diff --git a/cliv2/internal/constants/constants.go b/cliv2/internal/constants/constants.go index c06f4808cd..185ad09b35 100644 --- a/cliv2/internal/constants/constants.go +++ b/cliv2/internal/constants/constants.go @@ -19,6 +19,7 @@ const SNYK_NPM_ALL_PROXY = "ALL_PROXY" const SNYK_CA_CERTIFICATE_LOCATION_ENV = "NODE_EXTRA_CA_CERTS" const SNYK_INTERNAL_NO_PROXY = "localhost,127.0.0.1,::1" const SNYK_OAUTH_ACCESS_TOKEN_ENV = "SNYK_OAUTH_TOKEN" +const SNYK_API_TOKEN_ENV = "SNYK_TOKEN" const SNYK_ANALYTICS_DISABLED_ENV = "SNYK_DISABLE_ANALYTICS" const SNYK_INTERNAL_ORGID_ENV = "SNYK_INTERNAL_ORGID" const SNYK_INTERNAL_PREVIEW_FEATURES_ENABLED = "SNYK_INTERNAL_PREVIEW_FEATURES" diff --git a/cliv2/pkg/basic_workflows/legacycli.go b/cliv2/pkg/basic_workflows/legacycli.go index 5b4f27a685..944d6414c5 100644 --- a/cliv2/pkg/basic_workflows/legacycli.go +++ b/cliv2/pkg/basic_workflows/legacycli.go @@ -8,7 +8,6 @@ import ( "github.com/pkg/errors" "github.com/rs/zerolog" - "github.com/snyk/go-application-framework/pkg/auth" "github.com/snyk/go-application-framework/pkg/configuration" "github.com/snyk/go-application-framework/pkg/logging" "github.com/snyk/go-application-framework/pkg/networking" @@ -76,7 +75,6 @@ func legacycliWorkflow( debugLoggerDefault := invocation.GetLogger() // uses log networkAccess := invocation.GetNetworkAccess() - oauthIsAvailable := config.GetBool(configuration.FF_OAUTH_AUTH_FLOW_ENABLED) args := config.GetStringSlice(configuration.RAW_CMD_ARGS) useStdIo := config.GetBool(configuration.WORKFLOW_USE_STDIO) isDebug := config.GetBool(configuration.DEBUG) @@ -104,23 +102,14 @@ func legacycliWorkflow( cli.AppendEnvironmentVariables(env) } - if oauthIsAvailable { - // The Legacy CLI doesn't support oauth authentication. Oauth authentication is implemented in the Extensible CLI and is added - // to the legacy CLI by forwarding network traffic through the internal proxy of the Extensible CLI. - // The legacy CLI always expects some sort of token to be available, otherwise some functionality isn't available. This is why we inject - // a random token value to bypass these checks and replace the proper authentication headers in the internal proxy. - // Injecting the real token here and not in the proxy would create an issue when the token expires during CLI execution. - if oauth := config.GetString(auth.CONFIG_KEY_OAUTH_TOKEN); len(oauth) > 0 { - envMap := pkg_utils.ToKeyValueMap(os.Environ(), "=") - if _, ok := envMap[constants.SNYK_OAUTH_ACCESS_TOKEN_ENV]; !ok { - env := []string{constants.SNYK_OAUTH_ACCESS_TOKEN_ENV + "=randomtoken"} - cli.AppendEnvironmentVariables(env) - debugLogger.Print("Authentication: Oauth token handling delegated to Extensible CLI.") - } else { - debugLogger.Print("Authentication: Using oauth token from Environment Variable.") - } - } + // In general all authentication if handled through the Extensible CLI now. But there is some legacy logic + // that checks for an API token to be available. Until this logic is safely removed, we will be injecting a + // fake/random API token to bypass this logic. + apiToken := config.GetString(configuration.AUTHENTICATION_TOKEN) + if len(apiToken) == 0 { + apiToken = "random" } + cli.AppendEnvironmentVariables([]string{constants.SNYK_API_TOKEN_ENV + "=" + apiToken}) err = cli.Init() if err != nil { diff --git a/test/jest/acceptance/auth.spec.ts b/test/jest/acceptance/auth.spec.ts index d2921287e7..8b760be4bb 100644 --- a/test/jest/acceptance/auth.spec.ts +++ b/test/jest/acceptance/auth.spec.ts @@ -55,6 +55,12 @@ describe('Auth', () => { }, ); expect(code).toEqual(0); + + // Run this command to verify that it succeeds with oauth, since it is implemented in TS + const ignoreCode = await runSnykCLI(`ignore --id=das`, { + env, + }); + expect(ignoreCode.code).toEqual(0); }); it('fails to us oauth client credentials grant to authenticate', async () => {