v9.3.0) (2020-01-29) + +**Note:** Version bump only for package verdaccio-auth-memory + + + + + +# [9.0.0](https://github.com/verdaccio/monorepo/compare/v8.5.3...v9.0.0) (2020-01-07) + +**Note:** Version bump only for package verdaccio-auth-memory + + + + + +## [8.5.2](https://github.com/verdaccio/monorepo/compare/v8.5.1...v8.5.2) (2019-12-25) + +**Note:** Version bump only for package verdaccio-auth-memory + + + + + +## [8.5.1](https://github.com/verdaccio/monorepo/compare/v8.5.0...v8.5.1) (2019-12-24) + +**Note:** Version bump only for package verdaccio-auth-memory + + + + + +# [8.5.0](https://github.com/verdaccio/monorepo/compare/v8.4.2...v8.5.0) (2019-12-22) + +**Note:** Version bump only for package verdaccio-auth-memory + + + + + +## [8.4.2](https://github.com/verdaccio/monorepo/compare/v8.4.1...v8.4.2) (2019-11-23) + +**Note:** Version bump only for package verdaccio-auth-memory + + + + + +## [8.4.1](https://github.com/verdaccio/monorepo/compare/v8.4.0...v8.4.1) (2019-11-22) + +**Note:** Version bump only for package verdaccio-auth-memory + + + + + +# [8.4.0](https://github.com/verdaccio/monorepo/compare/v8.3.0...v8.4.0) (2019-11-22) + +**Note:** Version bump only for package verdaccio-auth-memory + + + + + +# [8.3.0](https://github.com/verdaccio/monorepo/compare/v8.2.0...v8.3.0) (2019-10-27) + +**Note:** Version bump only for package verdaccio-auth-memory + + + + + +# [8.2.0](https://github.com/verdaccio/monorepo/compare/v8.2.0-next.0...v8.2.0) (2019-10-23) + +**Note:** Version bump only for package verdaccio-auth-memory + + + + + +# [8.2.0-next.0](https://github.com/verdaccio/monorepo/compare/v8.1.4...v8.2.0-next.0) (2019-10-08) + + +### Bug Fixes + +* fixed lint errors ([5e677f7](https://github.com/verdaccio/monorepo/commit/5e677f7)) + + + + + +## [8.1.2](https://github.com/verdaccio/monorepo/compare/v8.1.1...v8.1.2) (2019-09-29) + +**Note:** Version bump only for package verdaccio-auth-memory + + + + + +## [8.1.1](https://github.com/verdaccio/monorepo/compare/v8.1.0...v8.1.1) (2019-09-26) + +**Note:** Version bump only for package verdaccio-auth-memory + + + + + +# [8.1.0](https://github.com/verdaccio/monorepo/compare/v8.0.1-next.1...v8.1.0) (2019-09-07) + +**Note:** Version bump only for package verdaccio-auth-memory + + + + + +## [8.0.1-next.1](https://github.com/verdaccio/monorepo/compare/v8.0.1-next.0...v8.0.1-next.1) (2019-08-29) + +**Note:** Version bump only for package verdaccio-auth-memory + + + + + +## [8.0.1-next.0](https://github.com/verdaccio/monorepo/compare/v8.0.0...v8.0.1-next.0) (2019-08-29) + +**Note:** Version bump only for package verdaccio-auth-memory + + + + + +# [8.0.0](https://github.com/verdaccio/monorepo/compare/v8.0.0-next.4...v8.0.0) (2019-08-22) + +**Note:** Version bump only for package verdaccio-auth-memory + + + + + +# [8.0.0-next.4](https://github.com/verdaccio/monorepo/compare/v8.0.0-next.3...v8.0.0-next.4) (2019-08-18) + +**Note:** Version bump only for package verdaccio-auth-memory + + + + + +# [8.0.0-next.2](https://github.com/verdaccio/monorepo/compare/v8.0.0-next.1...v8.0.0-next.2) (2019-08-03) + +**Note:** Version bump only for package verdaccio-auth-memory + + + + + +# [8.0.0-next.1](https://github.com/verdaccio/monorepo/compare/v8.0.0-next.0...v8.0.0-next.1) (2019-08-01) + +**Note:** Version bump only for package verdaccio-auth-memory + + + + + +# [8.0.0-next.0](https://github.com/verdaccio/monorepo/compare/v2.0.0...v8.0.0-next.0) (2019-08-01) + + +### Bug Fixes + +* main file is correct routed ([245b115](https://github.com/verdaccio/monorepo/commit/245b115)) +* remove source maps ([6ca4895](https://github.com/verdaccio/monorepo/commit/6ca4895)) +* restore error messages ([5d241b6](https://github.com/verdaccio/monorepo/commit/5d241b6)) + + +### Features + +* add logging output for each action ([66f183c](https://github.com/verdaccio/monorepo/commit/66f183c)) +* change password ([de0a341](https://github.com/verdaccio/monorepo/commit/de0a341)) +* migrate to typescript BREAKING CHANGE: new compiler might bring issues ([13ebde2](https://github.com/verdaccio/monorepo/commit/13ebde2)) +* **config:** allow set users ([e5326fd](https://github.com/verdaccio/monorepo/commit/e5326fd)) + + + + + +# Changelog + +All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines. + +### [1.1.5](https://github.com/verdaccio/verdaccio-auth-memory/compare/v1.1.4...v1.1.5) (2019-07-15) + + +### Bug Fixes + +* restore error messages ([094da45](https://github.com/verdaccio/verdaccio-auth-memory/commit/094da45)) + + + +### [1.1.4](https://github.com/verdaccio/verdaccio-auth-memory/compare/v1.1.3...v1.1.4) (2019-07-15) + + +### Tests + +* fix wrong string match ([d4d2e81](https://github.com/verdaccio/verdaccio-auth-memory/commit/d4d2e81)) + + + +### [1.1.3](https://github.com/verdaccio/verdaccio-auth-memory/compare/v1.1.2...v1.1.3) (2019-07-15) + + +### Build System + +* update @verdaccio/commons-api@0.1.2 ([55f39a4](https://github.com/verdaccio/verdaccio-auth-memory/commit/55f39a4)) + + + +### [1.1.2](https://github.com/verdaccio/verdaccio-auth-memory/compare/v1.1.1...v1.1.2) (2019-07-15) + + +### Build System + +* build step before publish ([468ddbc](https://github.com/verdaccio/verdaccio-auth-memory/commit/468ddbc)) + + + +### [1.1.1](https://github.com/verdaccio/verdaccio-auth-memory/compare/v1.1.0...v1.1.1) (2019-07-12) + + +### Build System + +* fix unit test ([6d7b383](https://github.com/verdaccio/verdaccio-auth-memory/commit/6d7b383)) + + + +## [1.1.0](https://github.com/verdaccio/verdaccio-auth-memory/compare/v1.0.2...v1.1.0) (2019-07-12) + + +### Features + +* add logging output for each action ([099f9aa](https://github.com/verdaccio/verdaccio-auth-memory/commit/099f9aa)) + + + +### [1.0.2](https://github.com/verdaccio/verdaccio-auth-memory/compare/v1.0.1...v1.0.2) (2019-07-12) + + +### Bug Fixes + +* main file is correct routed ([722a615](https://github.com/verdaccio/verdaccio-auth-memory/commit/722a615)) + + + +### [1.0.1](https://github.com/verdaccio/verdaccio-auth-memory/compare/v1.0.0...v1.0.1) (2019-07-12) + + +### Bug Fixes + +* remove source maps ([6f29a06](https://github.com/verdaccio/verdaccio-auth-memory/commit/6f29a06)) + + + +## [1.0.0](https://github.com/verdaccio/verdaccio-auth-memory/compare/v0.0.4...v1.0.0) (2019-07-12) + + +### Build System + +* add coverage build script ([4f25313](https://github.com/verdaccio/verdaccio-auth-memory/commit/4f25313)) + + +### Features + +* change password ([19d9838](https://github.com/verdaccio/verdaccio-auth-memory/commit/19d9838)) +* migrate to typescript ([4c3b144](https://github.com/verdaccio/verdaccio-auth-memory/commit/4c3b144)) + + +### BREAKING CHANGES + +* new compiler might bring issues diff --git a/packages/plugins/auth-memory/LICENSE b/packages/plugins/auth-memory/LICENSE new file mode 100644 index 000000000..65fb12e2a --- /dev/null +++ b/packages/plugins/auth-memory/LICENSE @@ -0,0 +1,21 @@ +MIT License + +Copyright (c) 2019 Verdaccio + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. diff --git a/packages/plugins/auth-memory/README.md b/packages/plugins/auth-memory/README.md new file mode 100644 index 000000000..5a36302eb --- /dev/null +++ b/packages/plugins/auth-memory/README.md @@ -0,0 +1,92 @@ +# verdaccio-auth-memory + +[![FOSSA Status](https://app.fossa.io/api/projects/git%2Bgithub.com%2Fverdaccio%2Fverdaccio-auth-memory.svg?type=shield)](https://app.fossa.io/projects/git%2Bgithub.com%2Fverdaccio%2Fverdaccio-auth-memory?ref=badge_shield) +[![CircleCI](https://circleci.com/gh/verdaccio/verdaccio-auth-memory.svg?style=svg)](https://circleci.com/gh/ayusharma/verdaccio-auth-memory) +[![codecov](https://codecov.io/gh/verdaccio/verdaccio-auth-memory/branch/master/graph/badge.svg)](https://codecov.io/gh/verdaccio/verdaccio-auth-memory) + +This verdaccio auth plugin keeps the users in a memory plain object. +This means all sessions and users will disappear when you restart the verdaccio server. + +If you want to use this piece of software, do it at your own risk. **This plugin is being used for unit testing**. + +## Installation + +```sh +$ npm install -g verdaccio +$ npm install -g verdaccio-auth-memory +``` + +## Config + +Add to your `config.yaml`: + +```yaml +auth: + auth-memory: + users: + foo: + name: foo + password: s3cret + bar: + name: bar + password: s3cret +``` + +## For plugin writers + +It's called as: + +```js +const plugin = require('verdaccio-auth-memory'); + +plugin(config, appConfig); +``` + +Where: + +- config - module's own config +- appOptions - collection of different internal verdaccio objects + - appOptions.config - main config + - appOptions.logger - logger + +This should export four functions: + +- `adduser(user, password, cb)` Add new users + + It should respond with: + + - `cb(err)` in case of an error (error will be returned to user) + - `cb(null, false)` in case registration is disabled (next auth plugin will be executed) + - `cb(null, true)` in case user registered successfully + + It's useful to set `err.status` property