mirror of
https://github.com/verdaccio/verdaccio.git
synced 2025-01-20 22:52:46 -05:00
ddb42431d1
* build: configure pretter as formatter for most files * chore: reformat code (#1931) * chore: re-format all files * chore: force run quality anaylsis test Co-authored-by: Juan Picado @jotadeveloper <juanpicado19@gmail.com> Co-authored-by: Juan Picado @jotadeveloper <juanpicado19@gmail.com>
79 lines
3 KiB
Markdown
79 lines
3 KiB
Markdown
---
|
|
id: authentification
|
|
title: 'Authentification'
|
|
---
|
|
|
|
The authentification is tied to the auth [plugin](plugins.md) you are using. The package restrictions also is handled by the [Package Access](packages.md).
|
|
|
|
<div id="codefund">''</div>
|
|
|
|
The client authentification is handled by `npm` client itself. Once you login to the application:
|
|
|
|
```bash
|
|
npm adduser --registry http://localhost:4873
|
|
```
|
|
|
|
A token is generated in the `npm` configuration file hosted in your user home folder. For more information about `.npmrc` read the [official documentation](https://docs.npmjs.com/files/npmrc).
|
|
|
|
```bash
|
|
cat .npmrc
|
|
registry=http://localhost:5555/
|
|
//localhost:5555/:_authToken="secretVerdaccioToken"
|
|
//registry.npmjs.org/:_authToken=secretNpmjsToken
|
|
```
|
|
|
|
#### Anonymous publish
|
|
|
|
`verdaccio`allows you to enable anonymous publish, to achieve that you will need to set up correctly your [packages access](packages.md).
|
|
|
|
Eg:
|
|
|
|
```yaml
|
|
'my-company-*':
|
|
access: $anonymous
|
|
publish: $anonymous
|
|
proxy: npmjs
|
|
```
|
|
|
|
As is described [on issue #212](https://github.com/verdaccio/verdaccio/issues/212#issuecomment-308578500) until `npm@5.3.0` and all minor releases **won't allow you publish without a token**.
|
|
|
|
## Understanding Groups
|
|
|
|
### The meaning of `$all` and `$anonymous`
|
|
|
|
As you know _Verdaccio_ uses the `htpasswd` by default. That plugin does not implement the methods `allow_access`, `allow_publish` and `allow_unpublish`.
|
|
Thus, _Verdaccio_ will handle that in the following way:
|
|
|
|
- If you are not logged in (you are anonymous), `$all` and `$anonymous` means exactly the same.
|
|
- If you are logged in, `$anonymous` won't be part of your groups and `$all` will match any logged user. A new group `$authenticated` will be added to the list.
|
|
|
|
As a takeaway, `$all` **will match all users, independently whether is logged or not**.
|
|
|
|
**The previous behavior only applies to the default authentication plugin**. If you are using a custom plugin and such plugin implements
|
|
`allow_access`, `allow_publish` or `allow_unpublish`, the resolution of the access depends on the plugin itself. Verdaccio will only set the default groups.
|
|
|
|
Let's recap:
|
|
|
|
- **logged**: `$all`, `$authenticated`, + groups added by the plugin
|
|
- **anonymous (logged out)**: `$all` and `$anonymous`.
|
|
|
|
## Default htpasswd
|
|
|
|
In order to simplify the setup, `verdaccio` use a plugin based on `htpasswd`. Since version v3.0.x the `verdaccio-htpasswd` plugin
|
|
is used by default.
|
|
|
|
```yaml
|
|
auth:
|
|
htpasswd:
|
|
file: ./htpasswd
|
|
# Maximum amount of users allowed to register, defaults to "+inf".
|
|
# You can set this to -1 to disable registration.
|
|
#max_users: 1000
|
|
```
|
|
|
|
| Property | Type | Required | Example | Support | Description |
|
|
| --------- | ------ | -------- | ---------- | ------- | ---------------------------------------- |
|
|
| file | string | Yes | ./htpasswd | all | file that host the encrypted credentials |
|
|
| max_users | number | No | 1000 | all | set limit of users |
|
|
|
|
In case to decide do not allow user to login, you can set `max_users: -1`.
|