From ff377b3c2d3a590abb6ae8a4b5e5eecb897f29ae Mon Sep 17 00:00:00 2001 From: reggi Date: Tue, 22 Jul 2025 12:31:37 -0400 Subject: [PATCH 1/6] cleanup logs --- lib/utils/oidc.js | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/lib/utils/oidc.js b/lib/utils/oidc.js index d647721b10153..67fc8059691f4 100644 --- a/lib/utils/oidc.js +++ b/lib/utils/oidc.js @@ -30,7 +30,7 @@ async function oidc ({ packageName, registry, opts, config }) { /** @see https://github.com/watson/ci-info/blob/v4.2.0/vendors.json#L161C13-L161C22 */ ciInfo.GITLAB )) { - log.silly('oidc', 'Skipped because not running in a supported CI environment') + log.silly('oidc', 'Skipped because unsupported CI environment') return undefined } @@ -159,13 +159,13 @@ async function oidc ({ packageName, registry, opts, config }) { }) } catch (error) { if (error?.body?.message) { - log.verbose('oidc', `Failed with registry body response error message "${error.body.message}"`) + log.verbose('oidc', `Failed with body message "${error.body.message}"`) } return undefined } if (!response?.token) { - log.verbose('oidc', 'Failed with token exchange missing token in response body') + log.verbose('oidc', 'Failed because token exchange was missing the token in the response body') return undefined } /* @@ -179,7 +179,7 @@ async function oidc ({ packageName, registry, opts, config }) { log.verbose('oidc', `Successfully retrieved and set token`) } catch (error) { /* istanbul ignore next */ - log.verbose('oidc', 'Failed checking config', error) + log.verbose('oidc', `Failure with message "${error?.message || 'Unknown error'}"`) } return undefined } From 90acf90a201d6be49a21b85827394a096def06fc Mon Sep 17 00:00:00 2001 From: reggi Date: Tue, 22 Jul 2025 12:43:28 -0400 Subject: [PATCH 2/6] remove ignore line --- lib/utils/oidc.js | 1 - test/lib/commands/publish.js | 18 +++++++++++++++++- 2 files changed, 17 insertions(+), 2 deletions(-) diff --git a/lib/utils/oidc.js b/lib/utils/oidc.js index 67fc8059691f4..7f453cb122ed7 100644 --- a/lib/utils/oidc.js +++ b/lib/utils/oidc.js @@ -178,7 +178,6 @@ async function oidc ({ packageName, registry, opts, config }) { config.set(authTokenKey, response.token, 'user') log.verbose('oidc', `Successfully retrieved and set token`) } catch (error) { - /* istanbul ignore next */ log.verbose('oidc', `Failure with message "${error?.message || 'Unknown error'}"`) } return undefined diff --git a/test/lib/commands/publish.js b/test/lib/commands/publish.js index 7a285ecbb2488..4dc839a85ee15 100644 --- a/test/lib/commands/publish.js +++ b/test/lib/commands/publish.js @@ -5,7 +5,7 @@ const pacote = require('pacote') const Arborist = require('@npmcli/arborist') const path = require('node:path') const fs = require('node:fs') -const { githubIdToken, gitlabIdToken, oidcPublishTest } = require('../../fixtures/mock-oidc') +const { githubIdToken, gitlabIdToken, oidcPublishTest, mockOidc } = require('../../fixtures/mock-oidc') const { sigstoreIdToken } = require('@npmcli/mock-registry/lib/provenance') const pkg = '@npmcli/test-package' @@ -1135,6 +1135,22 @@ t.test('oidc token exchange - no provenance', t => { }, })) + t.test('global try / catch failure via malformed url', async (t) => { + mockOidc(t, { + config: { + '//registry.npmjs.org/:_authToken': 'existing-fallback-token', + }, + oidcOptions: { + github: true, + // malformed url should trigger a global try / catch + ACTIONS_ID_TOKEN_REQUEST_URL: '//github.com', + }, + publishOptions: { + token: 'existing-fallback-token', + }, + }) + }) + t.test('default registry success gitlab', oidcPublishTest({ oidcOptions: { gitlab: true, NPM_ID_TOKEN: gitlabPrivateIdToken }, config: { From fbd42853083b2b964fc347d86110cfd02357bab6 Mon Sep 17 00:00:00 2001 From: reggi Date: Tue, 22 Jul 2025 12:44:10 -0400 Subject: [PATCH 3/6] swap to pub test --- test/lib/commands/publish.js | 28 +++++++++++++--------------- 1 file changed, 13 insertions(+), 15 deletions(-) diff --git a/test/lib/commands/publish.js b/test/lib/commands/publish.js index 4dc839a85ee15..a07eeaa869b7f 100644 --- a/test/lib/commands/publish.js +++ b/test/lib/commands/publish.js @@ -1135,21 +1135,19 @@ t.test('oidc token exchange - no provenance', t => { }, })) - t.test('global try / catch failure via malformed url', async (t) => { - mockOidc(t, { - config: { - '//registry.npmjs.org/:_authToken': 'existing-fallback-token', - }, - oidcOptions: { - github: true, - // malformed url should trigger a global try / catch - ACTIONS_ID_TOKEN_REQUEST_URL: '//github.com', - }, - publishOptions: { - token: 'existing-fallback-token', - }, - }) - }) + t.test('global try / catch failure via malformed url', oidcPublishTest({ + config: { + '//registry.npmjs.org/:_authToken': 'existing-fallback-token', + }, + oidcOptions: { + github: true, + // malformed url should trigger a global try / catch + ACTIONS_ID_TOKEN_REQUEST_URL: '//github.com', + }, + publishOptions: { + token: 'existing-fallback-token', + }, + })) t.test('default registry success gitlab', oidcPublishTest({ oidcOptions: { gitlab: true, NPM_ID_TOKEN: gitlabPrivateIdToken }, From ca9187243ca2339788c183e1550170ef69ca3f65 Mon Sep 17 00:00:00 2001 From: reggi Date: Tue, 22 Jul 2025 12:46:27 -0400 Subject: [PATCH 4/6] rm unused --- test/lib/commands/publish.