Module: Gem::GemcutterUtilities

Includes:
Text
Included in:
Commands::OwnerCommand, Commands::PushCommand, Commands::SigninCommand, Commands::YankCommand, WebauthnPoller
Defined in:
lib/rubygems/gemcutter_utilities.rb,
lib/rubygems/gemcutter_utilities/webauthn_poller.rb,
lib/rubygems/gemcutter_utilities/webauthn_listener.rb,
lib/rubygems/gemcutter_utilities/webauthn_listener/response.rb

Overview

The WebauthnListener Response class is used by the WebauthnListener to create responses to be sent to the Gem host. It creates a Net::HTTPResponse instance when initialized and can be converted to the appropriate format to be sent by a socket using ‘to_s`. Net::HTTPResponse instances cannot be directly sent over a socket.

Types of response classes:

- OkResponse
- NoContentResponse
- BadRequestResponse
- NotFoundResponse
- MethodNotAllowedResponse

Example usage:

server = TCPServer.new(0)
socket = server.accept

response = OkResponse.for("https://rubygems.example")
socket.print response.to_s
socket.close

Defined Under Namespace

Classes: WebauthnListener, WebauthnPoller

Constant Summary collapse

ERROR_CODE = 
1
API_SCOPES = 
[:index_rubygems, :push_rubygem, :yank_rubygem, :add_owner, :remove_owner, :access_webhooks, :show_dashboard].freeze

Instance Attribute Summary collapse

Instance Method Summary collapse

Methods included from Text

#clean_text, #format_text, #levenshtein_distance, #min3, #truncate_text

Instance Attribute Details

#hostObject

The host to connect to either from the RUBYGEMS_HOST environment variable or from the user’s configuration



68
69
70
71
72
73
74
75
76
77
78
79
 
# File 'lib/rubygems/gemcutter_utilities.rb', line 68

def host
  configured_host = Gem.host unless
    Gem.configuration.disable_default_gem_server

  @host ||=
    begin
      env_rubygems_host = ENV["RUBYGEMS_HOST"]
      env_rubygems_host = nil if env_rubygems_host&.empty?

      env_rubygems_host || configured_host
    end
end

#scope=(value) ⇒ Object (writeonly)

Sets the attribute scope

Parameters:

  • value

    the value to set the attribute scope to.



18
19
20
 
# File 'lib/rubygems/gemcutter_utilities.rb', line 18

def scope=(value)
  @scope = value
end

Instance Method Details

#add_key_optionObject

Add the –key option



23
24
25
26
27
28
29
 
# File 'lib/rubygems/gemcutter_utilities.rb', line 23

def add_key_option
  add_option("-k", "--key KEYNAME", Symbol,
             "Use the given API key",
             "from #{Gem.configuration.credentials_path}") do |value,options|
    options[:key] = value
  end
end

#add_otp_optionObject

Add the –otp option



34
35
36
37
38
39
40
 
# File 'lib/rubygems/gemcutter_utilities.rb', line 34

def add_otp_option
  add_option("--otp CODE",
             "Digit code for multifactor authentication",
             "You can also use the environment variable GEM_HOST_OTP_CODE") do |value, options|
    options[:otp] = value
  end
end

#api_keyObject

The API key from the command options or from the user’s configuration.



45
46
47
48
49
50
51
52
53
54
55
 
# File 'lib/rubygems/gemcutter_utilities.rb', line 45

def api_key
  if ENV["GEM_HOST_API_KEY"]
    ENV["GEM_HOST_API_KEY"]
  elsif options[:key]
    verify_api_key options[:key]
  elsif Gem.configuration.api_keys.key?(host)
    Gem.configuration.api_keys[host]
  else
    Gem.configuration.rubygems_api_key
  end
end

#mfa_unauthorized?(response) ⇒ Boolean

Returns:

  • (Boolean) 


121
122
123
 
# File 'lib/rubygems/gemcutter_utilities.rb', line 121

def mfa_unauthorized?(response)
  response.is_a?(Net::HTTPUnauthorized) && response.body.start_with?("You have enabled multifactor authentication")
end

#otpObject

The OTP code from the command options or from the user’s configuration.



60
61
62
 
# File 'lib/rubygems/gemcutter_utilities.rb', line 60

def otp
  options[:otp] || ENV["GEM_HOST_OTP_CODE"]
end

#rubygems_api_request(method, path, host = nil, allowed_push_host = nil, scope: nil, credentials: {}, &block) ⇒ Object

Creates an RubyGems API to host and path with the given HTTP method.

If allowed_push_host metadata is present, then it will only allow that host.



