merging in changes from upstream & fixing conflicts

2024-11-08 23:25:51 +01:00 · 2017-02-04 22:58:26 -05:00 · 2017-02-04 22:58:26 -05:00 · 01a6c22103
commit 01a6c22103
parent 9fd42ffb34 9f1b1619e8
11 changed files with 54 additions and 24 deletions
--- a/.gitignore
+++ b/.gitignore
@ -5,11 +5,19 @@ verdaccio-*.tgz
 ###
 !bin/verdaccio
 test-storage*
-
 node_modules

+
+# Istanbul
+coverage/
+.nyc*
+
 # Visual Studio Code
 .vscode/*
 .jscsrc
 .jshintrc
 jsconfig.json
+
+
+# Yarn
+yarn*
--- a/README.md
+++ b/README.md
@ -107,7 +107,7 @@ There's two options here:

 1. You want to create a separate fork and stop synchronizing with public version.

-   If you want to do that, you should modify your configuration file so verdaccio won't make requests regarding this package to npmjs anymore. Add a separate entry for this package to *config.yaml* and remove `npmjs` from `proxy_access` list and restart the server.
+   If you want to do that, you should modify your configuration file so verdaccio won't make requests regarding this package to npmjs anymore. Add a separate entry for this package to *config.yaml* and remove `npmjs` from `proxy` list and restart the server.

   When you publish your package locally, you should probably start with version string higher than existing one, so it won't conflict with existing package in the cache.

--- a/conf/docker.yaml
+++ b/conf/docker.yaml
@ -11,7 +11,7 @@ storage: /verdaccio/storage

 auth:
  htpasswd:
-    file: /verdaccio/config/htpasswd
+    file: /verdaccio/conf/htpasswd
    # Maximum amount of users allowed to register, defaults to "+inf".
    # You can set this to -1 to disable registration.
    #max_users: 1000
--- a/lib/GUI/entry.hbs
+++ b/lib/GUI/entry.hbs
@ -8,7 +8,7 @@
    </div>
    <div class="col-md-4 col-sm-4">
      <div class="author pull-right">
-        <small>By: {{ _npmUser.name }}</small>
+        <small>By: {{ author.name }}</small>
      </div>
    </div>
  </div>
--- a/lib/auth.js
+++ b/lib/auth.js
@ -195,9 +195,9 @@ Auth.prototype.basic_middleware = function() {

    var scheme = parts[0]
    if (scheme === 'Basic') {
-      var credentials = Buffer(parts[1], 'base64').toString()
+      var credentials = new Buffer(parts[1], 'base64').toString()
    } else if (scheme === 'Bearer') {
-      var credentials = self.aes_decrypt(Buffer(parts[1], 'base64')).toString('utf8')
+      var credentials = self.aes_decrypt(new Buffer(parts[1], 'base64')).toString('utf8')
      if (!credentials) return next()
    } else {
      return next()
@ -286,7 +286,7 @@ Auth.prototype.cookie_middleware = function() {
    req.remote_user = AuthenticatedUser(user.u, user.g)
    req.remote_user.token = token
    next()*/
-    var credentials = self.aes_decrypt(Buffer(token, 'base64')).toString('utf8')
+    var credentials = self.aes_decrypt(new Buffer(token, 'base64')).toString('utf8')
    if (!credentials) return next()

    var index = credentials.indexOf(':')
@ -314,13 +314,13 @@ Auth.prototype.issue_token = function(user) {
    t: ~~(Date.now()/1000),
  }, { indent: false })

-  data = Buffer(data, 'utf8')
+  data = new Buffer(data, 'utf8')
  var mac = Crypto.createHmac('sha256', this.secret).update(data).digest()
  return Buffer.concat([ data, mac ]).toString('base64')
 }

 Auth.prototype.decode_token = function(str, expire_time) {
-  var buf = Buffer(str, 'base64')
+  var buf = new Buffer(str, 'base64')
  if (buf.length <= 32) throw Error[401]('invalid token')

  var data      = buf.slice(0, buf.length - 32)
@ -355,7 +355,7 @@ Auth.prototype.aes_decrypt = function(buf) {
    var b1 = c.update(buf)
    var b2 = c.final()
  } catch(_) {
-    return Buffer(0)
+    return new Buffer(0)
  }
  return Buffer.concat([ b1, b2 ])
 }
--- a/lib/index-api.js
+++ b/lib/index-api.js
@ -364,7 +364,7 @@ module.exports = function(config, auth, storage) {
      })

      // this is dumb and memory-consuming, but what choices do we have?
-      stream.end(Buffer(data.data, 'base64'))
+      stream.end(new Buffer(data.data, 'base64'))
      stream.done()
    }

