feat: separate login/adduser, remove auth types ( #5550 )

The difference between `adduser` and `login` depends on the `auth-type`. - `web`: the POST to `/-/v1/login` contains a `{ create: true }` value in its payload for `adduser` - `legacy` the `PUT` request to `/-/user/org.couchdb.user:${username}` contains an `email` value in its payload for `adduser`. BREAKING CHANGE: `login`, `adduser`, and `auth-type` changes - This removes all `auth-type` configs except `web` and `legacy`. - `login` and `adduser` are now separate commands that send different data to the registry. - `auth-type` config values `web` and `legacy` only try their respective methods, npm no longer tries them all and waits to see which one doesn't fail.
npm · Sep 21, 2022 · 314311c · 314311c
1 parent d3ff2aa
commit 314311c
Show file tree

Hide file tree

Showing 29 changed files with 645 additions and 1,329 deletions .
diff --git a/docs/content/commands/npm-adduser.md b/docs/content/commands/npm-adduser.md
@@ -13,7 +13,7 @@ description: Add a registry user account
  ``` bash
  npm adduser
 
- aliases: login, add-user
+ alias: add-user
  ```
 
  <!-- automatically generated, do not edit manually -->
@@ -25,22 +25,12 @@ Note: This command is unaware of workspaces.
 
  ### Description
 
- Create or verify a user named ` <username> `  in the specified registry, and
- save the credentials to the ` .npmrc ` file. If no registry is specified,
- the default registry will be used (see [ ` config ` ] ( /using-npm/config ) ).
+ Create a new user in the specified registry, and save the credentials to
+ the ` .npmrc ` file. If no registry is specified, the default registry
+ will be used (see [ ` config ` ] ( /using-npm/config ) ).
 
- The username, password, and email are read in from prompts.
-
- To reset your password, go to < https://www.npmjs.com/forgot >
-
- To change your email address, go to < https://www.npmjs.com/email-edit >
-
- You may use this command multiple times with the same user account to
- authorize on a new machine.  When authenticating on a new machine,
- the username, password and email address must all match with
- your existing record.
-
- ` npm login ` is an alias to ` adduser ` and behaves exactly the same way.
+ When using ` legacy ` for your ` auth-type ` ,  the username, password, and
+ email are read in from prompts.
 
  ### Configuration
 
@@ -93,10 +83,7 @@ npm init --scope=@foo --yes
  #### ` auth-type `
 
  * Default: "legacy"
- * Type: "legacy", "web", "sso", "saml", "oauth", or "webauthn"
-
- NOTE: auth-type values "sso", "saml", "oauth", and "webauthn" will be
- removed in a future version.
+ * Type: "legacy" or "web"
 
  What authentication strategy to use with ` login ` .
 

