Add support for token based auth to services other than VSTS

microsoft · Feb 17, 2018 · 8fee658 · 8fee658
1 parent 298942e
commit 8fee658
Show file tree

Hide file tree

Showing 4 changed files with 41 additions and 19 deletions.
diff --git a/Tasks/Common/npm-common/npmregistry.ts b/Tasks/Common/npm-common/npmregistry.ts
@@ -1,6 +1,6 @@
 import * as os from 'os';
 import * as tl from 'vsts-task-lib/task';
-import * as url from 'url';
+import * as URL from 'url';
 
 import { NormalizeRegistry } from './npmrcparser';
 import * as util from './util';
@@ -23,19 +23,32 @@ export class NpmRegistry implements INpmRegistry {
     }
 
     public static FromServiceEndpoint(endpointId: string, authOnly?: boolean): NpmRegistry {
-        let email: string;
-        let username: string;
-        let password: string;
+        let lineEnd = os.EOL;
         let endpointAuth: tl.EndpointAuthorization;
         let url: string;
+        let nerfed: string;
+        let auth: string;
+        let username: string;
+        let password: string;
+        let email: string;
+        let password64: string;
+        let isVstsTokenAuth: boolean = false;
         try {
             endpointAuth = tl.getEndpointAuthorization(endpointId, false);
         } catch (exception) {
             throw new Error(tl.loc('ServiceEndpointNotDefined'));
         }
 
         try {
+            let collectionUrl = tl.getVariable("System.TeamFoundationCollectionUri");
             url = NormalizeRegistry(tl.getEndpointUrl(endpointId, false));
+            if (endpointAuth.scheme === 'Token' &&
+                (URL.parse(url).hostname.toUpperCase().endsWith('.VISUALSTUDIO.COM') ||
+                 !URL.parse(collectionUrl).hostname.toUpperCase().endsWith('.VISUALSTUDIO.COM'))){
+                // VSTS does not support a PAT+Bearer; therefore, we use PAT+Basic.
+                isVstsTokenAuth = true;
+            }
+            nerfed = util.toNerfDart(url);
         } catch (exception) {
             throw new Error(tl.loc('ServiceEndpointUrlNotDefined'));
         }
@@ -45,23 +58,32 @@ export class NpmRegistry implements INpmRegistry {
                 username = endpointAuth.parameters['username'];
                 password = endpointAuth.parameters['password'];
                 email = username; // npm needs an email to be set in order to publish, this is ignored on npmjs
+                password64 = (new Buffer(password).toString('base64'));
+
+                auth = nerfed + ":username=" + username + lineEnd;
+                auth += nerfed + ":_password=" + password64 + lineEnd;
+                auth += nerfed + ":email=" + email + lineEnd;
                 break;
             case 'Token':
-                email = 'VssEmail';
-                username = 'VssToken';
-                password = endpointAuth.parameters['apitoken'];
+                let apitoken = endpointAuth.parameters['apitoken'];
+                if (!isVstsTokenAuth){
+                    // Use Bearer auth as it was intended.
+                    auth = nerfed + ":_authToken=" + apitoken + lineEnd;
+                }else{
+                    // VSTS does not support PATs+Bearer only JWTs+Bearer
+                    email = 'VssEmail';
+                    username = 'VssToken';
+                    password64 = (new Buffer(apitoken).toString('base64'));
+                    console.log("##vso[task.setvariable variable=" + endpointId + "BASE64_PASSWORD;issecret=true;]" + password64);
+
+                    auth = nerfed + ":username=" + username + lineEnd;
+                    auth += nerfed + ":_password=" + password64 + lineEnd;
+                    auth += nerfed + ":email=" + email + lineEnd;
+                }
                 break;
         }
-       let lineEnd = os.EOL;
-        let nerfed = util.toNerfDart(url); 
-        let password64 = (new Buffer(password).toString('base64'));
-        console.log("##vso[task.setvariable variable=" + endpointId + "BASE64_PASSWORD;issecret=true;]" + password64);
 
-        let auth = nerfed + ":username=" + username + lineEnd;
-        auth += nerfed + ":_password=" + password64 + lineEnd;
-        auth += nerfed + ":email=" + email + lineEnd;
         auth += nerfed + ":always-auth=true";
-
         return new NpmRegistry(url, auth, authOnly);
     }
 

diff --git a/Tasks/Npm/package.json b/Tasks/Npm/package.json
@@ -1,6 +1,6 @@
 {
   "name": "vsts-npm-task",
-  "version": "1.0.10",
+  "version": "1.0.12",
   "description": "VSTS NPM Task",
   "main": "npmtask.js",
   "scripts": {

diff --git a/Tasks/Npm/task.json b/Tasks/Npm/task.json
@@ -9,7 +9,7 @@
     "version": {
         "Major": 1,
         "Minor": 0,
-        "Patch": 11
+        "Patch": 12
     },
     "runsOn": [
         "Agent",

diff --git a/Tasks/Npm/task.loc.json b/Tasks/Npm/task.loc.json
@@ -9,7 +9,7 @@
   "version": {
     "Major": 1,
     "Minor": 0,
-    "Patch": 11
+    "Patch": 12
   },
   "runsOn": [
     "Agent",
@@ -185,4 +185,4 @@
     "RestoringProjectNpmrc": "ms-resource:loc.messages.RestoringProjectNpmrc",
     "WorkingDirectoryNotDirectory": "ms-resource:loc.messages.WorkingDirectoryNotDirectory"
   }
-}
+}