verdaccio: Registered user can't login
Log-in Bug Hi Guys,
Maybe you can assist me regarding the following issue. I tried to find the solution but found nothing. Please review.
Verdaccio - 3.5.1.
-
When the existing user is trying to log in via npm, it gets an error “username is already registered”.
-
If I disable registration with option “max_users: -1” in config.yaml, then I get an error “maximum amount of users reached”.
Terminal output
$ npm login --registry=https://registry-npm.example.com
Username: test.user
Password:
Email: (this IS public) test@example.com
npm ERR! code E409
npm ERR! Registry returned 409 for PUT on https://registry-npm.example.com/-/user/org.couchdb.user:test.user: username is already registered
npm ERR! A complete log of this run can be found in:
npm ERR! /Users/test.user/.npm/_logs/2018-08-23T12_45_12_403Z-debug.log
$ npm login --registry=https://registry-npm.example.com
Username: test.user
Password:
Email: (this IS public)
Email: (this IS public) test@example.com
npm ERR! code E403
npm ERR! Registry returned 403 for PUT on https://registry-npm.example.com/-/user/org.couchdb.user:test.user: maximum amount of users reached
npm ERR! A complete log of this run can be found in:
npm ERR! /Users/test.user/.npm/_logs/2018-08-23T12_43_19_284Z-debug.log
Expected behavior
Log-in to Verdaccio server with a registered user.
Configuration File
web:
# WebUI is enabled as default, if you want to disable it, just uncomment this line
enable: true
title: Verdaccio NPM
logo: logo.png
auth:
htpasswd:
file: ./htpasswd
# Maximum amount of users allowed to register, defaults to "+inf".
# You can set this to -1 to disable registration.
max_users: -1
# a list of other known repositories we can talk to
uplinks:
npmjs:
url: https://registry.npmjs.org/
packages:
'@*/*':
# scoped packages
access: $authenticated
publish: $authenticated
proxy: npmjs
'**':
# allow all users (including non-authenticated users) to read and
# publish all packages
#
# you can specify usernames/groupnames (depending on your auth plugin)
# and three keywords: "$all", "$anonymous", "$authenticated"
access: $authenticated
# allow all known users to publish packages
# (anyone can register by default, remember?)
publish: $authenticated
# if package is not available locally, proxy requests to 'npmjs' registry
proxy: npmjs
# To use `npm audit` uncomment the following section
middlewares:
audit:
enabled: true
# log settings
logs:
- {type: stdout, format: pretty, level: http}
#- {type: file, path: verdaccio.log, level: info}
Debugging output
$ npm login --registry=https://registry-npm.example.com -ddd
npm info it worked if it ends with ok
npm verb cli [ '/usr/local/Cellar/node/10.9.0/bin/node',
npm verb cli '/usr/local/bin/npm',
npm verb cli 'login',
npm verb cli '--registry=https://registry-npm.example.com',
npm verb cli '-ddd' ]
npm info using npm@6.2.0
npm info using node@v10.9.0
npm verb config Skipping project config: /Users/test.user/.npmrc. (matches userconfig)
npm verb npm-session 821b0c437be02ea2
npm verb web login before first POST
npm http request → POST https://registry-npm.example.com/-/v1/login
npm http 404 ← Not Found (https://registry-npm.example.com/-/v1/login)
npm verb web login not supported, trying couch
Username: test.user
Password:
Email: (this IS public) test@example.com
npm verb login before first PUT { _id: 'org.couchdb.user:test.user',
npm verb login name: 'test.user',
npm verb login password: 'XXXXX',
npm verb login type: 'user',
npm verb login roles: [],
npm verb login date: '2018-08-23T13:02:26.562Z' }
npm http request → PUT https://registry-npm.example.com/-/user/org.couchdb.user:test.user
npm http 409 ← Conflict (https://registry-npm.example.com/-/user/org.couchdb.user:test.user)
npm http request → GET https://registry-npm.example.com/-/user/org.couchdb.user:test.user?write=true
