auth-app.js icon indicating copy to clipboard operation
auth-app.js copied to clipboard

Published 20 hours ago verified publisher icon octokit

Add private key validation check for multiline string content

Open reza-ebrahimi opened this issue 2 years ago • 5 comments
trafficstars

Add private key validation check for multi-line string content specifically when set using environment variables as multi-line string.

Discussion (Thanks to @gr2m ): https://github.com/gr2m/universal-github-app-jwt/issues/71

Resolves #465 #71

Behavior

Before the change?

Failing due to passing multiline string to environment variables, See https://github.com/octokit/auth-app.js/issues/465#issuecomment-1564998327

Pull request checklist

  • [x] Tests for the changes have been added (for bug fixes / features)
  • [ ] Docs have been reviewed and added / updated if needed (for bug fixes / features)
  • [ ] Added the appropriate label for the given change

Does this introduce a breaking change?

Please see our docs on breaking changes to help!

  • [ ] Yes (Please add the Type: Breaking change label)
  • [x] No

If Yes, what's the impact:

  • N/A

Pull request type

Please add the corresponding label for change this PR introduces:

  • [x] Bugfix: Type: Bug
  • [ ] Feature/model/API additions: Type: Feature
  • [ ] Updates to docs or samples: Type: Documentation
  • [ ] Dependencies/code cleanup: Type: Maintenance

reza-ebrahimi avatar May 27 '23 11:05 reza-ebrahimi

There is already a test for this case: https://github.com/reza-ebrahimi/auth-app.js/blob/pk_check_multiline_string/test/index.test.ts#L105

test("throws if incomplete Private Key is provided", async () => {
  const auth = createAppAuth({
    appId: APP_ID,
    privateKey: "-----BEGIN RSA PRIVATE KEY-----",
  });

  await expect(auth({ type: "app" })).rejects.toEqual(
    new Error(
      "The 'privateKey` option contains only the first line '-----BEGIN RSA PRIVATE KEY-----'. If you are setting it using a `.env` file, make sure it is set on a single line with newlines replaced by '\n'"
    )
  );
});

reza-ebrahimi avatar May 27 '23 11:05 reza-ebrahimi

Change the check logic from regex to a multi-step check function since the regex doesn't support some edge cases like -----BEGIN RSA PRIVATE KEY-----.

reza-ebrahimi avatar May 27 '23 14:05 reza-ebrahimi

There is already a test for this case

Ha, what do you know 🤣

I think we should

  1. Implement this fix in https://github.com/gr2m/universal-github-app-jwt
  2. Remove the special error handling from this library

Do you see any reason not to do it this way?

gr2m avatar May 27 '23 22:05 gr2m

@reza-ebrahimi I'd like to bring this up again. Do you have the inclination to make the fix in gr2m/universal-github-app-jwt?

kfcampbell avatar Oct 17 '23 20:10 kfcampbell

@kfcampbell I'm not working on this for a long time, feel free to push this code in gr2m/universal-github-app-jwt or close it.

reza-ebrahimi avatar Oct 18 '23 10:10 reza-ebrahimi