to set http status code (e.g. `err.status = 403`). + +- `authenticate(user, password, cb)` Authenticate the user + + It should respond with: + + - `cb(err)` in case of a fatal error (error will be returned to user, keep those rare) + - `cb(null, false)` in case user not authenticated (next auth plugin will be executed) + - `cb(null, [groups])` in case user is authenticated + + Groups is an array of all users/usergroups this user has access to. You should probably include username itself here. + +- `allow_access(user, pkg, cb)` Check whether the user has permissions to access a resource (package) + + It should respond with: + + - `cb(err)` in case of a fatal error (error will be returned to user, keep those rare) + - `cb(null, false)` in case user not allowed to access (next auth plugin will be executed) + - `cb(null, true)` in case user is allowed to access + +- `allow_publish(user, pkg, cb)` Check whether the user has permissions to publish a resource (package) + + It should respond with: + + - `cb(err)` in case of a fatal error (error will be returned to user, keep those rare) + - `cb(null, false)` in case user not allowed to publish (next auth plugin will be executed) + - `cb(null, true)` in case user is allowed to publish + +## License + +[![FOSSA Status](https://app.fossa.io/api/projects/git%2Bgithub.com%2Fverdaccio%2Fverdaccio-auth-memory.svg?type=large)](https://app.fossa.io/projects/git%2Bgithub.com%2Fverdaccio%2Fverdaccio-auth-memory?ref=badge_large) diff --git a/packages/plugins/auth-memory/jest.config.js b/packages/plugins/auth-memory/jest.config.js new file mode 100644 index 000000000..a162244c9 --- /dev/null +++ b/packages/plugins/auth-memory/jest.config.js @@ -0,0 +1,5 @@ +const config = require('../../../jest/config'); + +module.exports = Object.assign({}, config, { + collectCoverage: true, +}); diff --git a/packages/plugins/auth-memory/package.json b/packages/plugins/auth-memory/package.json new file mode 100644 index 000000000..d781a8a02 --- /dev/null +++ b/packages/plugins/auth-memory/package.json @@ -0,0 +1,42 @@ +{ + "name": "verdaccio-auth-memory", + "version": "10.0.0-beta", + "description": "Auth plugin for Verdaccio that keeps users in memory", + "keywords": [ + "verdaccio", + "plugin", + "auth", + "memory" + ], + "author": "Juan Picado ", + "license": "MIT", + "homepage": "https://verdaccio.org", + "repository": { + "type": "https", + "url": "https://github.com/verdaccio/verdaccio", + "directory": "packages/plugins/auth-memory" + }, + "bugs": { + "url": "https://github.com/verdaccio/verdaccio/issues" + }, + "main": "build/index.js", + "types": "build/src/index.d.ts", + "dependencies": { + "@verdaccio/commons-api": "workspace:*" + }, + "devDependencies": { + "@verdaccio/types": "workspace:*" + }, + "scripts": { + "clean": "rimraf ./build", + "type-check": "tsc --noEmit -p tsconfig.build.json", + "build:types": "tsc --emitDeclarationOnly -p tsconfig.build.json", + "build:js": "babel src/ --out-dir build/ --copy-files --extensions \".ts,.tsx\" --source-maps", + "build": "pnpm run build:js && pnpm run build:types", + "test": "cross-env NODE_ENV=test BABEL_ENV=test jest" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/verdaccio" + } +} diff --git a/packages/plugins/auth-memory/src/Memory.ts b/packages/plugins/auth-memory/src/Memory.ts new file mode 100644 index 000000000..2efa89f09 --- /dev/null +++ b/packages/plugins/auth-memory/src/Memory.ts @@ -0,0 +1,166 @@ +import { + PluginOptions, + Callback, + PackageAccess, + IPluginAuth, + RemoteUser, + Logger, +} from '@verdaccio/types'; +import { getConflict, getForbidden, getNotFound, getUnauthorized } from '@verdaccio/commons-api'; + +import { VerdaccioMemoryConfig, Users, UserMemory } from './types/index'; + +export default class Memory implements IPluginAuth { + public _logger: Logger; + public _users: Users; + public _config: {}; + public _app_config: VerdaccioMemoryConfig; + + public constructor( + config: VerdaccioMemoryConfig, + appOptions: PluginOptions + ) { + this._users = config.users || {}; + this._config = config; + this._logger = appOptions.logger; + this._app_config = appOptions.config; + } + + public authenticate(user: string, password: string, done: Callback): void { + const userCredentials = this._users[user]; + + if (!userCredentials) { + this._logger.debug({ user }, '[VerdaccioMemory] user @{user} does not exist'); + return done(null, false); + } + + if (password !