fix: add otplease for enable-2fa, disable-2fa, access (#8228)

reggi · wraithgar · web-flow · commit 8669d0931abd · 2025-05-07T08:56:08.000-07:00
The `profile enable-2fa` and `profile disable-2fa` commands a broken. This fixes them by wrapping the calls in `otplease` which handles error headers / prompts with tfa urls. Closes: #8192 --------- Co-authored-by: Gar <gar+gh@danger.computer>
diff --git a/lib/commands/access.js b/lib/commands/access.js
@@ -116,11 +116,15 @@ class Access extends BaseCommand {
   }
 
   async #grant (permissions, scope, pkg) {
-    await libnpmaccess.setPermissions(scope, pkg, permissions, this.npm.flatOptions)
+    await otplease(this.npm, this.npm.flatOptions, async (opts) => {
+      await libnpmaccess.setPermissions(scope, pkg, permissions, opts)
+    })
   }
 
   async #revoke (scope, pkg) {
-    await libnpmaccess.removePermissions(scope, pkg, this.npm.flatOptions)
+    await otplease(this.npm, this.npm.flatOptions, async (opts) => {
+      await libnpmaccess.removePermissions(scope, pkg, opts)
+    })
   }
 
   async #listPackages (owner, pkg) {
diff --git a/lib/commands/profile.js b/lib/commands/profile.js
@@ -222,6 +222,8 @@ class Profile extends BaseCommand {
   }
 
   async enable2fa (args) {
+    const conf = { ...this.npm.flatOptions }
+
     if (args.length > 1) {
       throw new Error('npm profile enable-2fa [auth-and-writes|auth-only]')
     }
@@ -244,9 +246,16 @@ class Profile extends BaseCommand {
       )
     }
 
+    const userInfo = await get(conf)
+
+    if (!userInfo?.tfa?.pending && userInfo?.tfa?.mode === mode) {
+      output.standard('Two factor authentication is already enabled and set to ' + mode)
+      return
+    }
+
     const info = {
       tfa: {
-        mode: mode,
+        mode,
       },
     }
 
@@ -296,25 +305,15 @@ class Profile extends BaseCommand {
     const password = await readUserInfo.password()
     info.tfa.password = password
 
-    log.info('profile', 'Determine if tfa is pending')
-    const userInfo = await get({ ...this.npm.flatOptions })
-
-    const conf = { ...this.npm.flatOptions }
     if (userInfo && userInfo.tfa && userInfo.tfa.pending) {
       log.info('profile', 'Resetting two-factor authentication')
       await set({ tfa: { password, mode: 'disable' } }, conf)
-    } else if (userInfo && userInfo.tfa) {
-      if (!conf.otp) {
-        conf.otp = await readUserInfo.otp(
-          'Enter one-time password: '
-        )
-      }
     }
 
     log.info('profile', 'Setting two-factor authentication to ' + mode)
-    const challenge = await set(info, conf)
+    const challenge = await otplease(this.npm, conf, o => set(info, o))
 
-    if (challenge.tfa === null) {
+    if (challenge.tfa && challenge.tfa.mode) {
       output.standard('Two factor authentication mode changed to: ' + mode)
       return
     }
@@ -358,8 +357,8 @@ class Profile extends BaseCommand {
   }
 
   async disable2fa () {
-    const conf = { ...this.npm.flatOptions }
-    const info = await get(conf)
+    const opts = { ...this.npm.flatOptions }
+    const info = await get(opts)
 
     if (!info.tfa || info.tfa.pending) {
       output.standard('Two factor authentication not enabled.')
@@ -368,14 +367,8 @@ class Profile extends BaseCommand {
 
     const password = await readUserInfo.password()
 
-    if (!conf.otp) {
-      const msg = 'Enter one-time password: '
-      conf.otp = await readUserInfo.otp(msg)
-    }
-
     log.info('profile', 'disabling tfa')
-
-    await set({ tfa: { password: password, mode: 'disable' } }, conf)
+    await otplease(this.npm, opts, o => set({ tfa: { password: password, mode: 'disable' } }, o))
 
     if (this.npm.config.get('json')) {
       output.buffer({ tfa: false })
diff --git a/test/lib/commands/profile.js b/test/lib/commands/profile.js

Original file line number	Diff line number	Diff line change
`@@ -116,11 +116,15 @@ class Access extends BaseCommand {`
`116`	`116`	`}`
`117`	`117`
`118`	`118`	`async #grant (permissions, scope, pkg) {`
`119`		`- await libnpmaccess.setPermissions(scope, pkg, permissions, this.npm.flatOptions)`
	`119`	`+ await otplease(this.npm, this.npm.flatOptions, async (opts) => {`
	`120`	`+ await libnpmaccess.setPermissions(scope, pkg, permissions, opts)`
	`121`	`+ })`
`120`	`122`	`}`
`121`	`123`
`122`	`124`	`async #revoke (scope, pkg) {`
`123`		`- await libnpmaccess.removePermissions(scope, pkg, this.npm.flatOptions)`
	`125`	`+ await otplease(this.npm, this.npm.flatOptions, async (opts) => {`
	`126`	`+ await libnpmaccess.removePermissions(scope, pkg, opts)`
	`127`	`+ })`
`124`	`128`	`}`
`125`	`129`
`126`	`130`	`async #listPackages (owner, pkg) {`