[rubygems/rubygems] Display mfa warnings on gem signin

https://github.com/rubygems/rubygems/commit/4dc77b7099 Co-authored-by: Jenny Shen <jenny.shen@shopify.com>
2022-07-22 13:11:52 -04:00 · 2022-07-22 13:11:52 -04:00 · 244bda7efd
commit 244bda7efd
parent e199ae3edc
2 changed files with 33 additions and 16 deletions
--- a/lib/rubygems/gemcutter_utilities.rb
+++ b/lib/rubygems/gemcutter_utilities.rb
@ -163,8 +163,12 @@ module Gem::GemcutterUtilities

    key_name     = get_key_name(scope)
    scope_params = get_scope_params(scope)
-    mfa_params   = get_mfa_params(email, password)
+    profile      = get_user_profile(email, password)
+    mfa_params   = get_mfa_params(profile)
    all_params   = scope_params.merge(mfa_params)
+    warning      = profile["warning"]
+
+    say "#{warning}\n" if warning

    response = rubygems_api_request(:post, "api/v1/api_key",
                                    sign_in_host, scope: scope) do |request|
@ -273,10 +277,20 @@ module Gem::GemcutterUtilities
    self.host == Gem::DEFAULT_HOST
  end

-  def get_mfa_params(email, password)
+  def get_user_profile(email, password)
    return {} unless default_host?

-    mfa_level = get_user_mfa_level(email, password)
+    response = rubygems_api_request(:get, "api/v1/profile/me.yaml") do |request|
+      request.basic_auth email, password
+    end
+
+    with_response response do |resp|
+      Gem::SafeYAML.load clean_text(resp.body)
+    end
+  end
+
+  def get_mfa_params(profile)
+    mfa_level = profile["mfa"]
    params = {}
    if mfa_level == "ui_only" || mfa_level == "ui_and_gem_signin"
      selected = ask_yes_no("Would you like to enable MFA for this key? (strongly recommended)")
@ -285,17 +299,6 @@ module Gem::GemcutterUtilities
    params
  end

-  def get_user_mfa_level(email, password)
-    response = rubygems_api_request(:get, "api/v1/profile/me.yaml") do |request|
-      request.basic_auth email, password
-    end
-
-    with_response response do |resp|
-      body = Gem::SafeYAML.load clean_text(resp.body)
-      body["mfa"]
-    end
-  end
-
  def get_key_name(scope)
    hostname = Socket.gethostname || "unknown-host"
    user = ENV["USER"] || ENV["USERNAME"] || "unknown-user"
--- a/test/rubygems/test_gem_commands_signin_command.rb
+++ b/test/rubygems/test_gem_commands_signin_command.rb
@ -159,6 +159,20 @@ class TestGemCommandsSigninCommand < Gem::TestCase
    assert_equal api_key, credentials[:rubygems_api_key]
  end

+  def test_execute_with_warnings
+    email     = "you@example.com"
+    password  = "secret"
+    api_key   = "1234"
+    fetcher   = Gem::RemoteFetcher.fetcher
+    mfa_level = "disabled"
+    warning   = "/[WARNING/] For protection of your account and gems"
+
+    key_name_ui = Gem::MockGemUi.new "#{email}\n#{password}\ntest-key\n\ny\n\n\n\n\n\ny"
+    util_capture(key_name_ui, nil, api_key, fetcher, mfa_level, warning) { @cmd.execute }
+
+    assert_match warning, key_name_ui.output
+  end
+
  def test_execute_on_gemserver_without_profile_me_endpoint
    host = "http://some-gemcutter-compatible-host.org"

@ -193,10 +207,10 @@ class TestGemCommandsSigninCommand < Gem::TestCase

  # Utility method to capture IO/UI within the block passed

-  def util_capture(ui_stub = nil, host = nil, api_key = nil, fetcher = Gem::FakeFetcher.new, mfa_level = "disabled")
+  def util_capture(ui_stub = nil, host = nil, api_key = nil, fetcher = Gem::FakeFetcher.new, mfa_level = "disabled", warning = nil)
    api_key        ||= "a5fdbb6ba150cbb83aad2bb2fede64cf040453903"
    response         = [api_key, 200, "OK"]
-    profile_response = [ "mfa: #{mfa_level}\n" , 200, "OK"]
+    profile_response = [ "mfa: #{mfa_level}\nwarning: #{warning}" , 200, "OK"]
    email            = "you@example.com"
    password         = "secret"