== userCredentials.password) { + const err = getUnauthorized("i don't like your password"); + this._logger.info({ user }, '[VerdaccioMemory] password invalid for: @{user}'); + + return done(err); + } + + // authentication succeeded! + // return all usergroups this user has access to; + this._logger.info({ user }, '[VerdaccioMemory] authentication succeeded for @{user}'); + return done(null, [user]); + } + + public adduser(user: string, password: string, done: Callback): void { + if (this._users[user]) { + this._logger.debug({ user }, '[VerdaccioMemory] user @{user} already exist'); + return done(null, true); + } + + if (this._app_config.max_users) { + if (Object.keys(this._users).length >= this._app_config.max_users) { + const err = getConflict('maximum amount of users reached'); + + return done(err); + } + } + + this._users[user] = { name: user, password: password }; + + this._logger.info({ user }, '[VerdaccioMemory] user added succeeded for @{user}'); + done(null, user); + } + + public changePassword( + username: string, + password: string, + newPassword: string, + cb: Callback + ): void { + const user: UserMemory = this._users[username]; + this._logger.debug({ user: username }, 'user: @{user} init change password'); + + if (user && user.password === password) { + user.password = newPassword; + this._users[username] = user; + + this._logger.info({ user }, '[VerdaccioMemory] user changed password succeeded for @{user}'); + cb(null, user); + } else { + const err = getNotFound('user not found'); + this._logger.debug({ user: username }, 'change password user @{user} not found'); + + return cb(err); + } + } + + public allow_access(user: RemoteUser, pkg: PackageAccess, cb: Callback): void { + if ( + (pkg.access && pkg.access.includes('$all')) || + (pkg.access && pkg.access.includes('$anonymous')) + ) { + this._logger.debug( + { user: user.name }, + '[VerdaccioMemory] user: @{user} has been granted access' + ); + + return cb(null, true); + } + + if (!user.name) { + const err = getForbidden('not allowed to access package'); + this._logger.debug({ user: user.name }, 'user: @{user} not allowed to access package'); + return cb(err); + } + + if ( + (pkg.access && pkg.access.includes(user.name)) || + (pkg.access && pkg.access.includes('$authenticated')) + ) { + this._logger.debug( + { user: user.name }, + '[VerdaccioMemory] user: @{user} has been granted access' + ); + return cb(null, true); + } + + const err = getForbidden('not allowed to access package'); + + this._logger.debug( + { user: user.name }, + '[VerdaccioMemory] user: @{user} not allowed to access package' + ); + return cb(err); + } + + public allow_publish(user: RemoteUser, pkg: PackageAccess, cb: Callback): void { + if ( + (pkg.publish && pkg.publish.includes('$all')) || + (pkg.publish && pkg.publish.includes('$anonymous')) + ) { + this._logger.debug( + { user: user.name }, + '[VerdaccioMemory] user: @{user} has been granted to publish' + ); + return cb(null, true); + } + + if (!user.name) { + const err = getForbidden('not allowed to publish package'); + this._logger.debug({ user: user.name }, 'user: @{user} not allowed to publish package'); + + return cb(err); + } + + if ( + (pkg.publish && pkg.publish.includes(user.name)) || + (pkg.publish && pkg.publish.includes('$authenticated')) + ) { + return cb(null, true); + } + + const err = getForbidden('not allowed to publish package'); + this._logger.debug( + { user: user.name }, + '[VerdaccioMemory] user: @{user} not allowed to publish package' + ); + + return cb(err); + } +} diff --git a/packages/plugins/auth-memory/src/index.ts b/packages/plugins/auth-memory/src/index.ts new file mode 100644 index 000000000..555516916 --- /dev/null +++ b/packages/plugins/auth-memory/src/index.ts @@ -0,0 +1,5 @@ +import Memory from './Memory'; + +export { Memory }; + +export default Memory; diff --git a/packages/plugins/auth-memory/src/types/index.ts b/packages/plugins/auth-memory/src/types/index.ts new file mode 100644 index 000000000..a7de3400f --- /dev/null +++ b/packages/plugins/auth-memory/src/types/index.ts @@ -0,0 +1,15 @@ +import { Config } from '@verdaccio/types'; + +export interface UserMemory { + name: string; + password: string; +} + +export interface Users { + [key: string]: UserMemory; +} + +export interface VerdaccioMemoryConfig extends Config { + max_users?: number; + users: Users; +} diff --git a/packages/plugins/auth-memory/test/index.spec.ts b/packages/plugins/auth-memory/test/index.spec.ts new file mode 100644 index 000000000..ba6f899c7 --- /dev/null +++ b/packages/plugins/auth-memory/test/index.spec.ts @@ -0,0 +1,253 @@ +import { Callback } from '@verdaccio/types'; + +import { VerdaccioMemoryConfig } from '../src/types'; +import Memory from '../src/index'; + +describe('Memory', function () { + let auth; + const logger = { + child: jest.fn(() => {}), + http: jest.fn(() => {}), + trace: jest.fn(() => {}), + warn: jest.fn(() => {}), + info: jest.fn(() => {}), + debug: jest.fn(() => {}), + error: jest.fn(() => {}), + fatal: jest.fn(() => {}), + }; + + beforeEach(function () { + auth = new Memory({ max_users: 100 } as VerdaccioMemoryConfig, { + config: {} as VerdaccioMemoryConfig, + logger, + }); + }); + + describe('#adduser', function () { + test('adds users', function (done) { + auth.adduser('test', 'secret', function (err, user) { + expect(err).toBeNull(); + expect(user).toEqual('test'); + done(); + }); + }); + + test('login existing users', function (done) { + auth.adduser('test', 'secret', function (err, user) { + expect(err).toBeNull(); + expect(user).toEqual('test'); + auth.adduser('test', 'secret', function (err, user) { + expect(err).toBeNull(); + expect(user).toBe(true); + done(); + }); + }); + }); + + test('max users reached', function (done) { + const auth = new Memory({} as VerdaccioMemoryConfig, { + config: { + max_users: -1, + } as VerdaccioMemoryConfig, + logger, + }); + auth.adduser('test', 'secret', function (err) { + expect(err).not.toBeNull(); + expect(err.message).toMatch(/maximum amount of users reached/); + done(); + }); + }); + }); + + describe('replace user', function () { + beforeAll(function (done) { + auth.adduser('test', 'secret', function (_err) { + done(); + }); + }); + + test('replaces password', function (done) { + auth.adduser('test', 'new_secret', function (err, user) { + expect(err).toBeNull(); + expect(user).toEqual('test'); + auth.authenticate('test', 'new_secret', function (err) { + expect(err).toBeNull(); + done(); + }); + }); + }); + }); + + describe('#allow_access', function () { + beforeEach(function (done) { + auth.adduser('test', 'secret', function (_err, _user) { + done(); + }); + }); + + const accessBy = (roles: string[], done: Callback): void => { + auth.allow_access( + { + name: 'test', + groups: [], + real_groups: [], + }, + { access: roles, publish: [], proxy: [] }, + function (err, groups) { + expect(err).toBeNull(); + expect(groups).toBe(true); + done(); + } + ); + }; + + test('should be allowed to access as $all to the package', function (done) { + accessBy(['$all'], done); + }); + + test('should be allowed to access as $anonymous to the package', function (done) { + accessBy(['$anonymous'], done); + }); + + test('should be allowed to access as $authenticated to the package', function (done) { + accessBy(['$authenticated'], done); + }); + + test('should be allowed to access as test to the package', function (done) { + accessBy(['test'], done); + }); + + test('should not to be allowed to access any package', function (done) { + auth.allow_access({}, { access: [], publish: [], proxy: [] }, function (err) { + expect(err).not.toBeNull(); + expect(err.message).toMatch(/not allowed to access package/); + done(); + }); + }); + + test('should not to be allowed to access the anyOtherUser package', function (done) { + auth.allow_access({}, { access: ['anyOtherUser'], publish: [], proxy: [] }, function (err) { + expect(err).not.toBeNull(); + expect(err.message).toMatch(/not allowed to access package/); + done(); + }); + }); + }); + + describe('#allow_publish', function () { + beforeEach(function (done) { + auth.adduser('test', 'secret', function (_err, _user) { + done(); + }); + }); + + const accessBy = (roles: string[], done: Callback): void => { + auth.allow_publish( + { + name: 'test', + groups: [], + real_groups: [], + }, + { publish: roles, proxy: [], access: [] }, + function (err, groups) { + expect(err).toBeNull(); + expect(groups).toBe(true); + done(); + } + ); + }; + + test('should be allowed to access as $all to the package', function (done) { + accessBy(['$all'], done); + }); + + test('should be allowed to access as $anonymous to the package', function (done) { + accessBy(['$anonymous'], done); + }); + + test('should be allowed to access as $authenticated to the package', function (done) { + accessBy(['$authenticated'], done); + }); + + test('should be allowed to access as test to the package', function (done) { + accessBy(['test'], done); + }); + + test('should not to be allowed to access any package', function (done) { + auth.allow_publish({}, { publish: [], proxy: [], access: [] }, function (err) { + expect(err).not.toBeNull(); + expect(err.message).toMatch(/not allowed to publish package/); + done(); + }); + }); + + test('should not to be allowed to access the anyOtherUser package', function (done) { + auth.allow_publish({}, { publish: ['anyOtherUser'], proxy: [], access: [] }, function (err) { + expect(err).not.toBeNull(); + expect(err.message).toMatch(/not allowed to publish package/); + done(); + }); + }); + }); + + describe('#changePassword', function () { + let auth; + + beforeEach(function (done) { + auth = new Memory({} as VerdaccioMemoryConfig, { + config: {} as VerdaccioMemoryConfig, + logger, + }); + auth.adduser('test', 'secret', function (_err, _user) { + done(); + }); + }); + + test('should change password', function (done) { + auth.changePassword('test', 'secret', 'newSecret', function (err, user) { + expect(err).toBeNull(); + expect(user.password).toEqual('newSecret'); + done(); + }); + }); + + test('should fail change password with user not found', function (done) { + auth.changePassword('NOTFOUND', 'secret', 'newSecret', function (err) { + expect(err).not.toBeNull(); + expect(err.message).toMatch(/user not found/); + done(); + }); + }); + }); + + describe('#authenticate', function () { + beforeEach(function (done) { + auth.adduser('test', 'secret', function (_err, _user) { + done(); + }); + }); + + test('validates existing users', function (done) { + auth.authenticate('test', 'secret', function (err, groups) { + expect(err).toBeNull(); + expect(groups).toBeDefined(); + done(); + }); + }); + + test('fails if wrong password', function (done) { + auth.authenticate('test', 'no-secret', function (err) { + expect(err).not.toBeNull(); + done(); + }); + }); + + test('fails if user doesnt exist', function (done) { + auth.authenticate('john', 'secret', function (err, groups) { + expect(err).toBeNull(); + expect(groups).toBeFalsy(); + done(); + }); + }); + }); +}); diff --git a/packages/plugins/auth-memory/tsconfig.build.json b/packages/plugins/auth-memory/tsconfig.build.json new file mode 100644 index 000000000..6d445a271 --- /dev/null +++ b/packages/plugins/auth-memory/tsconfig.build.json @@ -0,0 +1,9 @@ +{ + "extends": "../../../tsconfig.base", + "compilerOptions": { + "rootDir": "./src", + "outDir": "./build" + }, + "include": ["src/**/*.ts"], + "exclude": ["src/**/*.test.ts"] +} diff --git a/packages/plugins/auth-memory/tsconfig.json b/packages/plugins/auth-memory/tsconfig.json new file mode 100644 index 000000000..5a86ecffb --- /dev/null +++ b/packages/plugins/auth-memory/tsconfig.json @@ -0,0 +1,17 @@ +{ + "extends": "../../../tsconfig.reference.json", + "compilerOptions": { + "rootDir": "./src", + "outDir": "./build" + }, + "include": ["src/**/*", "types/*.d.ts"], + "exclude": ["src/**/*.test.ts"], + "references": [ + { + "path": "../../core/commons-api" + }, + { + "path": "../../core/types" + } + ] +} diff --git a/packages/plugins/memory/CHANGELOG.md b/packages/plugins/memory/CHANGELOG.md new file mode 100644 index 000000000..dce9647e9 --- /dev/null +++ b/packages/plugins/memory/CHANGELOG.md @@ -0,0 +1,307 @@ +# Change Log + +All notable changes to this project will be documented in this file. +See [Conventional Commits](https://conventionalcommits.org) for commit guidelines. + +## [9.7.2](https://github.com/verdaccio/monorepo/compare/v9.7.1...v9.7.2) (2020-07-20) + +**Note:** Version bump only for package verdaccio-memory + + + + + +## [9.7.1](https://github.com/verdaccio/monorepo/compare/v9.7.0...v9.7.1) (2020-07-10) + +**Note:** Version bump only for package verdaccio-memory + + + + + +# [9.7.0](https://github.com/verdaccio/monorepo/compare/v9.6.1...v9.7.0) (2020-06-24) + +**Note:** Version bump only for package verdaccio-memory + + + + + +## [9.6.1](https://github.com/verdaccio/monorepo/compare/v9.6.0...v9.6.1) (2020-06-07) + + +### Bug Fixes + +* **verdaccio-memory:** race condition on save a package ([#365](https://github.com/verdaccio/monorepo/issues/365)) ([70c1fb1](https://github.com/verdaccio/monorepo/commit/70c1fb1271e9e6af8577a81f8bf94d21d80e8d6b)) + + + + + +# [9.5.0](https://github.com/verdaccio/monorepo/compare/v9.4.1...v9.5.0) (2020-05-02) + +**Note:** Version bump only for package verdaccio-memory + + + + + +# [9.4.0](https://github.com/verdaccio/monorepo/compare/v9.3.4...v9.4.0) (2020-03-21) + +**Note:** Version bump only for package verdaccio-memory + + + + + +## [9.3.2](https://github.com/verdaccio/monorepo/compare/v9.3.1...v9.3.2) (2020-03-08) + +**Note:** Version