From 851344965ab9917af6caab39ac065e0f0d70b489 Mon Sep 17 00:00:00 2001 From: Ashley Ellis Pierce Date: Wed, 29 Mar 2023 13:20:47 -0400 Subject: Ensure api_key is sent if basic auth not provided on webauthn_verification_url Co-authored-by: Jenny Shen --- lib/rubygems/gemcutter_utilities.rb | 6 +++--- test/rubygems/test_gem_commands_owner_command.rb | 2 ++ test/rubygems/test_gem_commands_push_command.rb | 1 + test/rubygems/test_gem_commands_yank_command.rb | 2 ++ 4 files changed, 8 insertions(+), 3 deletions(-) diff --git a/lib/rubygems/gemcutter_utilities.rb b/lib/rubygems/gemcutter_utilities.rb index 5c29aad0e4..a8a586fa02 100644 --- a/lib/rubygems/gemcutter_utilities.rb +++ b/lib/rubygems/gemcutter_utilities.rb @@ -287,10 +287,10 @@ module Gem::GemcutterUtilities def webauthn_verification_url(credentials) response = rubygems_api_request(:post, "api/v1/webauthn_verification") do |request| - if credentials - request.basic_auth credentials[:email], credentials[:password] - else + if credentials.empty? request.add_field "Authorization", api_key + else + request.basic_auth credentials[:email], credentials[:password] end end response.is_a?(Net::HTTPSuccess) ? response.body : nil diff --git a/test/rubygems/test_gem_commands_owner_command.rb b/test/rubygems/test_gem_commands_owner_command.rb index 18f9a2ecdf..091335ab4b 100644 --- a/test/rubygems/test_gem_commands_owner_command.rb +++ b/test/rubygems/test_gem_commands_owner_command.rb @@ -417,6 +417,8 @@ EOF end url_with_port = "#{webauthn_verification_url}?port=#{port}" + + assert_match @stub_fetcher.last_request["Authorization"], Gem.configuration.rubygems_api_key assert_match "You have enabled multi-factor authentication. Please visit #{url_with_port} to authenticate via security device. If you can't verify using WebAuthn but have OTP enabled, you can re-run the gem signin command with the `--otp [your_code]` option.", @stub_ui.output assert_match "ERROR: Security device verification failed: Something went wrong", @stub_ui.error refute_match "You are verified with a security device. You may close the browser window.", @stub_ui.output diff --git a/test/rubygems/test_gem_commands_push_command.rb b/test/rubygems/test_gem_commands_push_command.rb index c8de71823d..aa0cf87474 100644 --- a/test/rubygems/test_gem_commands_push_command.rb +++ b/test/rubygems/test_gem_commands_push_command.rb @@ -482,6 +482,7 @@ class TestGemCommandsPushCommand < Gem::TestCase end assert_equal 1, error.exit_code + assert_match @fetcher.last_request["Authorization"], Gem.configuration.rubygems_api_key url_with_port = "#{webauthn_verification_url}?port=#{port}" assert_match "You have enabled multi-factor authentication. Please visit #{url_with_port} to authenticate via security device. If you can't verify using WebAuthn but have OTP enabled, you can re-run the gem signin command with the `--otp [your_code]` option.", @ui.output assert_match "ERROR: Security device verification failed: Something went wrong", @ui.error diff --git a/test/rubygems/test_gem_commands_yank_command.rb b/test/rubygems/test_gem_commands_yank_command.rb index f50599f8e5..e5e234e0f8 100644 --- a/test/rubygems/test_gem_commands_yank_command.rb +++ b/test/rubygems/test_gem_commands_yank_command.rb @@ -185,6 +185,8 @@ class TestGemCommandsYankCommand < Gem::TestCase assert_equal 1, error.exit_code url_with_port = "#{webauthn_verification_url}?port=#{port}" + + assert_match @fetcher.last_request["Authorization"], Gem.configuration.rubygems_api_key assert_match %r{Yanking gem from http://example}, @ui.output assert_match "You have enabled multi-factor authentication. Please visit #{url_with_port} to authenticate via security device. If you can't verify using WebAuthn but have OTP enabled, you can re-run the gem signin command with the `--otp [your_code]` option.", @ui.output assert_match "ERROR: Security device verification failed: Something went wrong", @ui.error -- cgit v1.2.1