eas-cli 2.3.0 → 2.4.1

package/build/uploads.d.ts

@@ -1,8 +1,9 @@
 import { Response } from 'node-fetch';
+import { ExpoGraphqlClient } from './commandUtils/context/contextUtils/createGraphqlClient';
 import { UploadSessionType } from './graphql/generated';
 import { PresignedPost } from './graphql/mutations/UploadSessionMutation';
 import { ProgressHandler } from './utils/progress';
-export declare function uploadFileAtPathToS3Async(type: UploadSessionType, path: string, handleProgressEvent: ProgressHandler): Promise<{
+export declare function uploadFileAtPathToS3Async(graphqlClient: ExpoGraphqlClient, type: UploadSessionType, path: string, handleProgressEvent: ProgressHandler): Promise<{
     url: string;
     bucketKey: string;
 }>;

package/build/uploads.js

@@ -10,8 +10,8 @@ const promise_retry_1 = tslib_1.__importDefault(require("promise-retry"));
 const url_1 = require("url");
 const fetch_1 = tslib_1.__importDefault(require("./fetch"));
 const UploadSessionMutation_1 = require("./graphql/mutations/UploadSessionMutation");
-async function uploadFileAtPathToS3Async(type, path, handleProgressEvent) {
-    const presignedPost = await UploadSessionMutation_1.UploadSessionMutation.createUploadSessionAsync(type);
+async function uploadFileAtPathToS3Async(graphqlClient, type, path, handleProgressEvent) {
+    const presignedPost = await UploadSessionMutation_1.UploadSessionMutation.createUploadSessionAsync(graphqlClient, type);
     (0, assert_1.default)(presignedPost.fields.key, 'key is not specified in in presigned post');
     const response = await uploadWithPresignedPostWithProgressAsync(path, presignedPost, handleProgressEvent);
     const location = (0, nullthrows_1.default)(response.headers.get('location'), `location does not exist in response headers (make sure you're uploading to AWS S3)`);

package/build/user/SessionManager.d.ts

@@ -0,0 +1,70 @@
+import { CurrentUserQuery } from '../graphql/generated';
+export declare enum UserSecondFactorDeviceMethod {
+    AUTHENTICATOR = "authenticator",
+    SMS = "sms"
+}
+declare type LoggedInAuthenticationInfo = {
+    accessToken: string;
+    sessionSecret: null;
+} | {
+    accessToken: null;
+    sessionSecret: string;
+};
+declare type Actor = NonNullable<CurrentUserQuery['meActor']>;
+export default class SessionManager {
+    private currentUser;
+    getAccessToken(): string | null;
+    getSessionSecret(): string | null;
+    private getSession;
+    private setSessionAsync;
+    logoutAsync(): Promise<void>;
+    getUserAsync(): Promise<Actor | undefined>;
+    /**
+     * Ensure that there is a logged-in actor. Show a login prompt if not.
+     *
+     * @param nonInteractive whether the log-in prompt if logged-out should be interactive
+     * @returns logged-in Actor
+     */
+    ensureLoggedInAsync({ nonInteractive, }: {
+        nonInteractive: boolean;
+    }): Promise<{
+        actor: Actor;
+        authenticationInfo: LoggedInAuthenticationInfo;
+    }>;
+    /**
+     * Prompt the user to log in.
+     *
+     * @deprecated Should not be used outside of context functions, except in the AccountLogin command.
+     */
+    showLoginPromptAsync({ nonInteractive, printNewLine, }?: {
+        nonInteractive?: boolean | undefined;
+        printNewLine?: boolean | undefined;
+    }): Promise<void>;
+    private loginAsync;
+    /**
+     * Prompt for an OTP with the option to cancel the question by answering empty (pressing return key).
+     */
+    private promptForOTPAsync;
+    /**
+     * Prompt for user to choose a backup OTP method. If selected method is SMS, a request
+     * for a new OTP will be sent to that method. Then, prompt for the OTP, and retry the user login.
+     */
+    private promptForBackupOTPAsync;
+    /**
+     * Handle the special case error indicating that a second-factor is required for
+     * authentication.
+     *
+     * There are three cases we need to handle:
+     * 1. User's primary second-factor device was SMS, OTP was automatically sent by the server to that
+     *    device already. In this case we should just prompt for the SMS OTP (or backup code), which the
+     *    user should be receiving shortly. We should give the user a way to cancel and the prompt and move
+     *    to case 3 below.
+     * 2. User's primary second-factor device is authenticator. In this case we should prompt for authenticator
+     *    OTP (or backup code) and also give the user a way to cancel and move to case 3 below.
+     * 3. User doesn't have a primary device or doesn't have access to their primary device. In this case
+     *    we should show a picker of the SMS devices that they can have an OTP code sent to, and when
+     *    the user picks one we show a prompt() for the sent OTP.
+     */
+    private retryUsernamePasswordAuthWithOTPAsync;
+}
+export {};

