-
-
Notifications
You must be signed in to change notification settings - Fork 1.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
yarn npm login is not compatible with verdaccio #1044
Comments
I was able to reproduce this easily with Yarn 2.0.0-rc.31. $ docker run -it --rm --name verdaccio -p 4873:4873 verdaccio/verdaccio Then first create a user via: $ npm adduser --registry http://localhost:4873 Then configure the local registry in your npmScopes:
testscope:
npmPublishRegistry: "http://localhost:4873"
npmRegistryServer: "http://localhost:4873"
npmAlwaysAuth: true
unsafeHttpWhitelist:
- "localhost" followed by: $ yarn npm login -s testscope If you use the same credentials from
|
This comment has been minimized.
This comment has been minimized.
Tried a repro - still I don't know how to simulate input to "yarn npm login". Maybe someone could enlighten me... I'm not sure if this will help to fix the bug, though. |
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
Also it does not seem to allow to start verdaccio... |
BTW, if I copy the auth-token received by "npm login" into .yarnrc.yml the registry can be accessed without probs. |
Hi! It didn't help me. I add new user into Verdaccio, then copy authToken into |
The verdaccio logs shows that npm has some extra logic when a 409 is returned:
The logic in question can be found here: https://github.com/npm/npm-profile/blob/6b643238ff7e1e6ec5544b0771142a8d0c537925/index.js#L162 |
This comment has been minimized.
This comment has been minimized.
I've removed the repro tag from the OP. Even though it's probably possible to get it running in sherlock, it would be hard to do and it's easy enough to reproduce manually. |
I'll give it a try 🤞 |
any news here? npmAlwaysAuth: true
npmAuthToken: xxxxMyToken
npmRegistryServer: "http://localhost:4873"
npmScopes:
myscope:
npmAlwaysAuth: true
npmAuthToken: xxxxMyToken
npmPublishRegistry: "http://localhost:4873"
npmRegistryServer: "http://localhost:4873"
unsafeHttpWhitelist:
- localhost
|
I have exactly the same problem as @dmoosocool, any news? |
I designed a temporary fix. I created a file named # This is a temporary fix allowing to publish the package.
# Indeed, there is a bug under Yarn Berry that prevents deployment on Verdaccio.
# @see https://github.com/yarnpkg/berry/issues/1044
# @see https://github.com/verdaccio/verdaccio/issues/1737
sed -i "s/yarnPath: .*/yarnPath: \.yarn\/releases\/yarn-1.22.10.cjs/" .yarnrc.yml
yarn publish
sed -i "s/yarnPath: .*/yarnPath: \.yarn\/releases\/yarn-berry.cjs/" .yarnrc.yml When you want to publish, do not run |
Any progress on this? |
I'm removing myself assigning here more details verdaccio/verdaccio#1737 (comment) and here the PR I did open #1848 anyone feel free to keep contributing. |
After playing with Wireshark, a non-https request and Yarn Berry I was able to replicate the same behavior on Postman. It looks like As extra info, it doesn't launch the authorization nor the adduser process from all the plugins as I'm using verdaccio-azure-ad-login and this one does not display any of the debug messages it displays when using npm login. |
Temporary workaround:
Then yarn npm publish for verdaccio works fine. |
Same issue with yarn |
Same issue with yarn |
Unfortunately, this still is an issue with current Verdaccio 5.17 and yarn 3.3.0 as well as 4.0.0rc30. Comparing Wireshark logs for npm and yarn with the same prerequisites (no token in .npmrc or .yarnrc.yml) it can be seen, that npm receives "409 conflict (user exists)" just as yarn does. However, while yarn stops at that moment, npm continues in a kind of "login flow", finally creating a token and logging in successfully. This is the relevant source of npm: OTOH, if there is a token in .npmrc and .yarnrc.yml, npm sends the token with the request while yarn doesn't. Such, there's no "409" for npm, but for yarn it remains. Essentially, this is what @juanpicado tries to address in the PR - any chance this will be fixed for 4.0? |
Same issue |
Feel like I'm late to the party but discovering this issue in 2023. 😆 |
Same issue with yarn 3.6.1 and Verdaccio 5.26.1. |
This commit fixes `yarn npm login` when the remote registry is Verdaccio. When a user already exists, the registry replies with `409 Conflict`. The official npm client then retrieves the latest user state and inserts a revision, using HTTP basic authentication. This step was missing, and this commits adds it. The change was tested to work with a private Verdaccio registry. It should now be as reliable as the official npm client. - Closes yarnpkg#1044 - Closes verdaccio/verdaccio#1737
This commit fixes `yarn npm login` when the remote registry is Verdaccio. When a user already exists, the registry replies with `409 Conflict`. The official npm client then retrieves the latest user state and inserts a revision, using HTTP basic authentication. This step was missing, and this commits adds it. The change was tested to work with a private Verdaccio registry. It should now be as reliable as the official npm client. - Closes yarnpkg#1044 - Closes verdaccio/verdaccio#1737
I was able to fix the issue locally; it works with my private Verdaccio instance. I sent a Yarn PR: #5983 |
This commit fixes `yarn npm login` when the remote registry is Verdaccio. When a user already exists, the registry replies with `409 Conflict`. The official npm client then retrieves the latest user state and inserts a revision, using HTTP basic authentication. This step was missing, and this commits adds it. The change was tested to work with a private Verdaccio registry. It should now be as reliable as the official npm client. - Closes yarnpkg#1044 - Closes verdaccio/verdaccio#1737
This commit fixes `yarn npm login` when the remote registry is Verdaccio. When a user already exists, the registry replies with `409 Conflict`. The official npm client then retrieves the latest user state and inserts a revision, using HTTP basic authentication. This step was missing, and this commits adds it. The change was tested to work with a private Verdaccio registry. It should now be as reliable as the official npm client. - Closes yarnpkg#1044 - Closes verdaccio/verdaccio#1737