diff --git a/docs/content/commands/npm-login.md b/docs/content/commands/npm-login.md
@@ -0,0 +1,110 @@
+ ---
+ title : npm-login
+ section : one
+ description : Login to a registry user account
+ ---
+
+ ### Synopsis
+
+ <!-- AUTOGENERATED USAGE DESCRIPTIONS START -->
+ <!-- automatically generated, do not edit manually -->
+ <!-- see lib/commands/login.js -->
+
+ ``` bash
+ npm login
+ ```
+
+ <!-- automatically generated, do not edit manually -->
+ <!-- see lib/commands/login.js -->
+
+ <!-- AUTOGENERATED USAGE DESCRIPTIONS END -->
+
+ Note: This command is unaware of workspaces.
+
+ ### Description
+
+ Verify a user in the specified registry, and save the credentials to the
+ ` .npmrc ` file. If no registry is specified, the default registry will be
+ used (see [ ` config ` ] ( /using-npm/config ) ).
+
+ When using ` legacy ` for your ` auth-type ` ,  the username and password, are
+ read in from prompts.
+
+ To reset your password, go to < https://www.npmjs.com/forgot >
+
+ To change your email address, go to < https://www.npmjs.com/email-edit >
+
+ You may use this command multiple times with the same user account to
+ authorize on a new machine.  When authenticating on a new machine,
+ the username, password and email address must all match with
+ your existing record.
+
+ ### Configuration
+
+ <!-- AUTOGENERATED CONFIG DESCRIPTIONS START -->
+ <!-- automatically generated, do not edit manually -->
+ <!-- see lib/utils/config/definitions.js -->
+ #### ` registry `
+
+ * Default: " https://registry.npmjs.org/ "
+ * Type: URL
+
+ The base URL of the npm registry.
+
+ <!-- automatically generated, do not edit manually -->
+ <!-- see lib/utils/config/definitions.js -->
+
+ #### ` scope `
+
+ * Default: the scope of the current project, if any, or ""
+ * Type: String
+
+ Associate an operation with a scope for a scoped registry.
+
+ Useful when logging in to or out of a private registry:
+
+ ```
+ # log in,  linking the scope to the custom registry
+ npm login --scope=@mycorp --registry= https://registry.mycorp.com
+
+ # log out,  removing the link and the auth token
+ npm logout --scope=@mycorp
+ ```
+
+ This will cause ` @mycorp ` to be mapped to the registry for future
+ installation of packages specified according to the pattern
+ ` @mycorp/package ` .
+
+ This will also cause ` npm init ` to create a scoped package.
+
+ ```
+ # accept all defaults, and create a package named "@foo/whatever",
+ # instead of just named "whatever"
+ npm init --scope=@foo --yes
+ ```
+
+
+ <!-- automatically generated, do not edit manually -->
+ <!-- see lib/utils/config/definitions.js -->
+
+ #### ` auth-type `
+
+ * Default: "legacy"
+ * Type: "legacy" or "web"
+
+ What authentication strategy to use with ` login ` .
+
+ <!-- automatically generated, do not edit manually -->
+ <!-- see lib/utils/config/definitions.js -->
+
+ <!-- AUTOGENERATED CONFIG DESCRIPTIONS END -->
+
+ ### See Also
+
+ *  [ npm registry ] ( /using-npm/registry )
+ *  [ npm config ] ( /commands/npm-config )
+ *  [ npmrc ] ( /configuring-npm/npmrc )
+ *  [ npm owner ] ( /commands/npm-owner )
+ *  [ npm whoami ] ( /commands/npm-whoami )
+ *  [ npm token ] ( /commands/npm-token )
+ *  [ npm profile ] ( /commands/npm-profile )
diff --git a/docs/content/using-npm/config.md b/docs/content/using-npm/config.md
@@ -218,10 +218,7 @@ exit code.
  #### ` auth-type `
 
  * Default: "legacy"
- * Type: "legacy", "web", "sso", "saml", "oauth", or "webauthn"
-
- NOTE: auth-type values "sso", "saml", "oauth", and "webauthn" will be
- removed in a future version.
+ * Type: "legacy" or "web"
 
  What authentication strategy to use with ` login ` .
 
@@ -2084,31 +2081,6 @@ Alias for --package-lock
  <!-- automatically generated, do not edit manually -->
  <!-- see lib/utils/config/definitions.js -->
 
- #### ` sso-poll-frequency `
-
- * Default: 500
- * Type: Number
- * DEPRECATED: The --auth-type method of SSO/SAML/OAuth will be removed in a
- future version of npm in favor of web-based login.
-
- When used with SSO-enabled ` auth-type ` s, configures how regularly the
- registry should be polled while the user is completing authentication.
-
- <!-- automatically generated, do not edit manually -->
- <!-- see lib/utils/config/definitions.js -->
-
- #### ` sso-type `
-
- * Default: "oauth"
- * Type: null,  "oauth", or "saml"
- * DEPRECATED: The --auth-type method of SSO/SAML/OAuth will be removed in a
- future version of npm in favor of web-based login.
-
- If ` --auth-type=sso ` ,  the type of SSO type to use.
-
- <!-- automatically generated, do not edit manually -->
- <!-- see lib/utils/config/definitions.js -->
-
  #### ` tmp `
 
  * Default: The value returned by the Node.js ` os.tmpdir() ` method

diff --git a/docs/nav.yml b/docs/nav.yml
@@ -96,6 +96,9 @@
  - title : npm link
      url : /commands/npm-link
      description : Symlink a package folder
+ - title : npm login
+     url : /commands/npm-login
+     description : Login to a registry user account
  - title : npm logout
      url : /commands/npm-logout
      description : Log out of the registry

diff --git a/lib/auth/legacy.js b/lib/auth/legacy.js
diff --git a/lib/auth/oauth.js b/lib/auth/oauth.js
diff --git a/lib/auth/saml.js b/lib/auth/saml.js