Hi Guys, I still need to accept one time password which are coming from npm addresses. We have tried with Yishay white list that email but it didn't work for some reason. I have raised following issue in INFR [1]
[1] https://issues.apache.org/jira/browse/INFRA-24625 Thanks, Piotr sob., 2 kwi 2022 o 09:58 Yishay Weiss <yishayj...@hotmail.com> napisał(a): > The non-interactivity happens before ant, in publish.js. I ended up doing > it interactively on the CLI. > > Reading their docs [1]it looks like 2FA will be enforced at some point, so > we should aim IMO to work with that. Manually, I just switched the settings > to 2FA and then used my mobile authenticator to provide the OTP (I’ve > reverted it back to no 2FA). I could not get the automation token (which > I’ve generated) [2] to work. > > [1] Enrolling all npm publishers in enhanced login verification and next > steps for two-factor authentication enforcement | The GitHub Blog< > https://github.blog/2021-12-07-enrolling-npm-publishers-enhanced-login-verification-two-factor-authentication-enforcement/ > > > > [2] Creating and viewing access tokens | npm Docs (npmjs.com)< > https://docs.npmjs.com/creating-and-viewing-access-tokens#creating-access-tokens > > > > > From: Alex Harui<mailto:aha...@adobe.com.INVALID> > Sent: Friday, April 1, 2022 9:04 PM > To: dev@royale.apache.org<mailto:dev@royale.apache.org> > Subject: Re: NPM Credentials Problem Blocking Release > > Hi Yishay, > > All of my Royale stuff is on another old laptop and I won't have access to > it for another 7 days. > > It could be that Ant is not running in a mode that allows for a prompt. I > don't remember if we had OTP when publishing in the past. > > -Alex > > On 4/1/22, 10:51 AM, "Yishay Weiss" <yishayj...@hotmail.com> wrote: > > Thanks, they’re coming through now. > > Being new to npm publishing I have not been able to modify the ant > scripts to make this work. So any help would be appreciated. The script > fails on adduser [1]. > > I’ve tried adding an .npmrc file under royale-asjs with > > //registry.npmjs.org/:_authToken=<…> > > But that didn’t help. > > Any ideas? > > [1] > [exec] Publishing to NPM: @apache-royale/royale-js version: > 0.9.9... > [exec] info attempt registry request try #1 at 8:37:34 PM > [exec] http request PUT > https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fregistry.npmjs.org%2F-%2Fuser%2Forg.couchdb.user%3Aapache-royale-owner&data=04%7C01%7Caharui%40adobe.com%7C47bc1f20448e4405a53308da1407e7c7%7Cfa7b1b5a7b34438794aed2c178decee1%7C0%7C0%7C637844322683641253%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=qZz1dfVh7b0vEnRtDOolW1fN8RUpKzvQvlYL%2BianIcY%3D&reserved=0 > [exec] info attempt registry request try #1 at 8:37:35 PM > [exec] http request PUT > https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fregistry.npmjs.org%2F%40apache-royale%252froyale-js&data=04%7C01%7Caharui%40adobe.com%7C47bc1f20448e4405a53308da1407e7c7%7Cfa7b1b5a7b34438794aed2c178decee1%7C0%7C0%7C637844322683641253%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=GnR46nQQgvnX%2B%2BilSiYNefzPrz%2FiLC5KZg3o%2Bi%2B5%2B3Q%3D&reserved=0 > [exec] http 401 > https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fregistry.npmjs.org%2F-%2Fuser%2Forg.couchdb.user%3Aapache-royale-owner&data=04%7C01%7Caharui%40adobe.com%7C47bc1f20448e4405a53308da1407e7c7%7Cfa7b1b5a7b34438794aed2c178decee1%7C0%7C0%7C637844322683641253%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=qZz1dfVh7b0vEnRtDOolW1fN8RUpKzvQvlYL%2BianIcY%3D&reserved=0 > [exec] WARN notice Please use the one-time password (OTP) from > your authenticator