package/build/user/SessionManager.js

@@ -0,0 +1,258 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.UserSecondFactorDeviceMethod = void 0;
+const tslib_1 = require("tslib");
+const json_file_1 = tslib_1.__importDefault(require("@expo/json-file"));
+const core_1 = require("@oclif/core");
+const assert_1 = tslib_1.__importDefault(require("assert"));
+const chalk_1 = tslib_1.__importDefault(require("chalk"));
+const nullthrows_1 = tslib_1.__importDefault(require("nullthrows"));
+const ApiV2Error_1 = require("../ApiV2Error");
+const Analytics = tslib_1.__importStar(require("../analytics/rudderstackClient"));
+const api_1 = require("../api");
+const createGraphqlClient_1 = require("../commandUtils/context/contextUtils/createGraphqlClient");
+const UserQuery_1 = require("../graphql/queries/UserQuery");
+const log_1 = tslib_1.__importStar(require("../log"));
+const prompts_1 = require("../prompts");
+const paths_1 = require("../utils/paths");
+const User_1 = require("./User");
+const fetchSessionSecretAndUser_1 = require("./fetchSessionSecretAndUser");
+var UserSecondFactorDeviceMethod;
+(function (UserSecondFactorDeviceMethod) {
+    UserSecondFactorDeviceMethod["AUTHENTICATOR"] = "authenticator";
+    UserSecondFactorDeviceMethod["SMS"] = "sms";
+})(UserSecondFactorDeviceMethod = exports.UserSecondFactorDeviceMethod || (exports.UserSecondFactorDeviceMethod = {}));
+class SessionManager {
+    getAccessToken() {
+        var _a;
+        return (_a = process.env.EXPO_TOKEN) !== null && _a !== void 0 ? _a : null;
+    }
+    getSessionSecret() {
+        var _a, _b;
+        return (_b = (_a = this.getSession()) === null || _a === void 0 ? void 0 : _a.sessionSecret) !== null && _b !== void 0 ? _b : null;
+    }
+    getSession() {
+        var _a, _b;
+        try {
+            return (_b = (_a = json_file_1.default.read((0, paths_1.getStateJsonPath)())) === null || _a === void 0 ? void 0 : _a.auth) !== null && _b !== void 0 ? _b : null;
+        }
+        catch (error) {
+            if (error.code === 'ENOENT') {
+                return null;
+            }
+            throw error;
+        }
+    }
+    async setSessionAsync(sessionData) {
+        await json_file_1.default.setAsync((0, paths_1.getStateJsonPath)(), 'auth', sessionData, {
+            default: {},
+            ensureDir: true,
+        });
+    }
+    async logoutAsync() {
+        this.currentUser = undefined;
+        await this.setSessionAsync(undefined);
+    }
+    async getUserAsync() {
+        if (!this.currentUser && (this.getAccessToken() || this.getSessionSecret())) {
+            const authenticationInfo = {
+                accessToken: this.getAccessToken(),
+                sessionSecret: this.getSessionSecret(),
+            };
+            const user = await UserQuery_1.UserQuery.currentUserAsync((0, createGraphqlClient_1.createGraphqlClient)(authenticationInfo));
+            this.currentUser = user !== null && user !== void 0 ? user : undefined;
+            if (user) {
+                await Analytics.setUserDataAsync(user.id, {
+                    username: (0, User_1.getActorDisplayName)(user),
+                    user_id: user.id,
+                    user_type: user.__typename,
+                });
+            }
+        }
+        return this.currentUser;
+    }
+    /**
+     * Ensure that there is a logged-in actor. Show a login prompt if not.
+     *
+     * @param nonInteractive whether the log-in prompt if logged-out should be interactive
+     * @returns logged-in Actor
+     */
+    async ensureLoggedInAsync({ nonInteractive, }) {
+        let actor;
+        try {
+            actor = await this.getUserAsync();
+        }
+        catch { }
+        if (!actor) {
+            log_1.default.warn('An Expo user account is required to proceed.');
+            await this.showLoginPromptAsync({ nonInteractive, printNewLine: true });
+            actor = await this.getUserAsync();
+        }
+        const accessToken = this.getAccessToken();
+        const authenticationInfo = accessToken
+            ? {
+                accessToken,
