Merge pull request #97 from bufferoverflow/feat/remove-legacy-mode

dlouzan · web-flow · commit 7aa11b1e42dd · 2019-11-19T17:20:26.000+01:00
feat: get rid of legacy mode
diff --git a/README.md b/README.md
@@ -17,11 +17,6 @@ the following:
 
 > This is experimental!
 
-## Gitlab Version Compatibility
-
-- If `legacy_mode: false` or undefined (default mode): Gitlab 11.2+
-- If `legacy_mode: true`: Gitlab 9.0+
-
 ## Use it
 
 You need at least node version 8.x.x, codename **carbon**.
@@ -91,18 +86,14 @@ yarn publish --registry http://localhost:4873
 
 ## Access Levels
 
-Access and publish access rights depend on the mode used.
+Access and publish access rights are mapped following the rules below.
 
 verdaccio-gitlab access control will only be applied to package sections that
 are marked with `gitlab: true` as in the configuration sample above. If you
 wish to disable gitlab authentication to any package config, just remove the
 element from the config.
 
-### Normal Mode (default)
-
-In normal mode, packages are available:
-
-#### Access
+### Access
 
 *access* is allowed depending on the following verdaccio `package` configuration
 directives:
@@ -114,7 +105,7 @@ directives:
 Please note that no group or package name mapping is applied on access, any
 user successfully authenticated can access all packages.
 
-#### Publish
+### Publish
 
 *publish* is allowed if the package name matches the logged in user
   id, if the package name or scope of the package matches one of the
@@ -137,11 +128,6 @@ For instance, assuming the following configuration:
   - `@group3/project`
   - error if the user tries to publish any package under `@group2/**`
 
-### Legacy Mode
-
-If using the legacy mode, the system behaves as in normal mode with
-fixed configuration `auth.gitlab.publish` = `$owner`
-
 ## Configuration Options
 
 The full set of configuration options is:
@@ -153,7 +139,6 @@ auth:
     authCache:
       enabled: <boolean>
       ttl: <integer>
-    legacy_mode: <boolean>
     publish: <string>
 ```
 
@@ -163,8 +148,7 @@ auth:
 | `url` | `<empty>` | url | mandatory, the url of the gitlab server |
 | `authCache: enabled` | `true` | boolean | activate in-memory authentication cache |
 | `authCache: ttl` | `300` (`0`=unlimited) | integer | time-to-live of entries in the authentication cache, in seconds |
-| `legacy_mode` | `false` | boolean | gitlab versions pre-11.2 do not support groups api queries based on access level; this enables the legacy behaviour of only allowing npm publish operations on groups where the logged in user has owner rights |
-| `publish` | `$maintainer` | [`$guest`, `$reporter`, `$developer`, `$maintainer`, `$owner`] | group minimum access level of the logged in user required for npm publish operations (does not apply in legacy mode) |
+| `publish` | `$maintainer` | [`$guest`, `$reporter`, `$developer`, `$maintainer`, `$owner`] | group minimum access level of the logged in user required for npm publish operations |
 <!-- markdownlint-enable MD013 -->
 
 ## Authentication Cache
diff --git a/src/gitlab.ts b/src/gitlab.ts
@@ -16,7 +16,6 @@ export type VerdaccioGitlabConfig = {
     enabled?: boolean;
     ttl?: number;
   };
-  legacy_mode?: boolean;
   publish?: VerdaccioGitlabAccessLevel;
 };
 
@@ -65,20 +64,16 @@ export default class VerdaccioGitLab implements VerdaccioGitLabPlugin {
       this.logger.info(`[gitlab] initialized auth cache with ttl: ${ttl} seconds`);
     }
 
-    if (this.config.legacy_mode) {
-      this.publishLevel = '$owner';
-      this.logger.info('[gitlab] legacy mode pre-gitlab v11.2 active, publish is only allowed to group owners');
-    } else {
-      this.publishLevel = '$maintainer';
-      if (this.config.publish) {
-        this.publishLevel = this.config.publish;
-      }
 
-      if (!Object.keys(ACCESS_LEVEL_MAPPING).includes(this.publishLevel)) {
-        throw Error(`[gitlab] invalid publish access level configuration: ${this.publishLevel}`);
-      }
-      this.logger.info(`[gitlab] publish control level: ${this.publishLevel}`);
+    this.publishLevel = '$maintainer';
+    if (this.config.publish) {
+      this.publishLevel = this.config.publish;
     }
+
+    if (!Object.keys(ACCESS_LEVEL_MAPPING).includes(this.publishLevel)) {
+      throw Error(`[gitlab] invalid publish access level configuration: ${this.publishLevel}`);
+    }
+    this.logger.info(`[gitlab] publish control level: ${this.publishLevel}`);
   }
 
   authenticate(user: string, password: string, cb: Callback) {
@@ -111,13 +106,8 @@ export default class VerdaccioGitLab implements VerdaccioGitLabPlugin {
         // Set the groups of an authenticated user, in normal mode:
         // - for access, depending on the package settings in verdaccio
         // - for publish, the logged in user id and all the groups they can reach as configured with access level `$auth.gitlab.publish`
-        //
-        // In legacy mode, the groups are:
-        // - for access, depending on the package settings in verdaccio
-        // - for publish, the logged in user id and all the groups they can reach as fixed `$auth.gitlab.publish` = `$owner`
-        const gitlabPublishQueryParams = this.config.legacy_mode
-          ? { owned: true }
-          : { min_access_level: publishLevelId };
+        const gitlabPublishQueryParams = { min_access_level: publishLevelId };
+
         // @ts-ignore
         this.logger.trace('[gitlab] querying gitlab user groups with params:', gitlabPublishQueryParams);
 