--- a/lib/plugins/htpasswd/index.js
+++ b/lib/plugins/htpasswd/index.js
@ -100,8 +100,6 @@ HTPasswd.prototype.adduser = function (user, password, real_cb) {
    if (s_err) return cb(s_err)

    try {
-      console.log('body = utils.add_user_to_htpasswd(body, user, password)')
-      console.log(user, password)
      body = utils.add_user_to_htpasswd(body, user, password)
    } catch (err) {
      return cb(err)
--- a/lib/plugins/htpasswd/utils.js
+++ b/lib/plugins/htpasswd/utils.js
@ -1,5 +1,6 @@
 var crypto = require('crypto')
 var crypt3 = require('./crypt3')
+var md5 = require('apache-md5')
 var locker = require('../../file-locking')

 // this function neither unlocks file nor closes it
@ -32,10 +33,12 @@ function verify_password(user, passwd, hash) {
    return passwd === hash.substr(7)
  } else if (hash.indexOf('{SHA}') === 0) {
    return crypto.createHash('sha1').update(passwd, 'binary').digest('base64') === hash.substr(5)
-  } else if (crypt3) {
-    return crypt3(passwd, hash) === hash
  } else {
-    return false
+    return (
+      // for backwards compatibility, first check md5 then check crypt3
+      md5(passwd, hash) === hash ||
+      crypt3(passwd, hash) === hash
+    )
  }
 }

--- a/package.json
+++ b/package.json
@ -16,6 +16,7 @@
  },
  "dependencies": {
    "JSONStream": "^1.1.1",
+    "apache-md5": "^1.1.2",
    "async": "^2.0.1",
    "body-parser": "^1.15.0",
    "bunyan": "^1.8.0",
@ -42,20 +43,21 @@
    "unix-crypt-td-js": "^1.0.0"
  },
  "devDependencies": {
-    "rimraf": "^2.5.2",
    "bluebird": "^3.3.5",
-    "mocha": "^2.4.5",
-    "eslint": "^2.9.0",
    "browserify": "^13.0.0",
    "browserify-handlebars": "^1.0.0",
+    "eslint": "^2.9.0",
    "grunt": "^1.0.1",
-    "grunt-cli": "^1.2.0",
    "grunt-browserify": "^5.0.0",
+    "grunt-cli": "^1.2.0",
    "grunt-contrib-less": "^1.3.0",
    "grunt-contrib-watch": "^1.0.0",
-    "unopinionate": "^0.0.4",
+    "mocha": "^2.4.5",
+    "nyc": "^10.1.2",
    "onclick": "^0.1.0",
-    "transition-complete": "^0.0.2"
+    "rimraf": "^2.5.2",
+    "transition-complete": "^0.0.2",
+    "unopinionate": "^0.0.4"
  },
  "keywords": [
    "private",
@ -68,7 +70,8 @@
  ],
  "scripts": {
    "test": "eslint . && mocha ./test/functional ./test/unit",
-    "test-travis": "eslint . && mocha -R spec ./test/functional ./test/unit",
+    "test:coverage": "nyc --reporter=html --reporter=text mocha -R spec ./test/functional ./test/unit",
+    "test-travis": "eslint . && npm run test:coverage",
    "test-only": "mocha ./test/functional ./test/unit",
    "lint": "eslint ."
  },
--- a/test/functional/adduser.js
+++ b/test/functional/adduser.js
@ -1,4 +1,6 @@
 var Server = require('./lib/server')
+var fs = require('fs')
+var path = require('path')

 module.exports = function() {
  var server = new Server('http://localhost:55551/')
@ -26,4 +28,20 @@ module.exports = function() {
               .body_error(/maximum amount of users reached/)
    })
  })
+
+  describe('adduser created with htpasswd', function() {
+    var user = 'preexisting'
+    var pass = 'preexisting'
+    before(function () {
+      return fs.appendFileSync(
+        path.join(__dirname, 'test-storage', '.htpasswd'),
+        'preexisting:$apr1$4YSboUa9$yVKjE7.PxIOuK3M4D7VjX.'
+      )
+    })
+    it('should log in', function () {
+      return server.auth(user, pass)
+               .status(201)
+               .body_ok(/you are authenticated as/)
+    })
+  })
 }
--- a/test/functional/lib/server.js
+++ b/test/functional/lib/server.js
@ -27,7 +27,7 @@ Server.prototype.request = function(options) {
 }

 Server.prototype.auth = function(user, pass) {
-  this.authstr = 'Basic '+(Buffer(user+':'+pass)).toString('base64')
+  this.authstr = 'Basic '+(new Buffer(user+':'+pass)).toString('base64')
  return this.request({
    uri: '/-/user/org.couchdb.user:'+encodeURIComponent(user)+'/-rev/undefined',
    method: 'PUT',