application > [exec] WARN adduser Incorrect username or password > [exec] WARN adduser You can reset your account by visiting: > [exec] WARN adduser > [exec] WARN adduser > https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fnpmjs.org%2Fforgot&data=04%7C01%7Caharui%40adobe.com%7C47bc1f20448e4405a53308da1407e7c7%7Cfa7b1b5a7b34438794aed2c178decee1%7C0%7C0%7C637844322683641253%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=J4%2BiLN%2FedAJiTavC0obA3clNCiL0kl6IOlOar%2FnKqF0%3D&reserved=0 > [exec] WARN adduser > [exec] > C:\dev\release_royale\royale-asjs\npm\release-scripts\publish.js:52 > [exec] throw new Error(error); > [exec] ^ > [exec] > [exec] Error: Error: failed to authenticate: Could not > authenticate apache-royale-owner: bad otp : > -/user/org.couchdb.user:apache-royale-owner > [exec] at > C:\dev\release_royale\royale-asjs\npm\release-scripts\publish.js:52:14 > [exec] at > C:\dev\release_royale\royale-asjs\npm\release-scripts\node_modules\npm-registry-client\lib\adduser.js:125:14 > [exec] at > C:\dev\release_royale\royale-asjs\npm\release-scripts\node_modules\npm-registry-client\lib\adduser.js:73:16 > [exec] at f > (C:\dev\release_royale\royale-asjs\npm\release-scripts\node_modules\once\once.js:25:25) > [exec] at > C:\dev\release_royale\royale-asjs\npm\release-scripts\node_modules\npm-registry-client\lib\request.js:91:10 > [exec] at > C:\dev\release_royale\royale-asjs\npm\release-scripts\node_modules\npm-registry-client\lib\request.js:105:12 > [exec] at f > (C:\dev\release_royale\royale-asjs\npm\release-scripts\node_modules\once\once.js:25:25) > [exec] at RegClient.<anonymous> > (C:\dev\release_royale\royale-asjs\npm\release-scripts\node_modules\npm-registry-client\lib\request.js:324:12) > [exec] at Request._callback > (C:\dev\release_royale\royale-asjs\npm\release-scripts\node_modules\npm-registry-client\lib\request.js:216:14) > [exec] at Request.self.callback > (C:\dev\release_royale\royale-asjs\npm\release-scripts\node_modules\request\request.js:185:22) > [exec] at Request.emit (events.js:315:20) > [exec] at Request.<anonymous> > (C:\dev\release_royale\royale-asjs\npm\release-scripts\node_modules\request\request.js:1154:10) > [exec] at Request.emit (events.js:315:20) > [exec] at IncomingMessage.<anonymous> > (C:\dev\release_royale\royale-asjs\npm\release-scripts\node_modules\request\request.js:1076:12) > [exec] at Object.onceWrapper (events.js:421:28) > [exec] at IncomingMessage.emit (events.js:327:22) > > BUILD FAILED > C:\dev\release_royale\releasecandidate.xml:1363: exec returned: 1 > > From: Alex Harui<mailto:aha...@adobe.com.INVALID> > Sent: Friday, April 1, 2022 12:25 AM > To: dev@royale.apache.org<mailto:dev@royale.apache.org> > Subject: Re: NPM Credentials Problem Blocking Release > > Infra says the actual sender is not supp...@npmjs.com. They have > implemented a custom solution. Yishay, can you try again? > > Thanks, > -Alex > > On 3/31/22, 1:39 PM, "Alex Harui" <aha...@adobe.com.INVALID> wrote: > > Yeah, not sure why that didn't work. I'll email infra. > > On 3/31/22, 12:53 PM, "Harbs" <harbs.li...@gmail.com> wrote: > > I don’t know why it didn’t work. > > We should probably ask Infra. > > > On Mar 31, 2022, at 10:23 PM, Yishay Weiss < > yishayj...@hotmail.com> wrote: > > > > I thought Alex fixed it so it doesn’t need you to approve… > It’s expired and you should see a couple of more such messages. > > > > From: Harbs<mailto:harbs.li...