From 831083a97617ff541c34ab609eddcb007efa0fb2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20De=20Paz?= Date: Wed, 19 Oct 2016 16:38:51 -0600 Subject: [PATCH 01/15] Problem with docker.yaml MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit There is a problem with the docker.yaml file. auth:    htpasswd:      file:/verdaccio/config/htpasswd The file property should point to /verdaccio/conf/htpasswd because folder /verdaccio/config dosen't exist and therefore dosen't let to create users. Thank you for working on this great tool. Regards --- conf/docker.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/conf/docker.yaml b/conf/docker.yaml index b55be010d..51ec28eba 100644 --- a/conf/docker.yaml +++ b/conf/docker.yaml @@ -11,7 +11,7 @@ storage: /verdaccio/storage auth: htpasswd: - file: /verdaccio/config/htpasswd + file: /verdaccio/conf/htpasswd # Maximum amount of users allowed to register, defaults to "+inf". # You can set this to -1 to disable registration. #max_users: 1000 From c927517e375c3a5f9af87a7a30c799415e5e8084 Mon Sep 17 00:00:00 2001 From: Tom Vincent Date: Sun, 13 Nov 2016 16:25:14 +0000 Subject: [PATCH 02/15] Prevent logging of user and password --- lib/plugins/htpasswd/index.js | 2 -- 1 file changed, 2 deletions(-) diff --git a/lib/plugins/htpasswd/index.js b/lib/plugins/htpasswd/index.js index f978a6d0c..ecde78c50 100644 --- a/lib/plugins/htpasswd/index.js +++ b/lib/plugins/htpasswd/index.js @@ -100,8 +100,6 @@ HTPasswd.prototype.adduser = function (user, password, real_cb) { if (s_err) return cb(s_err) try { - console.log('body = utils.add_user_to_htpasswd(body, user, password)') - console.log(user, password) body = utils.add_user_to_htpasswd(body, user, password) } catch (err) { return cb(err) From 69c56281846e33bc9913577516a4f6146df72700 Mon Sep 17 00:00:00 2001 From: Robert Groh Date: Fri, 18 Nov 2016 16:03:01 +0100 Subject: [PATCH 03/15] fix old config attribute name in readme rename `proxy_access` to `proxy` see 6075034521d8f3442efc0d44d9ef7b0c174b1754 for reference --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 02d151e12..7cc88bbc9 100644 --- a/README.md +++ b/README.md @@ -107,7 +107,7 @@ There's two options here: 1. You want to create a separate fork and stop synchronizing with public version. - If you want to do that, you should modify your configuration file so verdaccio won't make requests regarding this package to npmjs anymore. Add a separate entry for this package to *config.yaml* and remove `npmjs` from `proxy_access` list and restart the server. + If you want to do that, you should modify your configuration file so verdaccio won't make requests regarding this package to npmjs anymore. Add a separate entry for this package to *config.yaml* and remove `npmjs` from `proxy` list and restart the server. When you publish your package locally, you should probably start with version string higher than existing one, so it won't conflict with existing package in the cache. From 3c060766e788ab434b04eea6ec7ee708aee2951d Mon Sep 17 00:00:00 2001 From: Juan Carlos Picado Date: Sun, 27 Nov 2016 15:07:45 +0100 Subject: [PATCH 04/15] Fix #65 and also PR on fl4re#4 --- lib/GUI/entry.hbs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/GUI/entry.hbs b/lib/GUI/entry.hbs index 6e63d3713..a28fe423d 100644 --- a/lib/GUI/entry.hbs +++ b/lib/GUI/entry.hbs @@ -8,7 +8,7 @@
- By: {{ _npmUser.name }} + By: {{ author.name }}
