Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[BUG] ENEEDAUTH when authenticating against a registry via mTLS #4765

Closed
2 tasks done
jenseng opened this issue Apr 15, 2022 · 0 comments · Fixed by npm/config#69 or #5160
Closed
2 tasks done

[BUG] ENEEDAUTH when authenticating against a registry via mTLS #4765

jenseng opened this issue Apr 15, 2022 · 0 comments · Fixed by npm/config#69 or #5160
Labels
Bug thing that needs fixing Needs Triage needs review for next steps Release 8.x work is associated with a specific npm 8 release

Comments

@jenseng
Copy link
Contributor

jenseng commented Apr 15, 2022

Is there an existing issue for this?

  • I have searched the existing issues

This issue exists in the latest npm version

  • I am using the latest npm

Current Behavior

If you have a custom registry that authenticates clients via mTLS (i.e. client cert/key in your .npmrc), you cannot publish unless you also specify some credentials, due to this check.

If your registry also validates any provided Authorization headers, the publish may fail if the credentials are invalid. Depending on the registry, this may not be configurable, so you might need to doubly authenticate (mTLS AND credentials).

Expected Behavior

npm publish with just a cert + key should proceed past this check.

If this gets fixed, future work for npm/npm-registry-fetch#38 should also take it into account.

Steps To Reproduce

No response

Environment

No response
@jenseng jenseng added Bug thing that needs fixing Needs Triage needs review for next steps Release 8.x work is associated with a specific npm 8 release labels Apr 15, 2022
@jenseng jenseng mentioned this issue Apr 15, 2022
Closed
jenseng added a commit to jenseng/config that referenced this issue Jul 12, 2022
@jenseng
feat: detect registry-scoped certfile and keyfile options
eb34e7a 
RFC: npm/rfcs#591

See also: npm/npm-registry-fetch#125

By itself this change doesn't do much, but it enables us to resolve
npm/cli#4765 and surface these options anywhere
else they may be needed.
@jenseng jenseng mentioned this issue Jul 12, 2022
Merged
jenseng added a commit to jenseng/cli that referenced this issue Jul 12, 2022
@jenseng
feat: accept registry-scoped certfile and keyfile as credentials
1b0b9ea 
Closes npm#4765
RFC: npm/rfcs#591

While this doesn't directly allow top-level cert/key as credentials (per the
original issue), it's a more targeted/secure approach that accomplishes the
same end-result; the new options are scoped to a specific registry, and the
actual cert/key contents are much less likely to be exposed. See the RFC for
more context.

Depends on:
* npm/npm-registry-fetch#125
* npm/config#69
@jenseng jenseng mentioned this issue Jul 12, 2022
Merged
wraithgar pushed a commit to npm/config that referenced this issue Jul 18, 2022
@jenseng
feat: detect registry-scoped certfile and keyfile options (#69)
e58a4f1 
RFC: npm/rfcs#591

See also: npm/npm-registry-fetch#125

By itself this change doesn't do much, but it enables us to resolve
npm/cli#4765 and surface these options anywhere
else they may be needed.
jenseng added a commit to jenseng/cli that referenced this issue Jul 18, 2022
@jenseng
feat: accept registry-scoped certfile and keyfile as credentials
47ecd22 
Closes npm#4765
RFC: npm/rfcs#591

While this doesn't directly allow top-level cert/key as credentials (per the
original issue), it's a more targeted/secure approach that accomplishes the
same end-result; the new options are scoped to a specific registry, and the
actual cert/key contents are much less likely to be exposed. See the RFC for
more context.

Depends on:
* npm/npm-registry-fetch#125
* npm/config#69
jenseng added a commit to jenseng/cli that referenced this issue Jul 18, 2022
@jenseng
feat: accept registry-scoped certfile and keyfile as credentials
64ef34f 
Closes npm#4765
RFC: npm/rfcs#591

While this doesn't directly allow top-level cert/key as credentials (per the
original issue), it's a more targeted/secure approach that accomplishes the
same end-result; the new options are scoped to a specific registry, and the
actual cert/key contents are much less likely to be exposed. See the RFC for
more context.

Depends on:
* npm/npm-registry-fetch#125
* npm/config#69
jenseng added a commit to jenseng/cli that referenced this issue Jul 18, 2022
@jenseng
feat: accept registry-scoped certfile and keyfile as credentials
f110f65 
Closes npm#4765
RFC: npm/rfcs#591

While this doesn't directly allow top-level cert/key as credentials (per the
original issue), it's a more targeted/secure approach that accomplishes the
same end-result; the new options are scoped to a specific registry, and the
actual cert/key contents are much less likely to be exposed. See the RFC for
more context.

Depends on:
* npm/npm-registry-fetch#125
* npm/config#69
jenseng added a commit to jenseng/cli that referenced this issue Jul 19, 2022
@jenseng
feat: accept registry-scoped certfile and keyfile as credentials
eb1ea9c 
Closes npm#4765
RFC: npm/rfcs#591

While this doesn't directly allow top-level cert/key as credentials (per the
original issue), it's a more targeted/secure approach that accomplishes the
same end-result; the new options are scoped to a specific registry, and the
actual cert/key contents are much less likely to be exposed. See the RFC for
more context.

Depends on:
* npm/npm-registry-fetch#125
* npm/config#69
jenseng added a commit to jenseng/cli that referenced this issue Jul 19, 2022
@jenseng
feat: accept registry-scoped certfile and keyfile as credentials
9771bf6 
Closes npm#4765
RFC: npm/rfcs#591

While this doesn't directly allow top-level cert/key as credentials (per the
original issue), it's a more targeted/secure approach that accomplishes the
same end-result; the new options are scoped to a specific registry, and the
actual cert/key contents are much less likely to be exposed. See the RFC for
more context.

Depends on:
* npm/npm-registry-fetch#125
* npm/config#69
fritzy pushed a commit that referenced this issue Jul 20, 2022
@jenseng
feat: accept registry-scoped certfile and keyfile as credentials (#5160)
5ef53ee 
Closes #4765
RFC: npm/rfcs#591

While this doesn't directly allow top-level cert/key as credentials (per the
original issue), it's a more targeted/secure approach that accomplishes the
same end-result; the new options are scoped to a specific registry, and the
actual cert/key contents are much less likely to be exposed. See the RFC for
more context.

Depends on:
* npm/npm-registry-fetch#125
* npm/config#69
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Bug thing that needs fixing Needs Triage needs review for next steps Release 8.x work is associated with a specific npm 8 release
Projects
None yet
Milestone
No milestone
1 participant
@jenseng