@gmail.com> > > Sent: Thursday, March 31, 2022 10:06 PM > > To: Apache Royale Development<mailto:dev@royale.apache.org> > > Subject: Re: NPM Credentials Problem Blocking Release > > > > I approved and should have added it again to the allow list. > > > > It came through. If it expired already, try again. Hopefully > it’ll work... > > > >> On Mar 31, 2022, at 10:01 PM, Yishay Weiss < > yishayj...@hotmail.com> wrote: > >> > >> I just tried logging in, got the OTP sent message, but am > not seeing it in private. > >> > >> From: Alex Harui<mailto:aha...@adobe.com.INVALID> > >> Sent: Thursday, March 31, 2022 7:44 PM > >> To: dev@royale.apache.org<mailto:dev@royale.apache.org> > >> Subject: Re: NPM Credentials Problem Blocking Release > >> > >> OK, supp...@npmjs.com is now on the allow list. Yishay, > if you try to publish again, in theory the NPM messages will go straight to > private@. Let us know if that isn't happening. I'll try to look for > moderator messages but they often go to junk and I can't control settings > for my corporate email. > >> > >> FWIW, Here's a link to some doc on the EZMLM robot that > runs ASF mailing lists. > https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Funtroubled.org%2Fezmlm%2Fmanual%2F&data=04%7C01%7Caharui%40adobe.com%7C47bc1f20448e4405a53308da1407e7c7%7Cfa7b1b5a7b34438794aed2c178decee1%7C0%7C0%7C637844322683641253%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=uLzD96tz3sBhkMOvNdyDZ%2Fy7D4FWZmlXNkNMJFEimfI%3D&reserved=0 > >> > >> The command I sent was executed by sending an email to > private-allow-subscribe-support=npmjs....@royale.apache.org > >> Any list moderator can send to these sort of email > addresses and the robot will parse the address and execute a command. We > can subscribe and unsubscribe people, allow them to send and not receive, > get a list of all subscribers and more. > >> > >> HTH, > >> -Alex > >> > >> On 3/31/22, 8:44 AM, "Josh Tynjala" < > joshtynj...@bowlerhat.dev> wrote: > >> > >> Do it. > >> > >> -- > >> Josh Tynjala > >> Bowler Hat LLC < > https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fbowlerhat.dev%2F&data=04%7C01%7Caharui%40adobe.com%7C47bc1f20448e4405a53308da1407e7c7%7Cfa7b1b5a7b34438794aed2c178decee1%7C0%7C0%7C637844322683641253%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=qGYKjnY8ozbWgy89acmDDOkAZ63NmByrnmSW1DLLEXM%3D&reserved=0 > > > >> > >> > >> On Wed, Mar 30, 2022 at 11:24 PM Alex Harui > <aha...@adobe.com.invalid> > >> wrote: > >> > >>> Each mailing list has an "allow" subscriber list that is > different from > >>> the regular subscriber list. "allow" can send but can't > receive. The > >>> syntax can be extracted from the moderator emails. If we > get consensus to > >>> try it, I'll send the command. > >>> > >>> On 3/30/22, 11:17 PM, "Piotr Zarzycki" < > piotrzarzyck...@gmail.com> wrote: > >>> > >>> I don’t know how to whitelist that email but I will try > to figure it > >>> out > >>> soon. > >>> > >>> On Thu, 31 Mar 2022 at 06:06, Alex Harui > <aha...@adobe.com.invalid> > >>> wrote: > >>> > >>>> Yishay, maybe you can also be a moderator? It might also > be > >>> possible to > >>>> allow emails from npm without moderation. I don't > remember if we > >>> tried > >>>> that. It works on the other lists. There might be a > restriction on > >>>> private@. > >>>> > >>>> -Alex > >>>> > >>>> On 3/30/22, 7:55 PM, "Yishay Weiss" < > yishayj...