[rubygems/rubygems] Display mfa warnings on gem signin

https://github.com/rubygems/rubygems/commit/4dc77b7099

Co-authored-by: Jenny Shen <jenny.shen@shopify.com>
This commit is contained in:
Ashley Ellis Pierce 2022-07-22 13:11:52 -04:00 committed by git
parent e199ae3edc
commit 244bda7efd
2 changed files with 33 additions and 16 deletions

View File

@ -163,8 +163,12 @@ module Gem::GemcutterUtilities
key_name = get_key_name(scope) key_name = get_key_name(scope)
scope_params = get_scope_params(scope) scope_params = get_scope_params(scope)
mfa_params = get_mfa_params(email, password) profile = get_user_profile(email, password)
mfa_params = get_mfa_params(profile)
all_params = scope_params.merge(mfa_params) all_params = scope_params.merge(mfa_params)
warning = profile["warning"]
say "#{warning}\n" if warning
response = rubygems_api_request(:post, "api/v1/api_key", response = rubygems_api_request(:post, "api/v1/api_key",
sign_in_host, scope: scope) do |request| sign_in_host, scope: scope) do |request|
@ -273,10 +277,20 @@ module Gem::GemcutterUtilities
self.host == Gem::DEFAULT_HOST self.host == Gem::DEFAULT_HOST
end end
def get_mfa_params(email, password) def get_user_profile(email, password)
return {} unless default_host? return {} unless default_host?
mfa_level = get_user_mfa_level(email, password) response = rubygems_api_request(:get, "api/v1/profile/me.yaml") do |request|
request.basic_auth email, password
end
with_response response do |resp|
Gem::SafeYAML.load clean_text(resp.body)
end
end
def get_mfa_params(profile)
mfa_level = profile["mfa"]
params = {} params = {}
if mfa_level == "ui_only" || mfa_level == "ui_and_gem_signin" if mfa_level == "ui_only" || mfa_level == "ui_and_gem_signin"
selected = ask_yes_no("Would you like to enable MFA for this key? (strongly recommended)") selected = ask_yes_no("Would you like to enable MFA for this key? (strongly recommended)")
@ -285,17 +299,6 @@ module Gem::GemcutterUtilities
params params
end end
def get_user_mfa_level(email, password)
response = rubygems_api_request(:get, "api/v1/profile/me.yaml") do |request|
request.basic_auth email, password
end
with_response response do |resp|
body = Gem::SafeYAML.load clean_text(resp.body)
body["mfa"]
end
end
def get_key_name(scope) def get_key_name(scope)
hostname = Socket.gethostname || "unknown-host" hostname = Socket.gethostname || "unknown-host"
user = ENV["USER"] || ENV["USERNAME"] || "unknown-user" user = ENV["USER"] || ENV["USERNAME"] || "unknown-user"

View File

@ -159,6 +159,20 @@ class TestGemCommandsSigninCommand < Gem::TestCase
assert_equal api_key, credentials[:rubygems_api_key] assert_equal api_key, credentials[:rubygems_api_key]
end end
def test_execute_with_warnings
email = "you@example.com"
password = "secret"
api_key = "1234"
fetcher = Gem::RemoteFetcher.fetcher
mfa_level = "disabled"
warning = "/[WARNING/] For protection of your account and gems"
key_name_ui = Gem::MockGemUi.new "#{email}\n#{password}\ntest-key\n\ny\n\n\n\n\n\ny"
util_capture(key_name_ui, nil, api_key, fetcher, mfa_level, warning) { @cmd.execute }
assert_match warning, key_name_ui.output
end
def test_execute_on_gemserver_without_profile_me_endpoint def test_execute_on_gemserver_without_profile_me_endpoint
host = "http://some-gemcutter-compatible-host.org" host = "http://some-gemcutter-compatible-host.org"
@ -193,10 +207,10 @@ class TestGemCommandsSigninCommand < Gem::TestCase
# Utility method to capture IO/UI within the block passed # Utility method to capture IO/UI within the block passed
def util_capture(ui_stub = nil, host = nil, api_key = nil, fetcher = Gem::FakeFetcher.new, mfa_level = "disabled") def util_capture(ui_stub = nil, host = nil, api_key = nil, fetcher = Gem::FakeFetcher.new, mfa_level = "disabled", warning = nil)
api_key ||= "a5fdbb6ba150cbb83aad2bb2fede64cf040453903" api_key ||= "a5fdbb6ba150cbb83aad2bb2fede64cf040453903"
response = [api_key, 200, "OK"] response = [api_key, 200, "OK"]
profile_response = [ "mfa: #{mfa_level}\n" , 200, "OK"] profile_response = [ "mfa: #{mfa_level}\nwarning: #{warning}" , 200, "OK"]
email = "you@example.com" email = "you@example.com"
password = "secret" password = "secret"