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/lib/commands/publish.js b/test/lib/commands/publish.js index a07eeaa869b7f..dd48fa67f40ae 100644 --- a/test/lib/commands/publish.js +++ b/test/lib/commands/publish.js @@ -5,7 +5,7 @@ const pacote = require('pacote') const Arborist = require('@npmcli/arborist') const path = require('node:path') const fs = require('node:fs') -const { githubIdToken, gitlabIdToken, oidcPublishTest, mockOidc } = require('../../fixtures/mock-oidc') +const { githubIdToken, gitlabIdToken, oidcPublishTest } = require('../../fixtures/mock-oidc') const { sigstoreIdToken } = require('@npmcli/mock-registry/lib/provenance') const pkg = '@npmcli/test-package' From f5b8ed1bb8253b38337c27ce50621b16f45d88d0 Mon Sep 17 00:00:00 2001 From: reggi Date: Tue, 22 Jul 2025 14:31:14 -0400 Subject: [PATCH 5/6] cover the uncoverable --- test/fixtures/mock-oidc.js | 9 ++++++--- test/lib/commands/publish.js | 35 ++++++++++++++++++++++++++++++++++- 2 files changed, 40 insertions(+), 4 deletions(-) diff --git a/test/fixtures/mock-oidc.js b/test/fixtures/mock-oidc.js index 03a35522f7345..2b9302aa5b460 100644 --- a/test/fixtures/mock-oidc.js +++ b/test/fixtures/mock-oidc.js @@ -80,8 +80,11 @@ const mockOidc = async (t, { ciInfo.GITLAB = GITLAB }) - const { npm, registry, joinedOutput } = await loadNpmWithRegistry(t, { - config, + const { npm, registry, joinedOutput, logs } = await loadNpmWithRegistry(t, { + config: { + loglevel: 'silly', + ...config, + }, prefixDir: { 'package.json': JSON.stringify({ name: packageName, @@ -128,7 +131,7 @@ const mockOidc = async (t, { }) } - return { npm, joinedOutput } + return { npm, joinedOutput, logs, ACTIONS_ID_TOKEN_REQUEST_URL } } const oidcPublishTest = (opts) => { diff --git a/test/lib/commands/publish.js b/test/lib/commands/publish.js index dd48fa67f40ae..2bd6989434312 100644 --- a/test/lib/commands/publish.js +++ b/test/lib/commands/publish.js @@ -5,8 +5,9 @@ const pacote = require('pacote') const Arborist = require('@npmcli/arborist') const path = require('node:path') const fs = require('node:fs') -const { githubIdToken, gitlabIdToken, oidcPublishTest } = require('../../fixtures/mock-oidc') +const { githubIdToken, gitlabIdToken, oidcPublishTest, mockOidc } = require('../../fixtures/mock-oidc') const { sigstoreIdToken } = require('@npmcli/mock-registry/lib/provenance') +const mockGlobals = require('@npmcli/mock-globals') const pkg = '@npmcli/test-package' const token = 'test-auth-token' @@ -1149,6 +1150,38 @@ t.test('oidc token exchange - no provenance', t => { }, })) + t.test('global try / catch failure via throw non Error', async t => { + const { npm, logs, joinedOutput, ACTIONS_ID_TOKEN_REQUEST_URL } = await mockOidc(t, { + config: { + '//registry.npmjs.org/:_authToken': 'existing-fallback-token', + }, + oidcOptions: { + github: true, + }, + publishOptions: { + token: 'existing-fallback-token', + }, + }) + + class URLOverride extends URL { + constructor (...args) { + const [url] = args + if (url === ACTIONS_ID_TOKEN_REQUEST_URL) { + throw 'Borqued URL' + } + super(...args) + } + } + + mockGlobals(t, { + URL: URLOverride, + }) + + await npm.exec('publish', []) + t.match(joinedOutput(), '+ @npmcli/test-package@1.0.0') + t.ok(logs.includes('verbose oidc Failure with message "Unknown error"')) + }) + t.test('default registry success gitlab', oidcPublishTest({ oidcOptions: { gitlab: true, NPM_ID_TOKEN: gitlabPrivateIdToken }, config: { From 6bd71873f32a9d4c3178d0aebee24aead988be09 Mon Sep 17 00:00:00 2001 From: reggi Date: Tue, 22 Jul 2025 14:32:53 -0400 Subject: [PATCH 6/6] edit string --- test/lib/commands/publish.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/lib/commands/publish.js b/test/lib/commands/publish.js index 2bd6989434312..530a097d07542 100644 --- a/test/lib/commands/publish.js +++ b/test/lib/commands/publish.js @@ -1167,7 +1167,7 @@ t.test('oidc token exchange - no provenance', t => { constructor (...args) { const [url] = args if (url === ACTIONS_ID_TOKEN_REQUEST_URL) { - throw 'Borqued URL' + throw 'Specifically throwing a non errror object to test global try / catch' } super(...args) }