Authentication with Artifactory Online (private npm) doesn't work about cli HOT 11 CLOSED

@pvdlg is there other way to debug this?

Artifactory Version 6.16.0
Latest Release: 6.17.0

We're having a hard time debugging this on our end.

[2020-02-29T03:27:23.969Z] npm ERR! code E401

[2020-02-29T03:27:23.969Z] npm ERR! Unable to authenticate, need: Basic realm="Artifactory Realm"

[2020-02-29T03:27:23.969Z] 

[2020-02-29T03:27:23.969Z] npm ERR! A complete log of this run can be found in:
[2020-02-29T03:27:23.970Z]   exitCode: 1,

[2020-02-29T03:27:23.970Z]   signal: undefined,

[2020-02-29T03:27:23.970Z]   signalDescription: undefined,

It was working before 15.13.24 of semantic-release.

from cli.

I guess if the registry defined by the user on the first question is not the default npm one, the CLI should ask, something like "Does your registry require legacy auth?". If the user answer yes then yes we should ask the email in addition of the username and password that we already ask.

And also skip the step to get the token.

from cli.

The very very large majority of users will use the default npm registry, and therefore use a token auth.
So as long as we ask this question only to users who do not use the default registry, that's seems good!

from cli.

+1 - I'm experiencing the same problem.

from cli.

Same problem here, any reply from the maintainer at least?

from cli.

+1

from cli.

Allowing the 204 code seems to get me through, but then I got 400 from JFrog 4.7.1 trying to publish.

@@ -95,7 +95,7 @@

   function done (token, cb) {
     return function (error, data, json, response) {
-      if (!error && (!response || response.statusCode === 201)) {
+      if (!error && (!response || response.statusCode === 201 || response.statusCode == 204)) {
         return cb(error, data, json, response)
       }

from cli.

Additional info in semantic-release/semantic-release#300

from cli.

Reading the related issue, it seems that semantic-release supports publishing by setting 'NPM_USERNAME', 'NPM_PASSWORD' and 'NPM_EMAIL'. Does that mean that the CLI should set these three env vars on the CI? If so:

• How should the CLI determine Artifactory NPM? I don't want to ask an extra question in all cases. Maybe an explicit command line switch?
• What should the CLI ask the user? username/password/email?

from cli.

How should the CLI determine Artifactory NPM? By URL?

Not sure it's possible as:

• Artifactory can be behind any URL
• Only the Artifactory version < 5.4 require NPM_USERNAME, NPM_PASSWORD and NPM_EMAIL. More recent version support NPM_TOKEN
• There might be other npm compatible registry out there that require the legacy auth

What should the CLI ask the user? username/password/email?

I guess if the registry defined by the user on the first question is not the default npm one, the CLI should ask, something like "Does your registry require legacy auth?". If the user answer yes then yes we should ask the email in addition of the username and password that we already ask.

from cli.

? Select the authentication method for the selected npm registry:
> Token based
  Legacy

from cli.