86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
 
# File 'lib/rubygems/gemcutter_utilities.rb', line 86

def rubygems_api_request(method, path, host = nil, allowed_push_host = nil, scope: nil, credentials: {}, &block)
  require "net/http"

  self.host = host if host
  unless self.host
    alert_error "You must specify a gem server"
    terminate_interaction(ERROR_CODE)
  end

  if allowed_push_host
    allowed_host_uri = URI.parse(allowed_push_host)
    host_uri         = URI.parse(self.host)

    unless (host_uri.scheme == allowed_host_uri.scheme) && (host_uri.host == allowed_host_uri.host)
      alert_error "#{self.host.inspect} is not allowed by the gemspec, which only allows #{allowed_push_host.inspect}"
      terminate_interaction(ERROR_CODE)
    end
  end

  uri = URI.parse "#{self.host}/#{path}"
  response = request_with_otp(method, uri, &block)

  if mfa_unauthorized?(response)
    fetch_otp(credentials)
    response = request_with_otp(method, uri, &block)
  end

  if api_key_forbidden?(response)
    update_scope(scope)
    request_with_otp(method, uri, &block)
  else
    response
  end
end

#set_api_key(host, key) ⇒ Object

Returns true when the user has enabled multifactor authentication from response text and no otp provided by options.



236
237
238
239
240
241
242
 
# File 'lib/rubygems/gemcutter_utilities.rb', line 236

def set_api_key(host, key)
  if default_host?
    Gem.configuration.rubygems_api_key = key
  else
    Gem.configuration.set_api_key host, key
  end
end

#sign_in(sign_in_host = nil, scope: nil) ⇒ Object

Signs in with the RubyGems API at sign_in_host and sets the rubygems API key.



151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
 
# File 'lib/rubygems/gemcutter_utilities.rb', line 151

def ( = nil, scope: nil)
   ||= host
  return if api_key

  pretty_host = pretty_host()

  say "Enter your #{pretty_host} credentials."
  say "Don't have an account yet? " \
      "Create one at #{}/sign_up"

  email = ask "   Email: "
  password = ask_for_password "Password: "
  say "\n"

  key_name     = get_key_name(scope)
  scope_params = get_scope_params(scope)
  profile      = (email, password)
  mfa_params   = get_mfa_params(profile)
  all_params   = scope_params.merge(mfa_params)
  warning      = profile["warning"]
  credentials  = { email: email, password: password }

  say "#{warning}\n" if warning

  response = rubygems_api_request(:post, "api/v1/api_key",
                                  , credentials: credentials, scope: scope) do |request|
    request.basic_auth email, password
    request["OTP"] = otp if otp
    request.body = URI.encode_www_form({ name: key_name }.merge(all_params))
  end

  with_response response do |resp|
    say "Signed in with API key: #{key_name}."
    set_api_key host, resp.body
  end
end

#update_scope(scope) ⇒ Object 



125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
 
# File 'lib/rubygems/gemcutter_utilities.rb', line 125

def update_scope(scope)
          = host
  pretty_host         = pretty_host()
  update_scope_params = { scope => true }

  say "The existing key doesn't have access of #{scope} on #{pretty_host}. Please sign in to update access."

  email    = ask "   Email: "
  password = ask_for_password "Password: "

  response = rubygems_api_request(:put, "api/v1/api_key",
                                  , scope: scope) do |request|
    request.basic_auth email, password
    request["OTP"] = otp if otp
    request.body = URI.encode_www_form({ :api_key => api_key }.merge(update_scope_params))
  end

  with_response response do |_resp|
    say "Added #{scope} scope to the existing API key"
  end
end

#verify_api_key(key) ⇒ Object

Retrieves the pre-configured API key key or terminates interaction with an error.



192
193
194
195
196
197
198
199
 
# File 'lib/rubygems/gemcutter_utilities.rb', line 192

def verify_api_key(key)
  if Gem.configuration.api_keys.key? key
    Gem.configuration.api_keys[key]
  else
    alert_error "No such API key. Please add it to your configuration (done automatically on initial `gem push`)."
    terminate_interaction(ERROR_CODE)
  end
end

#with_response(response, error_prefix = nil) ⇒ Object

If response is an HTTP Success (2XX) response, yields the response if a block was given or shows the response body to the user.

If the response was not successful, shows an error to the user including the error_prefix and the response body. If the response was a permanent redirect, shows an error to the user including the redirect location.



209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
 
# File 'lib/rubygems/gemcutter_utilities.rb', line 209

def with_response(response, error_prefix = nil)
  case response
  when Net::HTTPSuccess then
    if block_given?
      yield response
    else
      say clean_text(response.body)
    end
  when Net::HTTPPermanentRedirect, Net::HTTPRedirection then
    message = "The request has redirected permanently to #{response["location"]}. Please check your defined push host URL."
    message = "#{error_prefix}: #{message}" if error_prefix

    say clean_text(message)
    terminate_interaction(ERROR_CODE)
  else
    message = response.body
    message = "#{error_prefix}: #{message}" if error_prefix

    say clean_text(message)
    terminate_interaction(ERROR_CODE)
  end
end