+                sessionSecret: null,
+            }
+            : {
+                accessToken: null,
+                sessionSecret: (0, nullthrows_1.default)(this.getSessionSecret()),
+            };
+        return { actor: (0, nullthrows_1.default)(actor), authenticationInfo };
+    }
+    /**
+     * Prompt the user to log in.
+     *
+     * @deprecated Should not be used outside of context functions, except in the AccountLogin command.
+     */
+    async showLoginPromptAsync({ nonInteractive = false, printNewLine = false, } = {}) {
+        if (nonInteractive) {
+            core_1.Errors.error(`Either log in with ${chalk_1.default.bold('eas login')} or set the ${chalk_1.default.bold('EXPO_TOKEN')} environment variable if you're using EAS CLI on CI (${(0, log_1.learnMore)('https://docs.expo.dev/accounts/programmatic-access/', { dim: false })})`);
+        }
+        if (printNewLine) {
+            log_1.default.newLine();
+        }
+        log_1.default.log('Log in to EAS');
+        const { username, password } = await (0, prompts_1.promptAsync)([
+            {
+                type: 'text',
+                name: 'username',
+                message: 'Email or username',
+            },
+            {
+                type: 'password',
+                name: 'password',
+                message: 'Password',
+            },
+        ]);
+        try {
+            await this.loginAsync({
+                username,
+                password,
+            });
+        }
+        catch (e) {
+            if (e instanceof ApiV2Error_1.ApiV2Error && e.expoApiV2ErrorCode === 'ONE_TIME_PASSWORD_REQUIRED') {
+                await this.retryUsernamePasswordAuthWithOTPAsync(username, password, e.expoApiV2ErrorMetadata);
+            }
+            else {
+                throw e;
+            }
+        }
+    }
+    async loginAsync(input) {
+        const { sessionSecret, id, username } = await (0, fetchSessionSecretAndUser_1.fetchSessionSecretAndUserAsync)(input);
+        await this.setSessionAsync({
+            sessionSecret,
+            userId: id,
+            username,
+            currentConnection: 'Username-Password-Authentication',
+        });
+    }
+    /**
+     * Prompt for an OTP with the option to cancel the question by answering empty (pressing return key).
+     */
+    async promptForOTPAsync(cancelBehavior) {
+        const enterMessage = cancelBehavior === 'cancel'
+            ? `press ${chalk_1.default.bold('Enter')} to cancel`
+            : `press ${chalk_1.default.bold('Enter')} for more options`;
+        const { otp } = await (0, prompts_1.promptAsync)({
+            type: 'text',
+            name: 'otp',
+            message: `One-time password or backup code (${enterMessage}):`,
+        });
+        if (!otp) {
+            return null;
+        }
+        return otp;
+    }
+    /**
+     * Prompt for user to choose a backup OTP method. If selected method is SMS, a request
+     * for a new OTP will be sent to that method. Then, prompt for the OTP, and retry the user login.
+     */
+    async promptForBackupOTPAsync(username, password, secondFactorDevices) {
+        const nonPrimarySecondFactorDevices = secondFactorDevices.filter(device => !device.is_primary);
+        if (nonPrimarySecondFactorDevices.length === 0) {
+            throw new Error('No other second-factor devices set up. Ensure you have set up and certified a backup device.');
+        }
+        const hasAuthenticatorSecondFactorDevice = nonPrimarySecondFactorDevices.find(device => device.method === UserSecondFactorDeviceMethod.AUTHENTICATOR);
+        const smsNonPrimarySecondFactorDevices = nonPrimarySecondFactorDevices.filter(device => device.method === UserSecondFactorDeviceMethod.SMS);
+        const authenticatorChoiceSentinel = -1;
+        const cancelChoiceSentinel = -2;
+        const deviceChoices = smsNonPrimarySecondFactorDevices.map((device, idx) => ({
+            title: device.sms_phone_number,
+            value: idx,
+        }));
+        if (hasAuthenticatorSecondFactorDevice) {
+            deviceChoices.push({
+                title: 'Authenticator',
