Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Implement NPM web login #4517

Draft
wants to merge 1 commit into
base: master
Choose a base branch
from
Draft

Implement NPM web login #4517

wants to merge 1 commit into from

Conversation

damienfern
Copy link

Related to #3413

This PR implements NPM login by web (which is the default auth-type if option is not provided).
All the work here is mostly based on this article explaining how NPM login works with web auth : https://marmelab.com/blog/2022/12/22/how-to-implement-web-login-in-a-private-npm-registry.html

This is a work in progress, I need help on :

  • save token and sessionIds with auth plugins. (Maybe @juanpicado you could help me on this)
  • creating a React route login so user can authenticate with it.

@juanpicado
Copy link
Member

I will check it out this weekend (over week is hard) :) but thanks for taking lead here

github-advanced-security[bot]
github-advanced-security bot found potential problems Feb 22, 2024
View reviewed changes
packages/api/src/v1/login.ts
Comment on lines +48 to +56
res.send(`
<form action="/-/v1/login/cli/${req.params.sessionId}" method="post">
<label for="username">Username:</label>
<input type="text" id="username" name="username" required><br><br>
<label for="password">Password:</label>
<input type="password" id="password" name="password" required><br><br>
<input type="submit" value="Login">
</form>
`);

Check failure

Code scanning / CodeQL

Reflected cross-site scripting High

Cross-site scripting vulnerability due to a
user-provided value
.
@juanpicado
Copy link
Member

juanpicado commented Feb 24, 2024
edited

save token and sessionIds with auth plugins. (Maybe @juanpicado you could help me on this)

let me think about this, seems definite doable :) I'll help.

Update(03/12/2024): still checking, I might need refactor something first, not sure yet
Update(03/23/2024): wip (local, testing different options)
Update(04/12/2024): 🏖️time
Update(05/08/2024): Unfortunately Node.js 22 [broke some stuff] #4601 , focus in other topics, I'll be back to this

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@damienfern @juanpicado