Skip to content
This repository was archived by the owner on Apr 4, 2025. It is now read-only.

fix(@schematics/update): Allow usage strict SSL configuration #838

Merged
merged 1 commit into from
May 14, 2018
Merged

fix(@schematics/update): Allow usage strict SSL configuration #838

merged 1 commit into from
May 14, 2018

Conversation

Brocco
Copy link
Contributor

@Brocco Brocco commented May 2, 2018
edited by filipesilva
Loading

@Brocco Brocco requested a review from clydin May 2, 2018 19:01
@Brocco Brocco requested a review from hansl as a code owner May 2, 2018 19:01
clydin
clydin previously approved these changes May 3, 2018
View reviewed changes
AlgoTrader
AlgoTrader reviewed May 8, 2018
View reviewed changes
packages/schematics/update/update/npm.ts
@@ -85,6 +85,7 @@ export function getNpmPackageJson(
return concat(
getNpmConfigOption('proxy'),
getNpmConfigOption('https-proxy'),
getNpmConfigOption('strict-ssl'),
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is getNpmConfigOption('strict-ssl') provides true default when strict-ssl is missing in config?

alvaro450
alvaro450 reviewed May 8, 2018
View reviewed changes
packages/schematics/update/update/npm.ts Outdated
@@ -95,6 +96,9 @@ export function getNpmPackageJson(
http: options[0],
https: options[1],
},
ssl: {
strict: options[2],
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This will give you the string value instead of the boolean. options[2] === 'true' would be more appropriate.

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Since npm-registry-client's config requires ssl.strict to be a boolean and npm's default config has strict-ssl set to true (https://docs.npmjs.com/misc/config#strict-ssl), the exec npm get strict-ssl in getNpmConfigOption function should yield true if not explicitly set.

options[2] === 'true' should suffice as @alvaro450 mentioned above.

@Brocco Brocco force-pushed the ng-update-ssl-fix branch from bb4b7b1 to 634156c Compare May 9, 2018 23:06
distributedlock
distributedlock approved these changes May 10, 2018
View reviewed changes
packages/schematics/update/update/npm.ts Outdated
@@ -95,6 +96,9 @@ export function getNpmPackageJson(
http: options[0],
https: options[1],
},
ssl: {
strict: options[2],
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Since npm-registry-client's config requires ssl.strict to be a boolean and npm's default config has strict-ssl set to true (https://docs.npmjs.com/misc/config#strict-ssl), the exec npm get strict-ssl in getNpmConfigOption function should yield true if not explicitly set.

options[2] === 'true' should suffice as @alvaro450 mentioned above.

clydin
clydin reviewed May 10, 2018
View reviewed changes
packages/schematics/update/update/npm.ts Outdated
@@ -101,6 +102,9 @@ export function getNpmPackageJson(
http: options[0],
https: options[1],
},
ssl: {
strict: options[2] === 'true',
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If it is undefined it should stay as undefined to pick up the default.

Copy link

@AlgoTrader AlgoTrader May 10, 2018
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

undefined will cause strict: false. strict is default to true. The key should go there only if strict is false

if(options[2]==='false') {
  opts = {...opts, {ssl: {strict: false}}}
}

ssl stuff should be maximally explicit

Copy link
Member

@clydin clydin May 10, 2018
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actually, undefined will cause it to be true. It is explicitly handled: https://github.com/npm/npm-registry-client/blob/latest/index.js#L32

However, there is not much downside to being explicit here as well. I'd probably go with something similar to the following:

...(options[2] === 'false' ? { strict: false } : (options[2] === 'true' ? { strict: true } : {})),

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Addressed and updated

@Brocco Brocco force-pushed the ng-update-ssl-fix branch from 634156c to 4b22870 Compare May 11, 2018 02:50
@hansl hansl merged commit 9859277 into angular:master May 14, 2018
@Brocco Brocco deleted the ng-update-ssl-fix branch May 14, 2018 21:15
@BaggersIO BaggersIO mentioned this pull request May 15, 2018
Closed
@Brocco Brocco mentioned this pull request May 15, 2018
Closed
@alexeagle alexeagle mentioned this pull request Sep 4, 2018
Closed
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@AlgoTrader AlgoTrader AlgoTrader approved these changes

@alvaro450 alvaro450 alvaro450 left review comments

@hansl hansl hansl approved these changes

@alexnoox alexnoox alexnoox approved these changes

@distributedlock distributedlock distributedlock approved these changes

@clydin clydin clydin approved these changes

Assignees
No one assigned
Labels
cla: yes
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
8 participants
@Brocco @hansl @AlgoTrader @alexnoox @alvaro450 @distributedlock @clydin @googlebot