nodejs · Mar 17, 2022 · Apr 6, 2022 · Apr 7, 2022 · Apr 8, 2022 · Apr 8, 2022
Showing with 108 additions and 15 deletions.

+1 −1 .github/workflows/commitlint.yml

+4 −4 .github/workflows/nodejs.yml

+17 −1 .github/workflows/release-please.yml

+8 −0 CHANGELOG.md

+24 −8 lib/auth.js

+1 −1 package.json

+53 −0 test/unit/auth.test.js
diff --git a/.github/workflows/commitlint.yml b/.github/workflows/commitlint.yml
@@ -10,7 +10,7 @@ jobs:
   commitlint:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v3
         with:
           fetch-depth: 100
       - uses: wagoid/commitlint-github-action@v2

diff --git a/.github/workflows/nodejs.yml b/.github/workflows/nodejs.yml
@@ -11,9 +11,9 @@ jobs:
     name: Lint using ESLint
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v3
       - name: Use latest Node.js LTS
-        uses: actions/setup-node@v2
+        uses: actions/setup-node@v3
         with:
           node-version: lts/*
       - name: Install dependencies
@@ -30,9 +30,9 @@ jobs:
         os: [ubuntu-latest, macOS-latest, windows-latest]
     runs-on: ${{ matrix.os }}
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v3
       - name: Use Node.js ${{ matrix.node-version }}
-        uses: actions/setup-node@v2
+        uses: actions/setup-node@v3
         with:
           node-version: ${{ matrix.node-version }}
       - name: Install dependencies

diff --git a/.github/workflows/release-please.yml b/.github/workflows/release-please.yml
@@ -8,9 +8,25 @@ on:
 jobs:
   release-please:
     runs-on: ubuntu-latest
+    outputs:
+      release_created:  ${{ steps.release.outputs.release_created }}
     steps:
-      - uses: GoogleCloudPlatform/release-please-action@v2
+      - uses: google-github-actions/release-please-action@v3
+        id: release
         with:
           token: ${{ secrets.GITHUB_TOKEN }}
           release-type: node
           package-name: node-core-utils
+  npm-publish:
+    needs: release-please
+    if: ${{ needs.release-please.outputs.release_created }}
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+      - uses: actions/setup-node@v3
+        with:
+          node-version: 16.x
+          registry-url: 'https://registry.npmjs.org'
+      - run: npm publish
+        env:
+          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,5 +1,13 @@
 # Changelog
 
+### [1.31.2](https://github.com/nodejs/node-core-utils/compare/v1.31.1...v1.31.2) (2022-04-08)
+
+
+### Bug Fixes
+
+* correct username and token validation ([64a977c](https://github.com/nodejs/node-core-utils/commit/64a977c1739be74a0e4b78f2004b43f9ddcb6615))
+* update permitted GitHub token characters ([dc3d3ef](https://github.com/nodejs/node-core-utils/commit/dc3d3efb320a838380aef2eb231644036aa015ec))
+
 ### [1.31.1](https://www.github.com/nodejs/node-core-utils/compare/v1.31.0...v1.31.1) (2022-03-17)
 
 

diff --git a/lib/auth.js b/lib/auth.js
@@ -1,4 +1,3 @@
-import assert from 'node:assert';
 import fs from 'node:fs';
 import { ClientRequest } from 'node:http';
 import util from 'node:util';
@@ -11,9 +10,27 @@ const ghauth = util.promisify(ghauthBase);
 
 export default lazy(auth);
 
+function errorExit(message) {
+  process.stderr.write(`${message}\n`);
+  process.exit(1);
+}
+
 function check(username, token) {
-  assert(typeof username === 'string' && /^[a-zA-Z0-9]*/.test(username));
-  assert(typeof token === 'string' && /^[0-9a-f]*/.test(token));
+  if (typeof username !== 'string') {
+    errorExit(`username must be a string, received ${typeof username}`);
+  }
+  if (!/^[a-zA-Z0-9-]+$/.test(username)) {
+    errorExit(
+      'username may only contain alphanumeric characters or hyphens, ' +
+      `received ${username}`
+    );
+  }
+  if (typeof token !== 'string') {
+    errorExit(`token must be a string, received ${typeof token}`);
+  }
+  if (!/^[A-Za-z0-9_]+$/.test(token)) {
+    errorExit(`token is misformatted: ${token}`);
+  }
 }
 
 function lazy(fn) {
@@ -36,8 +53,7 @@ async function tryCreateGitHubToken(githubAuth) {
       note: 'node-core-utils CLI tools'
     });
   } catch (e) {
-    process.stderr.write(`Could not get token: ${e.message}\n`);
-    process.exit(1);
+    errorExit(`Could not get token: ${e.message}`);
   }
   return credentials;
 }
@@ -84,11 +100,11 @@ async function auth(
   if (options.jenkins) {
     const { username, jenkins_token } = getMergedConfig();
     if (!username || !jenkins_token) {
-      process.stdout.write(
+      errorExit(
         'Get your Jenkins API token in https://ci.nodejs.org/me/configure ' +
         'and run the following command to add it to your ncu config: ' +
-        'ncu-config --global set jenkins_token TOKEN\n');
-      process.exit(1);
+        'ncu-config --global set jenkins_token TOKEN'
+      );
     };
     check(username, jenkins_token);
     result.jenkins = encode(username, jenkins_token);

diff --git a/package.json b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "node-core-utils",
-  "version": "1.31.1",
+  "version": "1.31.2",
   "description": "Utilities for Node.js core collaborators",
   "type": "module",
   "bin": {

diff --git a/test/unit/auth.test.js b/test/unit/auth.test.js
@@ -70,6 +70,59 @@ describe('auth', async function() {
       'Could not get token: Bad credentials\n', 'run-auth-error'
     );
   });
+
+  it('does not accept a non-string username', async function() {
+    this.timeout(2000);
+    await runAuthScript(
+      { HOME: { username: {}, token: '0123456789abcdef' } },
+      [],
+      'username must be a string, received object\n'
+    );
+  });
+
+  it('does not accept a non-string token', async function() {
+    this.timeout(2000);
+    await runAuthScript(
+      { HOME: { username: 'nyancat', token: 42 } },
+      [],
+      'token must be a string, received number\n'
+    );
+  });
+
+  it('does not accept an invalid username format', async function() {
+    this.timeout(2000);
+    await runAuthScript(
+      { HOME: { username: ' ^^^ ', token: '0123456789abcdef' } },
+      [],
+      'username may only contain alphanumeric characters or hyphens, ' +
+      'received  ^^^ \n'
+    );
+  });
+
+  it('does not accept an invalid token format', async function() {
+    this.timeout(2000);
+    await runAuthScript(
+      { HOME: { username: 'nyancat', token: '@fhqwhgads' } },
+      [],
+      'token is misformatted: @fhqwhgads\n'
+    );
+  });
+
+  it('permits capital letters in token format', async function() {
+    this.timeout(2000);
+    await runAuthScript(
+      { HOME: { username: 'nyancat', token: '0123456789ABCDEF' } },
+      ['{"github":"bnlhbmNhdDowMTIzNDU2Nzg5QUJDREVG"}']
+    );
+  });
+
+  it('permits underscores in token format', async function() {
+    this.timeout(2000);
+    await runAuthScript(
+      { HOME: { username: 'nyancat', token: 'ghp_0123456789ABCDEF' } },
+      ['{"github":"bnlhbmNhdDpnaHBfMDEyMzQ1Njc4OUFCQ0RFRg=="}']
+    );
+  });
 });
 
 // ncurc: { HOME: 'text to put in home ncurc',