ruby-changes:72659
From: Ashley <ko1@a...>
Date: Sat, 23 Jul 2022 03:43:22 +0900 (JST)
Subject: [ruby-changes:72659] 244bda7efd (master): [rubygems/rubygems] Display mfa warnings on gem signin
https://git.ruby-lang.org/ruby.git/commit/?id=244bda7efd From 244bda7efd507657ada6f18e800d852d1a1569f4 Mon Sep 17 00:00:00 2001 From: Ashley Ellis Pierce <anellis12@g...> Date: Fri, 22 Jul 2022 13:11:52 -0400 Subject: [rubygems/rubygems] Display mfa warnings on gem signin https://github.com/rubygems/rubygems/commit/4dc77b7099 Co-authored-by: Jenny Shen <jenny.shen@s...> --- lib/rubygems/gemcutter_utilities.rb | 31 +++++++++++++---------- test/rubygems/test_gem_commands_signin_command.rb | 18 +++++++++++-- 2 files changed, 33 insertions(+), 16 deletions(-) diff --git a/lib/rubygems/gemcutter_utilities.rb b/lib/rubygems/gemcutter_utilities.rb index 1eeb341bb8..c46650afb1 100644 --- a/lib/rubygems/gemcutter_utilities.rb +++ b/lib/rubygems/gemcutter_utilities.rb @@ -163,8 +163,12 @@ module Gem::GemcutterUtilities https://github.com/ruby/ruby/blob/trunk/lib/rubygems/gemcutter_utilities.rb#L163 key_name = get_key_name(scope) scope_params = get_scope_params(scope) - mfa_params = get_mfa_params(email, password) + profile = get_user_profile(email, password) + mfa_params = get_mfa_params(profile) all_params = scope_params.merge(mfa_params) + warning = profile["warning"] + + say "#{warning}\n" if warning response = rubygems_api_request(:post, "api/v1/api_key", sign_in_host, scope: scope) do |request| @@ -273,29 +277,28 @@ module Gem::GemcutterUtilities https://github.com/ruby/ruby/blob/trunk/lib/rubygems/gemcutter_utilities.rb#L277 self.host == Gem::DEFAULT_HOST end - def get_mfa_params(email, password) + def get_user_profile(email, password) return {} unless default_host? - mfa_level = get_user_mfa_level(email, password) - params = {} - if mfa_level == "ui_only" || mfa_level == "ui_and_gem_signin" - selected = ask_yes_no("Would you like to enable MFA for this key? (strongly recommended)") - params["mfa"] = true if selected - end - params - end - - def get_user_mfa_level(email, password) response = rubygems_api_request(:get, "api/v1/profile/me.yaml") do |request| request.basic_auth email, password end with_response response do |resp| - body = Gem::SafeYAML.load clean_text(resp.body) - body["mfa"] + Gem::SafeYAML.load clean_text(resp.body) end end + def get_mfa_params(profile) + mfa_level = profile["mfa"] + params = {} + if mfa_level == "ui_only" || mfa_level == "ui_and_gem_signin" + selected = ask_yes_no("Would you like to enable MFA for this key? (strongly recommended)") + params["mfa"] = true if selected + end + params + end + def get_key_name(scope) hostname = Socket.gethostname || "unknown-host" user = ENV["USER"] || ENV["USERNAME"] || "unknown-user" diff --git a/test/rubygems/test_gem_commands_signin_command.rb b/test/rubygems/test_gem_commands_signin_command.rb index 0f8e478840..ce745bff20 100644 --- a/test/rubygems/test_gem_commands_signin_command.rb +++ b/test/rubygems/test_gem_commands_signin_command.rb @@ -159,6 +159,20 @@ class TestGemCommandsSigninCommand < Gem::TestCase https://github.com/ruby/ruby/blob/trunk/test/rubygems/test_gem_commands_signin_command.rb#L159 assert_equal api_key, credentials[:rubygems_api_key] end + def test_execute_with_warnings + email = "you@e..." + password = "secret" + api_key = "1234" + fetcher = Gem::RemoteFetcher.fetcher + mfa_level = "disabled" + warning = "/[WARNING/] For protection of your account and gems" + + key_name_ui = Gem::MockGemUi.new "#{email}\n#{password}\ntest-key\n\ny\n\n\n\n\n\ny" + util_capture(key_name_ui, nil, api_key, fetcher, mfa_level, warning) { @cmd.execute } + + assert_match warning, key_name_ui.output + end + def test_execute_on_gemserver_without_profile_me_endpoint host = "http://some-gemcutter-compatible-host.org" @@ -193,10 +207,10 @@ class TestGemCommandsSigninCommand < Gem::TestCase https://github.com/ruby/ruby/blob/trunk/test/rubygems/test_gem_commands_signin_command.rb#L207 # Utility method to capture IO/UI within the block passed - def util_capture(ui_stub = nil, host = nil, api_key = nil, fetcher = Gem::FakeFetcher.new, mfa_level = "disabled") + def util_capture(ui_stub = nil, host = nil, api_key = nil, fetcher = Gem::FakeFetcher.new, mfa_level = "disabled", warning = nil) api_key ||= "a5fdbb6ba150cbb83aad2bb2fede64cf040453903" response = [api_key, 200, "OK"] - profile_response = [ "mfa: #{mfa_level}\n" , 200, "OK"] + profile_response = [ "mfa: #{mfa_level}\nwarning: #{warning}" , 200, "OK"] email = "you@e..." password = "secret" -- cgit v1.2.1 -- ML: ruby-changes@q... Info: http://www.atdot.net/~ko1/quickml/