我们如何验证“npm 登录"?成功并且令牌没有过期? [英] How do we verify "npm login" succeeded and the token has not expired?

问题描述

我有一个脚本来验证用户是否已登录到私有 npm 注册表(通过npm login"):

I've got a script that verifies a user has logged into a private npm registry (via "npm login") by greping for:

//registry-sub-url:_authToken=

...在:

~/.npmrc

但是，随着时间的推移，这会随着用户的凭据过期而失效(由于标准密码过期规则).

However, this breaks down over time as the user's credentials expire (due to standard password expiration rules).

此外，我创建的帮助脚本无法区分成功/失败的 npm login 调用，因为脚本总是以 0 状态退出.

What's more, the helper scripts I've created have cannot differentiate between successful/failed npm login calls, since the script always exits with 0 status.

Q: (1) 如何验证npm login是否成功?(2) 如何识别npm token何时过期?

Q: (1) How do we verify that npm login succeeded? (2) How do identify when the npm token has expired?

推荐答案

我正在发布我想出的解决方法，但我希望有更好的解决方案.

I'm posting the workaround I came up with, but I'd love a better solution.

我让 Jenkins 定期运行这个 bash 脚本，以针对私人注册表测试/验证我的 npm login:

I've got Jenkins running this bash script periodically to test/verify my npm login against a private registry:

#/bin/bash

# Suppress commands (Jenkins turns this on)
set +x

# Suppress color codes from NPM output (for proper grepping)
export TERM=dumb

# Stop on any error
set -e

NPM_USERNAME=...
NPM_PASSWORD=...
NPM_URL=...
NPM_EMAIL=...
WORKSPACE=... (in my case, set by Jenkins)

echo "========"
echo "Looking for previous failed login (cached credentials)..."
echo ""
# NOTE: A previous failed login can result in an ".npmrc" containing
# a username/password in lieu of an auth token. We look for this and
# remove it (logout) if it exists so that the cached credentials are
# not applied when we run "expect" to login
# (which would see different prompts from cached credentials).

# Chop off "http:"/"https:" prefix from URL
NPM_REPO_PREFIX=`sed -e 's~https\{0,1\}:\(.*\)~\1~' <<< "$NPM_URL"`

# NOTE: piping to /dev/null so the password isn't printed
set +e
grep -F "${NPM_REPO_PREFIX}:_password=" ~/.npmrc > /dev/null
GREP_EXIT="$?"
set -e

if [[ "$GREP_EXIT" == "0" ]]; then
    echo "========"
    echo "Logging out of repo..."
    echo ""


    npm logout --registry "$NPM_URL"
fi

echo "========"
echo "Logging into repo..."
echo ""

(/usr/bin/expect <<EOF
set timeout 10
spawn npm login --verbose --registry "$NPM_URL"
match_max 100000

expect "Username"
send "$NPM_USERNAME\r"

expect "Password"
send "$NPM_PASSWORD\r"

expect "Email"
send "$NPM_EMAIL\r"

expect {
   timeout      exit 1
   expect eof
}

EOF
) | tee "$WORKSPACE/npm-login.out"

echo "========"
echo "Verifying output of login..."
echo ""
# NOTE: If the login fails, the npm command still exits with status "0",
# so we read the verbose output to see that the http server confirms
# successful with "http 201".

set +e
grep "npm http 201" "$WORKSPACE/npm-login.out"
GREP_EXIT="$?"
set -e

if [[ "$GREP_EXIT" != "0" ]]; then
  >&2 echo "========"
  >&2 echo "ERROR: Failed to login to repo [$NPM_REPO]"
  exit 1
else
  echo "========"
  echo "SUCCESS: Logged into [$NPM_REPO]"
fi

这篇关于我们如何验证“npm 登录"?成功并且令牌没有过期?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！