Skip to content

Commit 23c8610

Browse files
travitravi
committed
fix(trusted-publishing): properly await the check for trusted publishing context
for #958
1 parent a4a5add commit 23c8610

File tree

3 files changed

+8
-11
lines changed

3 files changed

+8
-11
lines changed

lib/verify-auth.js

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -74,7 +74,7 @@ async function verifyTokenAuth(registry, npmrc, context) {
7474
export default async function (npmrc, pkg, context) {
7575
const registry = getRegistry(pkg, context);
7676

77-
if (oidcContextEstablished(registry, pkg, context)) {
77+
if (await oidcContextEstablished(registry, pkg, context)) {
7878
return;
7979
}
8080

test/trusted-publishing/oidc-context.test.js

Lines changed: 1 addition & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -3,12 +3,11 @@ import * as td from "testdouble";
33

44
import { OFFICIAL_REGISTRY } from "../../lib/definitions/constants.js";
55

6-
let oidcContextEstablished, trustedCiProvider, exchangeToken;
6+
let oidcContextEstablished, exchangeToken;
77
const pkg = {};
88
const context = {};
99

1010
test.beforeEach(async (t) => {
11-
await td.replace(globalThis, "fetch");
1211
({ default: exchangeToken } = await td.replaceEsm("../../lib/trusted-publishing/token-exchange.js"));
1312
td.when(exchangeToken(pkg, context)).thenResolve(undefined);
1413

@@ -22,15 +21,13 @@ test.afterEach.always((t) => {
2221
test.serial(
2322
"that `true` is returned when a trusted-publishing context has been established with the official registry",
2423
async (t) => {
25-
td.when(fetch("https://matt.travi.org")).thenResolve(new Response(null, { status: 401 }));
2624
td.when(exchangeToken(pkg, context)).thenResolve("token-value");
2725

2826
t.true(await oidcContextEstablished(OFFICIAL_REGISTRY, pkg, context));
2927
}
3028
);
3129

3230
test.serial("that `false` is returned when OIDC token exchange fails in a supported CI provider", async (t) => {
33-
td.when(fetch("https://matt.travi.org")).thenResolve(new Response(null, { status: 401 }));
3431
td.when(exchangeToken(pkg, context)).thenResolve(undefined);
3532

3633
t.false(await oidcContextEstablished(OFFICIAL_REGISTRY, pkg, context));

test/verify-auth.test.js

Lines changed: 6 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -30,7 +30,7 @@ test.serial(
3030
"that the auth context for the official registry is considered valid when trusted publishing is established",
3131
async (t) => {
3232
td.when(getRegistry(pkg, context)).thenReturn(DEFAULT_NPM_REGISTRY);
33-
td.when(oidcContextEstablished(DEFAULT_NPM_REGISTRY, pkg, context)).thenReturn(true);
33+
td.when(oidcContextEstablished(DEFAULT_NPM_REGISTRY, pkg, context)).thenResolve(true);
3434

3535
await t.notThrowsAsync(verifyAuth(npmrc, pkg, context));
3636
}
@@ -40,7 +40,7 @@ test.serial(
4040
"that the provided token is verified with `npm whoami` when trusted publishing is not established for the official registry",
4141
async (t) => {
4242
td.when(getRegistry(pkg, context)).thenReturn(DEFAULT_NPM_REGISTRY);
43-
td.when(oidcContextEstablished(DEFAULT_NPM_REGISTRY, pkg, context)).thenReturn(false);
43+
td.when(oidcContextEstablished(DEFAULT_NPM_REGISTRY, pkg, context)).thenResolve(false);
4444
td.when(
4545
execa("npm", ["whoami", "--userconfig", npmrc, "--registry", DEFAULT_NPM_REGISTRY], {
4646
cwd,
@@ -60,7 +60,7 @@ test.serial(
6060
"that the auth context for the official registry is considered invalid when no token is provided and trusted publishing is not established",
6161
async (t) => {
6262
td.when(getRegistry(pkg, context)).thenReturn(DEFAULT_NPM_REGISTRY);
63-
td.when(oidcContextEstablished(DEFAULT_NPM_REGISTRY, pkg, context)).thenReturn(false);
63+
td.when(oidcContextEstablished(DEFAULT_NPM_REGISTRY, pkg, context)).thenResolve(false);
6464
td.when(
6565
execa("npm", ["whoami", "--userconfig", npmrc, "--registry", DEFAULT_NPM_REGISTRY], {
6666
cwd,
@@ -89,7 +89,7 @@ test.serial(
8989
execaResult.stderr = { pipe: () => undefined };
9090
execaResult.stdout = { pipe: () => undefined };
9191
td.when(getRegistry(pkg, context)).thenReturn(otherRegistry);
92-
td.when(oidcContextEstablished(DEFAULT_NPM_REGISTRY, pkg, context)).thenReturn(false);
92+
td.when(oidcContextEstablished(DEFAULT_NPM_REGISTRY, pkg, context)).thenResolve(false);
9393
td.when(
9494
execa(
9595
"npm",
@@ -127,7 +127,7 @@ test.serial(
127127
execaResult.stderr = { pipe: () => undefined };
128128
execaResult.stdout = { pipe: () => undefined };
129129
td.when(getRegistry(pkg, context)).thenReturn(otherRegistry);
130-
td.when(oidcContextEstablished(otherRegistry, pkg, context)).thenReturn(false);
130+
td.when(oidcContextEstablished(otherRegistry, pkg, context)).thenResolve(false);
131131
td.when(
132132
execa(
133133
"npm",
@@ -163,7 +163,7 @@ test.serial("that errors from setting up auth bubble through this function", asy
163163
const registry = DEFAULT_NPM_REGISTRY;
164164
const thrownError = new Error();
165165
td.when(getRegistry(pkg, context)).thenReturn(registry);
166-
td.when(oidcContextEstablished(registry, pkg, context)).thenReturn(false);
166+
td.when(oidcContextEstablished(registry, pkg, context)).thenResolve(false);
167167
td.when(setNpmrcAuth(npmrc, registry, context)).thenThrow(new AggregateError([thrownError]));
168168

169169
const {

0 commit comments

Comments
 (0)