This commit fixes `yarn npm login` when the remote registry is Verdaccio. When a user already exists, the registry replies with `409 Conflict`. The official npm client then retrieves the latest user state and inserts a revision, using HTTP basic authentication. This step was missing, and this commits adds it. The change was tested to work with a private Verdaccio registry. It should now be as reliable as the official npm client. - Closes yarnpkg#1044 - Closes yarnpkg#1848 - Closes verdaccio/verdaccio#1737
This commit fixes `yarn npm login` when the remote registry is Verdaccio. When a user already exists, the registry replies with `409 Conflict`. The official npm client then retrieves the latest user state and inserts a revision, using HTTP basic authentication. This step was missing, and this commits adds it. The change was tested to work with a private Verdaccio registry. It should now be as reliable as the official npm client. - Closes yarnpkg#1044 - Closes yarnpkg#1848 - Closes verdaccio/verdaccio#1737
This commit fixes `yarn npm login` when the remote registry is Verdaccio. When a user already exists, the registry replies with `409 Conflict`. The official npm client then retrieves the latest user state and inserts a revision, using HTTP basic authentication. This step was missing, and this commits adds it. The change was tested to work with a private Verdaccio registry. It should now be as reliable as the official npm client. - Closes yarnpkg#1044 - Closes yarnpkg#1848 - Closes verdaccio/verdaccio#1737
This commit fixes `yarn npm login` when the remote registry is Verdaccio. When a user already exists, the registry replies with `409 Conflict`. The official npm client then retrieves the latest user state and inserts a revision, using HTTP basic authentication. This step was missing, and this commits adds it. The change was tested to work with a private Verdaccio registry. It should now be as reliable as the official npm client. - Closes yarnpkg#1044 - Closes yarnpkg#1848 - Closes verdaccio/verdaccio#1737
**What's the problem this PR addresses?** This commit fixes `yarn npm login` when the remote registry is Verdaccio. - Closes #1044 - Closes #1848 - Closes verdaccio/verdaccio#1737 ... **How did you fix it?** When a user already exists, the registry replies with `409 Conflict`. The official npm client then retrieves the latest user state and inserts a revision, using HTTP basic authentication. This step was missing, and this commits adds it. The change was tested to work with a private Verdaccio registry. It should now be as reliable as the official npm client. ... **Checklist** <!--- Don't worry if you miss something, chores are automatically tested. --> <!--- This checklist exists to help you remember doing the chores when you submit a PR. --> <!--- Put an `x` in all the boxes that apply. --> - [x] I have read the [Contributing Guide](https://yarnpkg.com/advanced/contributing). <!-- See https://yarnpkg.com/advanced/contributing#preparing-your-pr-to-be-released for more details. --> <!-- Check with `yarn version check` and fix with `yarn version check -i` --> - [x] I have set the packages that need to be released for my changes to be effective. <!-- The "Testing chores" workflow validates that your PR follows our guidelines. --> <!-- If it doesn't pass, click on it to see details as to what your PR might be missing. --> - [x] I will check that all automated PR checks pass before the PR gets reviewed.
**What's the problem this PR addresses?** This commit fixes `yarn npm login` when the remote registry is Verdaccio. - Closes #1044 - Closes #1848 - Closes verdaccio/verdaccio#1737 ... **How did you fix it?** When a user already exists, the registry replies with `409 Conflict`. The official npm client then retrieves the latest user state and inserts a revision, using HTTP basic authentication. This step was missing, and this commits adds it. The change was tested to work with a private Verdaccio registry. It should now be as reliable as the official npm client. ... **Checklist** <!--- Don't worry if you miss something, chores are automatically tested. --> <!--- This checklist exists to help you remember doing the chores when you submit a PR. --> <!--- Put an `x` in all the boxes that apply. --> - [x] I have read the [Contributing Guide](https://yarnpkg.com/advanced/contributing). <!-- See https://yarnpkg.com/advanced/contributing#preparing-your-pr-to-be-released for more details. --> <!-- Check with `yarn version check` and fix with `yarn version check -i` --> - [x] I have set the packages that need to be released for my changes to be effective. <!-- The "Testing chores" workflow validates that your PR follows our guidelines. --> <!-- If it doesn't pass, click on it to see details as to what your PR might be missing. --> - [x] I will check that all automated PR checks pass before the PR gets reviewed. (cherry picked from commit db6210f)
Describe the bug
I have a private npm registry implemented by verdaccio which requires login for any access. When a certain user does not yet exist in the registry
yarn npm login
succeeds. However, as soon as this user tries to relogin with the same command there's a http error 409 (conflict).I had reported this against verdaccio (verdaccio/verdaccio#1737), since yarn2 login works fine for registry.yarnpkg.com. However, this was before I realized that new users may be created without problems.
To Reproduce
I'm sorry that I don't see like I could provide the repro with Sherlock :-(
1 You would have to install verdaccio, globally or locally, with yarn or npm and run it like this
[yarn run] verdaccio -c conf.yml
with this conf.yml:2 Furthermore I save this as .yarnrc.yml (you'd have to correct yarnPath, obviously)
3 Execute
yarn npm login
two times - the first will succeed, the second fail with a message like this:Environment if relevant (please complete the following information):
The text was updated successfully, but these errors were encountered: