fix: Incorrect authorization prefix for basic auth, and undocumented env var (#454)

Co-authored-by: Gavin King <gavin.king@cgi.com>
Co-authored-by: Antoine du Hamel <duhamelantoine1995@gmail.com>

Author: 3 people

sources/httpUtils.ts

@@ -16,27 +16,25 @@ async function fetch(input: string | URL, init?: RequestInit) {
     input = new URL(input);
 
   let headers = init?.headers;
-  const {username, password} = input;
+
+  const username: string | undefined = input.username ?? process.env.COREPACK_NPM_USERNAME;
+  const password: string | undefined = input.password ?? process.env.COREPACK_NPM_PASSWORD;
+
   if (username || password) {
     headers =  {
       ...headers,
-      authorization: `Bearer ${Buffer.from(`${username}:${password}`).toString(`base64`)}`,
+      authorization: `Basic ${Buffer.from(`${username}:${password}`).toString(`base64`)}`,
     };
+
     input.username = input.password = ``;
-  } else if (input.origin === process.env.COREPACK_NPM_REGISTRY || DEFAULT_NPM_REGISTRY_URL) {
-    if (process.env.COREPACK_NPM_TOKEN) {
-      headers =  {
-        ...headers,
-        authorization: `Bearer ${process.env.COREPACK_NPM_TOKEN}`,
-      };
-    } else if (`COREPACK_NPM_PASSWORD` in process.env) {
-      headers =  {
-        ...headers,
-        authorization: `Bearer ${Buffer.from(`${process.env.COREPACK_NPM_USER}:${process.env.COREPACK_NPM_PASSWORD}`).toString(`base64`)}`,
-      };
-    }
   }
 
+  if (input.origin === (process.env.COREPACK_NPM_REGISTRY || DEFAULT_NPM_REGISTRY_URL) && process.env.COREPACK_NPM_TOKEN) {
+    headers =  {
+      ...headers,
+      authorization: `Bearer ${process.env.COREPACK_NPM_TOKEN}`,
+    };
+  }
 
   let response;
   try {

tests/_registryServer.mjs

@@ -67,7 +67,8 @@ function generateVersionMetadata(packageName, version) {
 
 const server = createServer((req, res) => {
   const auth = req.headers.authorization;
-  if (!auth?.startsWith(`Bearer `) || Buffer.from(auth.slice(`Bearer `.length), `base64`).toString() !== `user:pass`) {
+
+  if (auth?.startsWith(`Basic `) && Buffer.from(auth.slice(`Basic `.length), `base64`).toString() !== `user:pass`) {
     res.writeHead(401).end(`Unauthorized`);
     return;
   }
@@ -163,7 +164,7 @@ switch (process.env.AUTH_TYPE) {
 
   case `COREPACK_NPM_PASSWORD`:
     process.env.COREPACK_NPM_REGISTRY = `http://${address.includes(`:`) ? `[${address}]` : address}:${port}`;
-    process.env.COREPACK_NPM_USER = `user`;
+    process.env.COREPACK_NPM_USERNAME = `user`;
     process.env.COREPACK_NPM_PASSWORD = `pass`;
     break;