bump only for package verdaccio-memory + + + + + +## [9.3.1](https://github.com/verdaccio/monorepo/compare/v9.3.0...v9.3.1) (2020-02-23) + +**Note:** Version bump only for package verdaccio-memory + + + + + +# [9.3.0](https://github.com/verdaccio/monorepo/compare/v9.2.0...v9.3.0) (2020-01-29) + +**Note:** Version bump only for package verdaccio-memory + + + + + +# [9.0.0](https://github.com/verdaccio/monorepo/compare/v8.5.3...v9.0.0) (2020-01-07) + +**Note:** Version bump only for package verdaccio-memory + + + + + +## [8.5.2](https://github.com/verdaccio/monorepo/compare/v8.5.1...v8.5.2) (2019-12-25) + + +### Bug Fixes + +* add types for storage handler ([#307](https://github.com/verdaccio/monorepo/issues/307)) ([c35746e](https://github.com/verdaccio/monorepo/commit/c35746ebba071900db172608dedff66a7d27c23d)) + + + + + +## [8.5.1](https://github.com/verdaccio/monorepo/compare/v8.5.0...v8.5.1) (2019-12-24) + +**Note:** Version bump only for package verdaccio-memory + + + + + +# [8.5.0](https://github.com/verdaccio/monorepo/compare/v8.4.2...v8.5.0) (2019-12-22) + +**Note:** Version bump only for package verdaccio-memory + + + + + +## [8.4.2](https://github.com/verdaccio/monorepo/compare/v8.4.1...v8.4.2) (2019-11-23) + +**Note:** Version bump only for package verdaccio-memory + + + + + +## [8.4.1](https://github.com/verdaccio/monorepo/compare/v8.4.0...v8.4.1) (2019-11-22) + +**Note:** Version bump only for package verdaccio-memory + + + + + +# [8.4.0](https://github.com/verdaccio/monorepo/compare/v8.3.0...v8.4.0) (2019-11-22) + +**Note:** Version bump only for package verdaccio-memory + + + + + +# [8.3.0](https://github.com/verdaccio/monorepo/compare/v8.2.0...v8.3.0) (2019-10-27) + +**Note:** Version bump only for package verdaccio-memory + + + + + +# [8.2.0](https://github.com/verdaccio/monorepo/compare/v8.2.0-next.0...v8.2.0) (2019-10-23) + +**Note:** Version bump only for package verdaccio-memory + + + + + +# [8.2.0-next.0](https://github.com/verdaccio/monorepo/compare/v8.1.4...v8.2.0-next.0) (2019-10-08) + + +### Bug Fixes + +* fixed lint errors ([5e677f7](https://github.com/verdaccio/monorepo/commit/5e677f7)) +* fs.exists with other fileSystem alternatives ([#159](https://github.com/verdaccio/monorepo/issues/159)) ([f94e325](https://github.com/verdaccio/monorepo/commit/f94e325)) + + + + + +## [8.1.2](https://github.com/verdaccio/monorepo/compare/v8.1.1...v8.1.2) (2019-09-29) + +**Note:** Version bump only for package verdaccio-memory + + + + + +## [8.1.1](https://github.com/verdaccio/monorepo/compare/v8.1.0...v8.1.1) (2019-09-26) + +**Note:** Version bump only for package verdaccio-memory + + + + + +# [8.1.0](https://github.com/verdaccio/monorepo/compare/v8.0.1-next.1...v8.1.0) (2019-09-07) + + +### Features + +* **verdaccio-memory:** update @verdaccio/types and add new required methods ([eba5077](https://github.com/verdaccio/monorepo/commit/eba5077)) + + + + + +## [8.0.1-next.1](https://github.com/verdaccio/monorepo/compare/v8.0.1-next.0...v8.0.1-next.1) (2019-08-29) + +**Note:** Version bump only for package verdaccio-memory + + + + + +## [8.0.1-next.0](https://github.com/verdaccio/monorepo/compare/v8.0.0...v8.0.1-next.0) (2019-08-29) + +**Note:** Version bump only for package verdaccio-memory + + + + + +# [8.0.0](https://github.com/verdaccio/monorepo/compare/v8.0.0-next.4...v8.0.0) (2019-08-22) + +**Note:** Version bump only for package verdaccio-memory + + + + + +# [8.0.0-next.4](https://github.com/verdaccio/monorepo/compare/v8.0.0-next.3...v8.0.0-next.4) (2019-08-18) + +**Note:** Version bump only for package verdaccio-memory + + + + + +# [8.0.0-next.2](https://github.com/verdaccio/monorepo/compare/v8.0.0-next.1...v8.0.0-next.2) (2019-08-03) + +**Note:** Version bump only for package verdaccio-memory + + + + + +# [8.0.0-next.1](https://github.com/verdaccio/monorepo/compare/v8.0.0-next.0...v8.0.0-next.1) (2019-08-01) + +**Note:** Version bump only for package verdaccio-memory + + + + + +# [8.0.0-next.0](https://github.com/verdaccio/monorepo/compare/v2.0.0...v8.0.0-next.0) (2019-08-01) + + +### Bug Fixes + +* issue on package not found ([944e1a5](https://github.com/verdaccio/monorepo/commit/944e1a5)) +* missing params ([9979160](https://github.com/verdaccio/monorepo/commit/9979160)) +* read tarball stream ([bc4bbbb](https://github.com/verdaccio/monorepo/commit/bc4bbbb)) +* update new plugin types flow ([d2e2319](https://github.com/verdaccio/monorepo/commit/d2e2319)) + + +### Features + +* add getSecret