From 0210752ea5befad5a4124fa9cae5614bf2ad8772 Mon Sep 17 00:00:00 2001 From: Juan Carlos Picado Date: Mon, 5 Dec 2016 08:42:43 +0100 Subject: [PATCH 05/15] clean warnings on unit test --- lib/auth.js | 12 ++++++------ lib/index-api.js | 2 +- test/functional/lib/server.js | 2 +- 3 files changed, 8 insertions(+), 8 deletions(-) diff --git a/lib/auth.js b/lib/auth.js index c1028e4a9..c7044c9a4 100644 --- a/lib/auth.js +++ b/lib/auth.js @@ -195,9 +195,9 @@ Auth.prototype.basic_middleware = function() { var scheme = parts[0] if (scheme === 'Basic') { - var credentials = Buffer(parts[1], 'base64').toString() + var credentials = new Buffer(parts[1], 'base64').toString() } else if (scheme === 'Bearer') { - var credentials = self.aes_decrypt(Buffer(parts[1], 'base64')).toString('utf8') + var credentials = self.aes_decrypt(new Buffer(parts[1], 'base64')).toString('utf8') if (!credentials) return next() } else { return next() @@ -286,7 +286,7 @@ Auth.prototype.cookie_middleware = function() { req.remote_user = AuthenticatedUser(user.u, user.g) req.remote_user.token = token next()*/ - var credentials = self.aes_decrypt(Buffer(token, 'base64')).toString('utf8') + var credentials = self.aes_decrypt(new Buffer(token, 'base64')).toString('utf8') if (!credentials) return next() var index = credentials.indexOf(':') @@ -314,13 +314,13 @@ Auth.prototype.issue_token = function(user) { t: ~~(Date.now()/1000), }, { indent: false }) - data = Buffer(data, 'utf8') + data = new Buffer(data, 'utf8') var mac = Crypto.createHmac('sha256', this.secret).update(data).digest() return Buffer.concat([ data, mac ]).toString('base64') } Auth.prototype.decode_token = function(str, expire_time) { - var buf = Buffer(str, 'base64') + var buf = new Buffer(str, 'base64') if (buf.length <= 32) throw Error[401]('invalid token') var data = buf.slice(0, buf.length - 32) @@ -355,7 +355,7 @@ Auth.prototype.aes_decrypt = function(buf) { var b1 = c.update(buf) var b2 = c.final() } catch(_) { - return Buffer(0) + return new Buffer(0) } return Buffer.concat([ b1, b2 ]) } diff --git a/lib/index-api.js b/lib/index-api.js index 224573fb7..f53d152e1 100644 --- a/lib/index-api.js +++ b/lib/index-api.js @@ -364,7 +364,7 @@ module.exports = function(config, auth, storage) { }) // this is dumb and memory-consuming, but what choices do we have? - stream.end(Buffer(data.data, 'base64')) + stream.end(new Buffer(data.data, 'base64')) stream.done() } diff --git a/test/functional/lib/server.js b/test/functional/lib/server.js index 4a1af0ef7..0a720b14c 100644 --- a/test/functional/lib/server.js +++ b/test/functional/lib/server.js @@ -27,7 +27,7 @@ Server.prototype.request = function(options) { } Server.prototype.auth = function(user, pass) { - this.authstr = 'Basic '+(Buffer(user+':'+pass)).toString('base64') + this.authstr = 'Basic '+(new Buffer(user+':'+pass)).toString('base64') return this.request({ uri: '/-/user/org.couchdb.user:'+encodeURIComponent(user)+'/-rev/undefined', method: 'PUT', From d6dd63f01201d8cdcd4d0cad96d214b6c89fddb9 Mon Sep 17 00:00:00 2001 From: Juan Carlos Picado Date: Mon, 5 Dec 2016 08:52:52 +0100 Subject: [PATCH 06/15] add travis node 4,6 and 7 --- .travis.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.travis.yml b/.travis.yml index 40ff1cf82..b157262e0 100644 --- a/.travis.yml +++ b/.travis.yml @@ -2,6 +2,9 @@ language: node_js node_js: - '0.10' - '0.12' + - '4' + - '6' + - '7' - '1' - '2' - 'iojs' From 32cc6ea61767a81aeda934e5ffe7aac2864cfc42 Mon Sep 17 00:00:00 2001 From: Juan Carlos Picado Date: Mon, 5 Dec 2016 20:33:11 +0100 Subject: [PATCH 07/15] Removed testing support for 0.10 and 0.12 (already deprecated) --- .travis.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/.travis.yml b/.travis.yml index b157262e0..6a51a5aa8 100644 --- a/.travis.yml +++ b/.travis.yml @@ -1,7 +1,5 @@ language: node_js node_js: - - '0.10' - - '0.12' - '4' - '6' - '7' From 674057b1af52db031a6dfaf77ae6d40b6c3ba67c Mon Sep 17 00:00:00 2001 From: Juan Carlos Picado Date: Wed, 7 Dec 2016 23:18:16 +0100 Subject: [PATCH 08/15] replace project names --- lib/cli.