@hotmail.com> wrote: > >>>> > >>>> Piotr, being the moderator, is receiving them but it’s > hard for > >>> me to > >>>> do anything from my side because I can’t login without a > OTP. > >>>> > >>>> I’m guessing we need to either create an automation > token, or > >>> change > >>>> the module settings to not require 2FA [1]. > >>>> > >>>> [1] Securely Automating npm publish with the New npm > Automation > >>> Tokens > >>>> - DEV Community< > >>>> > >>> > https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdev.to%2Fbnb%2Fsecurely-automating-npm-publish-with-the-new-npm-automation-tokens-oei&data=04%7C01%7Caharui%40adobe.com%7C47bc1f20448e4405a53308da1407e7c7%7Cfa7b1b5a7b34438794aed2c178decee1%7C0%7C0%7C637844322683641253%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=hAsQoFRmUHDC4x6Ch0ZNbJ7rQP%2BCXJ2%2B05BUnR49tS0%3D&reserved=0 > >>>>> > >>>> > >>>> From: Alex Harui<mailto:aha...@adobe.com.INVALID> > >>>> Sent: Tuesday, March 29, 2022 7:05 PM > >>>> To: dev@royale.apache.org<mailto:dev@royale.apache.org> > >>>> Cc: OmPrakash Muppirala<mailto:bigosma...@gmail.com> > >>>> Subject: Re: NPM Credentials Problem Blocking Release > >>>> > >>>> I get some emails from NPM to apache-royale-owner. I > can > >>> forward them > >>>> to private@royale.a.o if they aren't also going there. > >>>> > >>>> One has the subject: [npm] OTP for logging in to your > account: > >>>> apache-royale-owner > >>>> The other: Your npm password reset > >>>> > >>>> -Alex > >>>> > >>>> On 3/29/22, 3:37 AM, "Yishay Weiss" < > yishayj...@hotmail.com> > >>> wrote: > >>>> > >>>> Ok, looks like we’ve figured it out for now with a > temp > >>> password. > >>>> 2FA does not seem to be a requirement. We will update the > private > >>> list with > >>>> the new credentials when that’s ready. > >>>> > >>>> From: Piotr Zarzycki<mailto: > piotrzarzyck...@gmail.com> > >>>> Sent: Tuesday, March 29, 2022 11:18 AM > >>>> To: Apache Royale Development<mailto: > dev@royale.apache.org> > >>>> Cc: OmPrakash Muppirala<mailto:bigosma...@gmail.com > > > >>>> Subject: Re: NPM Credentials Problem Blocking > Release > >>>> > >>>> Yes it goes to private as I see... > >>>> > >>>> wt., 29 mar 2022 o 09:47 Yishay Weiss < > >>> yishayj...@hotmail.com> > >>>> napisał(a): > >>>> > >>>>> I’m not sure which email the new password gets sent to. > >>> Does it > >>>> go to > >>>>> priv...@royale.release.org<mailto: > >>> priv...@royale.release.org> ? > >>>>> > >>>>> Also, I see some npm requests to do 2FA which we have > >>> ignored. > >>>> It’s > >>>>> probably best to avoid that if possible to keep the > release > >>>> scriptable. > >>>>> > >>>>> @OmPrakash Muppirala<mailto:bigosma...@gmail.com>, are > >>> you the > >>>> one who > >>>>> set this up? Can you help out? > >>>>> > >>>>> Thanks. > >>>>> > >>>>> [exec] http request PUT > >>>>> > >>>> > >>> > https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fregistry.npmjs.org%2F-%2Fuser%2Forg.couchdb.user%3Aapache-royale-owner&data=04%7C01%7Caharui%40adobe.com%7C47bc1f20448e4405a53308da1407e7c7%7Cfa7b1b5a7b34438794aed2c178decee1%7C0%7C0%7C637844322683641253%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=qZz1dfVh7b0vEnRtDOolW1fN8RUpKzvQvlYL%2BianIcY%3D&reserved=0 > >>>>> [exec] info attempt registry request try #1 at > >>> 10:39:44 AM > >>>>> [exec] http request PUT > >>>>> > >>>> > >>> > https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fregistry.npmjs.org%2F%40apache-royale%252froyale-js&data=04%7C01%7Caharui%40adobe.com%7C47bc1f20448e4405a53308da1407e7c7%7Cfa7b1b5a7b34438794aed2c178decee1%7C0%7C0%7C637844322683641253%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=GnR46nQQgvnX%2B%2BilSiYNefzPrz%2FiLC5KZg3o%2Bi%2B5%2B3Q%3D&reserved=0 > >>>>> [exec] http 401 > >>>>> > >>>> > >>> > https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fregistry.npmjs.org%2F-%2Fuser%2Forg.couchdb.user%3Aapache-royale-owner&data=04%7C01%7Caharui%40adobe.com%7C47bc1f20448e4405a53308da1407e7c7%7Cfa7b1b5a7b34438794aed2c178decee1%7C0%7C0%7C637844322683641253%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=qZz1dfVh7b0vEnRtDOolW1fN8RUpKzvQvlYL%2BianIcY%3D&reserved=0 > >>>>> [exec] WARN notice Please check your email for a > >>> one-time > >>>> password > >>>>> (OTP) > >>>>> [exec] WARN adduser Incorrect username or password > >>>>> [exec] WARN adduser You can reset your account by > >>> visiting: > >>>>> [exec] WARN adduser > >>>>> [exec] WARN adduser > >>>> > >>> > https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fnpmjs.org%2Fforgot&data=04%7C01%7Caharui%40adobe.com%7C47bc1f20448e4405a53308da1407e7c7%7Cfa7b1b5a7b34438794aed2c178decee1%7C0%7C0%7C637844322683641253%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=J4%2BiLN%2FedAJiTavC0obA3clNCiL0kl6IOlOar%2FnKqF0%3D&reserved=0 > >>>>> [exec] WARN adduser > >>>>> [exec] > >>>>> > >>>> > C:\dev\release_royale\royale-asjs\npm\release-scripts\publish.js:51 > >>>>> [exec] throw new Error(error); > >>>>> [exec] ^ > >>>>> [exec] > >>>>> [exec] Error: Error: failed to authenticate: A One > >>> Time > >>>> Password > >>>>> (OTP) by email is required. : > >>>> -/user/org.couchdb.user:apache-royale-owner > >>>>> [exec] at > >>>>> > >>>> > >>> > C:\dev\release_royale\royale-asjs\npm\release-scripts\publish.js:51:14 > >>>>> [exec] at > >>>>> > >>>> > >>> > C:\dev\release_royale\royale-asjs\npm\release-scripts\node_modules\npm-registry-client\lib\adduser.js:125:14 > >>>>> [exec] at > >>>>> > >>>> > >>> > C:\dev\release_royale\royale-asjs\npm\release-scripts\node_modules\npm-registry-client\lib\adduser.js:73:16 > >>>>> [exec] at f > >>>>> > >>>> > >>> > (C:\dev\release_royale\royale-asjs\npm\release-scripts\node_modules\once\once.js:25:25) > >>>>> [exec] at > >>>>> > >>>> > >>> > C:\dev\release_royale\royale-asjs\npm\release-scripts\node_modules\npm-registry-client\lib\request.js:91:10 > >>>>> [exec] at > >>>>> > >>>> > >>> > C:\dev\release_royale\royale-asjs\npm\release-scripts\node_modules\npm-registry-client\lib\request.js:105:12 > >>>>> [exec] at f > >>>>> > >>>> > >>> > (C:\dev\release_royale\royale-asjs\npm\release-scripts\node_modules\once\once.js:25:25) > >>>>> [exec] at RegClient.<anonymous> > >>>>> > >>>> > >>> > (C:\dev\release_royale\royale-asjs\npm\release-scripts\node_modules\npm-registry-client\lib\request.js:324:12) > >>>>> [exec] at Request._callback > >>>>> > >>>> > >>> > (C:\dev\release_royale\royale-asjs\npm\release-scripts\node_modules\npm-registry-client\lib\request.js:216:14) > >>>>> [exec] at Request.self.callback > >>>>> > >>>> > >>> > (C:\dev\release_royale\royale-asjs\npm\release-scripts\node_modules\request\request.js:185:22) > >>>>> [exec] at Request.emit (events.js:315:20) > >>>>> [exec] at Request.<anonymous> > >>>>> > >>>> > >>> > (C:\dev\release_royale\royale-asjs\npm\release-scripts\node_modules\request\request.js:1154:10) > >>>>> [exec] at Request.emit (events.js:315:20) > >>>>> [exec] at IncomingMessage.<anonymous> > >>>>> > >>>> > >>> > (C:\dev\release_royale\royale-asjs\npm\release-scripts\node_modules\request\request.js:1076:12) > >>>>> [exec] at Object.onceWrapper (events.js:421:28) > >>>>> [exec] at IncomingMessage.emit (events.js:327:22) > >>>>> > >>>>> BUILD FAILED > >>>>> C:\dev\release_royale\releasecandidate.xml:1116: The > >>> following > >>>> error > >>>>> occurred while executing this line: > >>>>> C:\dev\release_royale\releasecandidate.xml:1400: exec > >>> returned: 1 > >>>>> > >>>>> Total time: 7 minutes 26 seconds > >>>>> > >>>>> > >>>> > >>>> -- > >>>> > >>>> Piotr Zarzycki > >>>> > >>>> > >>>> > >>>> -- > >>> > >>> Piotr Zarzycki > >>> > >>> > >> > > > > > > > -- Piotr Zarzycki