support ([0d047f4](https://github.com/verdaccio/monorepo/commit/0d047f4)) +* add limit feature ([9e2fa5c](https://github.com/verdaccio/monorepo/commit/9e2fa5c)) +* drop node v6 ([d0ae9ba](https://github.com/verdaccio/monorepo/commit/d0ae9ba)) +* local database method are async ([f55302b](https://github.com/verdaccio/monorepo/commit/f55302b)) +* migrate to typescript ([c01df36](https://github.com/verdaccio/monorepo/commit/c01df36)) +* node 6 as minimum ([ed81731](https://github.com/verdaccio/monorepo/commit/ed81731)) +* update secret to async ([9bcab19](https://github.com/verdaccio/monorepo/commit/9bcab19)) + + + + + +# Change Log + +All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines. + +# [2.0.0](https://github.com/verdaccio/verdaccio-memory/compare/v2.0.0-beta.0...v2.0.0) (2019-03-29) + + +### Features + +* drop node v6 ([227fe18](https://github.com/verdaccio/verdaccio-memory/commit/227fe18)) + + + + +# [2.0.0-beta.0](https://github.com/verdaccio/verdaccio-memory/compare/v1.0.3...v2.0.0-beta.0) (2019-01-27) + + +### Bug Fixes + +* **deps:** update dependency http-errors to v1.7.0 ([0067759](https://github.com/verdaccio/verdaccio-memory/commit/0067759)) + + +### Features + +* migrate to typescript ([c7a8507](https://github.com/verdaccio/verdaccio-memory/commit/c7a8507)) + + + + +## [1.0.3](https://github.com/verdaccio/verdaccio-memory/compare/v1.0.2...v1.0.3) (2018-07-15) + + +### Bug Fixes + +* update new plugin types flow ([b0c5398](https://github.com/verdaccio/verdaccio-memory/commit/b0c5398)) + + + + +## [1.0.2](https://github.com/verdaccio/verdaccio-memory/compare/v1.0.1...v1.0.2) (2018-07-15) diff --git a/packages/plugins/memory/LICENSE b/packages/plugins/memory/LICENSE new file mode 100644 index 000000000..65fb12e2a --- /dev/null +++ b/packages/plugins/memory/LICENSE @@ -0,0 +1,21 @@ +MIT License + +Copyright (c) 2019 Verdaccio + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. diff --git a/packages/plugins/memory/README.md b/packages/plugins/memory/README.md new file mode 100644 index 000000000..b7febb5a2 --- /dev/null +++ b/packages/plugins/memory/README.md @@ -0,0 +1,54 @@ +# verdaccio-memory + +[![CircleCI](https://circleci.com/gh/verdaccio/verdaccio-memory.svg?style=svg)](https://circleci.com/gh/ayusharma/verdaccio-memory) +[![codecov](https://codecov.io/gh/verdaccio/verdaccio-memory/branch/master/graph/badge.svg)](https://codecov.io/gh/verdaccio/verdaccio-memory) +[![verdaccio (latest)](https://img.shields.io/npm/v/verdaccio-memory/latest.svg)](https://www.npmjs.com/package/verdaccio-memory) +[![Known Vulnerabilities](https://snyk.io/test/github/verdaccio/verdaccio-memory/badge.svg?targetFile=package.json)](https://snyk.io/test/github/verdaccio/verdaccio-memory?targetFile=package.json) +[![backers](https://opencollective.com/verdaccio/tiers/backer/badge.svg?label=Backer&color=brightgreen)](https://opencollective.com/verdaccio) +[![discord](https://img.shields.io/discord/388674437219745793.svg)](http://chat.verdaccio.org/) +![MIT](https://img.shields.io/github/license/mashape/apistatus.svg) +[![node](https://img.shields.io/node/v/verdaccio-memory/latest.svg)](https://www.npmjs.com/package/verdaccio-memory) + +A memory based **storage plugin**. + +``` + npm install --global verdaccio-memory +``` + +### Requirements + +> `verdaccio@3.0.0` or `verdaccio@4.x` + +``` +npm install -g verdaccio +``` + +Complete configuration example: + +```yaml +store: + memory: + limit: 1000 +``` + +in `config.yaml` + +If `store:` is present `storage:` fallback is being ignored. + +```yaml +storage: /Users/user/.local/share/verdaccio/storage +auth: + htpasswd: + file: ./htpasswd +store: + memory: + limit: 1000 +``` + +## Disclaimer + +This plugin should not be use for production environments. It might be useful for testing or such places as CI where data does not need to be persisted. + +## License + +[MIT](http://www.opensource.org/licenses/mit-license.php) diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml index 6eb50e9de..3bfb638af 100644 --- a/pnpm-lock.yaml +++ b/pnpm-lock.yaml @@ -519,6 +519,14 @@ importers: core-js: ^3.6.5 lodash: ^4.17.20 selfsigned: 1.10.7 + packages/plugins/auth-memory: + dependencies: + '@verdaccio/commons-api': 'link:../../core/commons-api' + devDependencies: + '@verdaccio/types': 'link:../../core/types' + specifiers: + '@verdaccio/commons-api': 'workspace:*' + '@verdaccio/types': 'workspace:*' packages/plugins/memory: dependencies: '@verdaccio/commons-api': 'link:../../core/commons-api'