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/cli.js b/lib/cli.js index 3e3566b01..8cdade1ac 100644 --- a/lib/cli.js +++ b/lib/cli.js @@ -3,7 +3,7 @@ /*eslint no-sync:0*/ if (process.getuid && process.getuid() === 0) { - global.console.error("Sinopia doesn't need superuser privileges. Don't run it under root.") + global.console.error("Verdaccio doesn't need superuser privileges. Don't run it under root.") } process.title = 'verdaccio' From ccd3d26059b7b30e70adffea005faf787a703cd5 Mon Sep 17 00:00:00 2001 From: Aram Drevekenin Date: Thu, 19 Jan 2017 17:14:39 +0200 Subject: [PATCH 09/15] test: adduser created with htpasswd --- test/functional/adduser.js | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/test/functional/adduser.js b/test/functional/adduser.js index 0402f297b..b0c6bcf53 100644 --- a/test/functional/adduser.js +++ b/test/functional/adduser.js @@ -1,4 +1,6 @@ var Server = require('./lib/server') +var fs = require('fs') +var path = require('path') module.exports = function() { var server = new Server('http://localhost:55551/') @@ -26,4 +28,20 @@ module.exports = function() { .body_error(/maximum amount of users reached/) }) }) + + describe('adduser created with htpasswd', function() { + var user = 'preexisting' + var pass = 'preexisting' + before(function () { + return fs.appendFileSync( + path.join(__dirname, 'test-storage', '.htpasswd'), + 'preexisting:$apr1$4YSboUa9$yVKjE7.PxIOuK3M4D7VjX.' + ) + }) + it('should log in', function () { + return server.auth(user, pass) + .status(201) + .body_ok(/you are authenticated as/) + }) + }) } From 223d6492d4edf0bc8b29c15cae00733b063780f7 Mon Sep 17 00:00:00 2001 From: Aram Drevekenin Date: Thu, 19 Jan 2017 17:14:53 +0200 Subject: [PATCH 10/15] feat: adduser created with htpasswd --- lib/plugins/htpasswd/utils.js | 9 ++++++--- package.json | 1 + 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/lib/plugins/htpasswd/utils.js b/lib/plugins/htpasswd/utils.js index 229662f9f..425e7b085 100644 --- a/lib/plugins/htpasswd/utils.js +++ b/lib/plugins/htpasswd/utils.js @@ -1,5 +1,6 @@ var crypto = require('crypto') var crypt3 = require('./crypt3') +var md5 = require('apache-md5') var locker = require('../../file-locking') // this function neither unlocks file nor closes it @@ -32,10 +33,12 @@ function verify_password(user, passwd, hash) { return passwd === hash.substr(7) } else if (hash.indexOf('{SHA}') === 0) { return crypto.createHash('sha1').update(passwd, 'binary').digest('base64') === hash.substr(5) - } else if (crypt3) { - return crypt3(passwd, hash) === hash } else { - return false + return ( + // for backwards compatibility, first check md5 then check crypt3 + md5(passwd, hash) === hash || + crypt3(passwd, hash) === hash + ) } } diff --git a/package.json b/package.json index 1a7e20f4d..730c2f2af 100644 --- a/package.json +++ b/package.json @@ -16,6 +16,7 @@ }, "dependencies": { "JSONStream": "^1.1.1", + "apache-md5": "^1.1.2", "async": "^2.0.1", "body-parser": "^1.15.0", "bunyan": "^1.8.0", From 6c6646873ce50de2f98b172ad59291c18a64e970 Mon Sep 17 00:00:00 2001 From: Juan Carlos Picado Date: Sun, 22 Jan 2017 22:23:30 +0100 Subject: [PATCH 11/15] Rename cleanup --- lib/plugins/htpasswd/index.js | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/lib/plugins/htpasswd/index.js b/lib/plugins/htpasswd/index.js index ecde78c50..ce092f497 100644 --- a/lib/plugins/htpasswd/index.js +++ b/lib/plugins/htpasswd/index.js @@ -15,19 +15,19 @@ function HTPasswd(config, stuff) { self._logger = stuff.logger // sinopia main config object - self._sinopia_config = stuff.config + self._verdaccio_config = stuff.config // all this "sinopia_config" stuff is for b/w compatibility only self._maxusers = self._config.max_users - if (!self._maxusers) self._maxusers = self._sinopia_config.max_users + if (!self._maxusers) self._maxusers = self._verdaccio_config.max_users // set maxusers to Infinity if not specified if (!self._maxusers) self._maxusers = Infinity self._last_time = null var file = self._config.file - if (!file) file = self._sinopia_config.users_file + if (!file) file = self._verdaccio_config.users_file if (!file) throw new Error('should specify "file" in config') - self._path = Path.resolve(Path.dirname(self._sinopia_config.self_path), file) + self._path = Path.resolve(Path.dirname(self._verdaccio_config.self_path), file) return self } From 27ea2f91c049874abee21d959ac27ed9fd740f9a Mon Sep 17 00:00:00 2001 From: Juan Carlos Picado Date: Tue, 24 Jan 2017 08:34:59 +0100 Subject: [PATCH 12/15] remove travis io.js support --- .travis.yml | 3 --- 1 file changed, 3 deletions(-) diff --git a/.travis.yml b/.travis.yml index 6a51a5aa8..17cbf7fc0 100644 --- a/.travis.yml +++ b/.travis.yml @@ -3,9 +3,6 @@ node_js: - '4' - '6' - '7' - - '1' - - '2' - - 'iojs' sudo: false matrix: allow_failures: From 6bbeff6d056f9a0c95c5d45b4ec2ef0cf322d670 Mon Sep 17 00:00:00 2001 From: jotadeveloper Date: Fri, 3 Feb 2017 21:04:43 +0100 Subject: [PATCH 13/15] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 7cc88bbc9..21e0b84bc 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,6 @@ `verdaccio` is a fork of `sinopia`. It aims to keep backwards compatibility with `sinopia`, while keeping up with npm changes. -`sinopia` - a private/caching npm repository server +`verdaccio` - a private/caching npm repository server [![travis badge](http://img.shields.io/travis/verdaccio/verdaccio.svg)](https://travis-ci.org/verdaccio/verdaccio) From 0470a02b2fea7c512123c8e884b197191f8890d5 Mon Sep 17 00:00:00 2001 From: "Juan Picado @jotadeveloper" Date: Sat, 4 Feb 2017 00:29:34 +0100 Subject: [PATCH 14/15] Add istanbul unit testing coverage --- .gitignore | 10 +++++++++- package.json | 14 ++++++++------ 2 files changed, 17 insertions(+), 7 deletions(-) diff --git a/.gitignore b/.gitignore index 88ddd7288..f8e01d6b1 100644 --- a/.gitignore +++ b/.gitignore @@ -5,11 +5,19 @@ sinopia-*.tgz ### !bin/sinopia test-storage* - node_modules + +# Istanbul +coverage/ +.nyc* + # Visual Studio Code .vscode/* .jscsrc .jshintrc jsconfig.json + + +# Yarn +yarn* \ No newline at end of file diff --git a/package.json b/package.json index 730c2f2af..ea82437b7 100644 --- a/package.json +++ b/package.json @@ -43,20 +43,21 @@ "unix-crypt-td-js": "^1.0.0" }, "devDependencies": { - "rimraf": "^2.5.2", "bluebird": "^3.3.5", - "mocha": "^2.4.5", - "eslint": "^2.9.0", "browserify": "^13.0.0", "browserify-handlebars": "^1.0.0", + "eslint": "^2.9.0", "grunt": "^1.0.1", - "grunt-cli": "^1.2.0", "grunt-browserify": "^5.0.0", + "grunt-cli": "^1.2.0", "grunt-contrib-less": "^1.3.0", "grunt-contrib-watch": "^1.0.0", - "unopinionate": "^0.0.4", + "mocha": "^2.4.5", + "nyc": "^10.1.2", "onclick": "^0.1.0", - "transition-complete": "^0.0.2" + "rimraf": "^2.5.2", + "transition-complete": "^0.0.2", + "unopinionate": "^0.0.4" }, "keywords": [ "private", @@ -69,6 +70,7 @@ ], "scripts": { "test": "eslint . && mocha ./test/functional ./test/unit", + "test:coverage": "nyc --reporter=html --reporter=text mocha -R spec ./test/functional ./test/unit", "test-travis": "eslint . && mocha -R spec ./test/functional ./test/unit", "test-only": "mocha ./test/functional ./test/unit", "lint": "eslint ." From ffb3c0e6d0fda18b943c88fb680140481ddcc8e7 Mon Sep 17 00:00:00 2001 From: "Juan Picado @jotadeveloper" Date: Sat, 4 Feb 2017 00:32:54 +0100 Subject: [PATCH 15/15] add travis coverage configuration --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index ea82437b7..705ee5b8c 100644 --- a/package.json +++ b/package.json @@ -71,7 +71,7 @@ "scripts": { "test": "eslint . && mocha ./test/functional ./test/unit", "test:coverage": "nyc --reporter=html --reporter=text mocha -R spec ./test/functional ./test/unit", - "test-travis": "eslint . && mocha -R spec ./test/functional ./test/unit", + "test-travis": "eslint . && npm run test:coverage", "test-only": "mocha ./test/functional ./test/unit", "lint": "eslint ." },