npm http 200 ← OK (https://registry-npm.example.com/-/user/org.couchdb.user:test.user?write=true)
npm http request → PUT https://registry-npm.example.com/-/user/org.couchdb.user:test.user/-rev/undefined
npm http 409 ← Conflict (https://registry-npm.example.com/-/user/org.couchdb.user:test.user/-rev/undefined)
npm verb adduser before first PUT { _id: 'org.couchdb.user:test.user',
npm verb adduser name: 'test.user',
npm verb adduser password: 'XXXXX',
npm verb adduser email: '',
npm verb adduser type: 'user',
npm verb adduser roles: [],
npm verb adduser date: '2018-08-23T13:02:26.622Z' }
npm http request → PUT https://registry-npm.example.com/-/user/org.couchdb.user:test.user
npm http 409 ← Conflict (https://registry-npm.example.com/-/user/org.couchdb.user:test.user)
npm verb stack Error: Registry returned 409 for PUT on https://registry-npm.example.com/-/user/org.couchdb.user:test.user: username is already registered
npm verb stack at fetch.defaults.catch.then.then.result (/usr/local/lib/node_modules/npm/node_modules/npm-profile/index.js:376:13)
npm verb stack at process._tickCallback (internal/process/next_tick.js:68:7)
npm verb statusCode 409
npm verb cwd /Users/test.user
npm verb Darwin 17.6.0
npm verb argv "/usr/local/Cellar/node/10.9.0/bin/node" "/usr/local/bin/npm" "login" "--registry=https://registry-npm.example.com" "-ddd"
npm verb node v10.9.0
npm verb npm v6.2.0
npm ERR! code E409
npm ERR! Registry returned 409 for PUT on https://registry-npm.example.com/-/user/org.couchdb.user:test.user: username is already registered
npm verb exit [ 1, true ]
npm timing npm Completed in 17112ms
Temporary solution
Only possible to log-in with the registered user is allowed in config.yaml access and publish to all, anonymous.
access: $all, $anonymous
publish: $all
But it’s not secure.
About this issue
- Original URL
- State: closed
- Created 6 years ago
- Reactions: 5
- Comments: 32 (17 by maintainers)
Now I can do exactly what I need… create htpasswd manually and deploy verdaccio via Helm. My steps are:
Create a secret to contain the verdaccio.htpasswd identifying valid users.
I use the following stanzas in my Helm config file, verdaccio.yaml:
Then install verdaccio.
Please document this case in the sample configs, or maybe just link to this comment for the people installing via Helm?
Thanks, Michael.
@JayaKrishnaNamburu @DanielRuf I think we should handle it either via Discord chat or UI repo, here we are creating noise in a not related issue. I’m sure it is an easy fix.
Hi, @juanpicado. Here is my flow I run verdaccio with docker-compose, mounting
/verdaccio/confto my~/verdaccio/confdirectory. Then, inconfig.yamlI setmax_usersto -1 and add a single entry intohtpasswdfile. Then I start my container and try to runnpm loginsupplying credentials I specified inhtpasswdfile. It fails unless I provide my credentials via basic authorization.So, the question here is how do I get token without
npm login? Maybe I miss something from docs?My workaround for now is to create 2 users: one for basic auth, which cannot access or publish packages at all, and one for actually doing registry stuff. So my login process looks quite ridiculous =)
Then I pass login and can act as user2
If I miss something and there is a better way to deal with this situation I’d be happy to know the correct solution
UPDATE In fact, 1 user is enough since I can remove basic auth credentials from my repo’s
.npmrcfile but I’ll still have to provide these credentials onnpm lognviaregistryoption@ayusharma thank you for quick reply =) In addition to my post, if in
.npmrcI setregistry=http://user:password@localhost:4873thennpm loginworks like a charm. BTW, have to admit that the error 409 is quite confusing, it’d rather be 401 since this is authorization problemPS using verdaccio version 3.8.5
@bodz1lla @cara Please reopen the issue if you are still facing the problem. I am not able to reproduce it.