search

n4bb12 / verdaccio-github-oauth-ui

📦🔐 GitHub OAuth plugin for Verdaccio
https://verdaccio.org
MIT License
74 stars 45 forks source link

Plug-in breaks htpasswd authentication #17

Closed ghost closed 5 years ago

ghost commented 5 years ago

Bug Report

Versions

Version
verdaccio 3.11.6
verdaccio-github-oauth-ui 1.7.0

Expected behavior

If Github cannot authenticate the user, Verdaccio should try the next configured authentication plug-in.

Observed behaviour

This plug-in raises an error and the user is denied access despite having valid htpasswd credentials.

Steps to reproduce

  1. Configure Verdaccio with both htpasswd and Github authentication
  2. Attempt to access the registry with valid htpasswd credentials
  3. Observe the error thrown by JSON.parse in Verdaccio's log

My diagnosis

A quick scan of the code leads me to suspect that calls to GithubOauthUiPlugin.denied should be replaced with 'null' values.

n4bb12 commented 5 years ago

For reference:

n4bb12 commented 5 years ago

Fixed in https://github.com/n4bb12/verdaccio-github-oauth-ui/releases/tag/1.7.3 🎉

The plugin now passes null as error when authentication fails. It looks like the error paramter is reserved for non-recoverable errors and is not intended to be used for authentication feedback.

Thanks for reporting and for the hint!

Please be aware that the UI login form is modified by this plugin and there is currently no way of logging in on the UI with username and password using this plugin.