access: Add support for requiring per-package 2fa

Credit: @iarna PR-URL: #11
npm · Jul 13, 2018 · 573ca50 · 573ca50
1 parent 1a2ba28
commit 573ca50
Show file tree

Hide file tree

Showing 2 changed files with 27 additions and 10 deletions.
diff --git a/doc/cli/npm-access.md b/doc/cli/npm-access.md
@@ -6,6 +6,9 @@ npm-access(1) -- Set access level on published packages
     npm access public [<package>]
     npm access restricted [<package>]
 
+    npm access 2fa-required [<package>]
+    npm access 2fa-not-required [<package>]
+
     npm access grant <read-only|read-write> <scope:team> [<package>]
     npm access revoke <scope:team> [<package>]
 
@@ -24,6 +27,10 @@ subcommand.
 * public / restricted:
   Set a package to be either publicly accessible or restricted.
 
+* 2fa-required / 2fa-not-required:
+  Set a package as requiring or not requiring that the publisher have two
+  factor authentication enabled on their account.
+
 * grant / revoke:
   Add or remove the ability of users and teams to have read-only or read-write
   access to a package.

diff --git a/lib/access.js b/lib/access.js
@@ -7,6 +7,9 @@ var readPackageJson = require('read-package-json')
 var mapToRegistry = require('./utils/map-to-registry.js')
 var npm = require('./npm.js')
 var output = require('./utils/output.js')
+const readUserInfo = require('./utils/read-user-info.js')
+const Bluebird = require('bluebird')
+const registryAccess = Bluebird.promisify(npm.registry.access.bind(npm.registry))
 
 var whoami = require('./whoami')
 
@@ -17,6 +20,8 @@ access.usage =
   'npm access restricted [<package>]\n' +
   'npm access grant <read-only|read-write> <scope:team> [<package>]\n' +
   'npm access revoke <scope:team> [<package>]\n' +
+  'npm access 2fa-required <package>\n' +
+  'npm access 2fa-not-required <package>\n' +
   'npm access ls-packages [<user>|<scope>|<scope:team>]\n' +
   'npm access ls-collaborators [<package> [<user>]]\n' +
   'npm access edit [<package>]'
@@ -61,17 +66,22 @@ function access (args, cb) {
 
   function invokeCmd (err, uri, auth, base) {
     if (err) { return cb(err) }
-    params.auth = auth
-    try {
-      return npm.registry.access(cmd, uri, params, function (err, data) {
-        if (!err && data) {
-          output(JSON.stringify(data, undefined, 2))
-        }
-        cb(err, data)
+    return Bluebird.try(() => {
+      params.auth = auth
+      try {
+        return registryAccess(cmd, uri, params)
+      } catch (err) {
+        throw err.message + '\n\nUsage:\n' + access.usage
+      }
+    }).catch(err => {
+      if (err.code !== 'EOTP') throw err
+      return readUserInfo.otp('Enter OTP: ').then(otp => {
+        params.auth.otp = otp
+        return registryAccess(cmd, uri, params)
       })
-    } catch (e) {
-      cb(e.message + '\n\nUsage:\n' + access.usage)
-    }
+    }).then(data => {
+      return output(data ? JSON.stringify(data, undefined, 2) : '"ok"')
+    }).asCallback(cb)
   }
 }