+                value: authenticatorChoiceSentinel,
+            });
+        }
+        deviceChoices.push({
+            title: 'Cancel',
+            value: cancelChoiceSentinel,
+        });
+        const selectedValue = await (0, prompts_1.selectAsync)('Select a second-factor device:', deviceChoices);
+        if (selectedValue === cancelChoiceSentinel) {
+            return null;
+        }
+        else if (selectedValue === authenticatorChoiceSentinel) {
+            return await this.promptForOTPAsync('cancel');
+        }
+        const device = smsNonPrimarySecondFactorDevices[selectedValue];
+        // this is a logged-out endpoint
+        const apiV2Client = new api_1.ApiV2Client({ accessToken: null, sessionSecret: null });
+        await apiV2Client.postAsync('auth/send-sms-otp', {
+            body: {
+                username,
+                password,
+                secondFactorDeviceID: device.id,
+            },
+        });
+        return await this.promptForOTPAsync('cancel');
+    }
+    /**
+     * Handle the special case error indicating that a second-factor is required for
+     * authentication.
+     *
+     * There are three cases we need to handle:
+     * 1. User's primary second-factor device was SMS, OTP was automatically sent by the server to that
+     *    device already. In this case we should just prompt for the SMS OTP (or backup code), which the
+     *    user should be receiving shortly. We should give the user a way to cancel and the prompt and move
+     *    to case 3 below.
+     * 2. User's primary second-factor device is authenticator. In this case we should prompt for authenticator
+     *    OTP (or backup code) and also give the user a way to cancel and move to case 3 below.
+     * 3. User doesn't have a primary device or doesn't have access to their primary device. In this case
+     *    we should show a picker of the SMS devices that they can have an OTP code sent to, and when
+     *    the user picks one we show a prompt() for the sent OTP.
+     */
+    async retryUsernamePasswordAuthWithOTPAsync(username, password, metadata) {
+        const { secondFactorDevices, smsAutomaticallySent } = metadata;
+        (0, assert_1.default)(secondFactorDevices !== undefined && smsAutomaticallySent !== undefined, `Malformed OTP error metadata: ${metadata}`);
+        const primaryDevice = secondFactorDevices.find(device => device.is_primary);
+        let otp = null;
+        if (smsAutomaticallySent) {
+            (0, assert_1.default)(primaryDevice, 'OTP should only automatically be sent when there is a primary device');
+            log_1.default.log(`One-time password was sent to the phone number ending in ${primaryDevice.sms_phone_number}.`);
+            otp = await this.promptForOTPAsync('menu');
+        }
+        if ((primaryDevice === null || primaryDevice === void 0 ? void 0 : primaryDevice.method) === UserSecondFactorDeviceMethod.AUTHENTICATOR) {
+            log_1.default.log('One-time password from authenticator required.');
+            otp = await this.promptForOTPAsync('menu');
+        }
+        // user bailed on case 1 or 2, wants to move to case 3
+        if (!otp) {
+            otp = await this.promptForBackupOTPAsync(username, password, secondFactorDevices);
+        }
+        if (!otp) {
+            throw new Error('Cancelled login');
+        }
+        await this.loginAsync({
+            username,
+            password,
+            otp,
+        });
+    }
+}
+exports.default = SessionManager;

package/build/user/User.d.ts

@@ -1,6 +1,4 @@
 import { CurrentUserQuery } from '../graphql/generated';
-import { getAccessToken, getSessionSecret } from './sessionStorage';
-export { getSessionSecret, getAccessToken };
 export declare type Actor = NonNullable<CurrentUserQuery['meActor']>;
 /**
  * Resolve the name of the actor, either normal user or robot user.
@@ -8,10 +6,3 @@ export declare type Actor = NonNullable<CurrentUserQuery['meActor']>;
  * The display name CANNOT be used as project owner.
  */
 export declare function getActorDisplayName(user?: Actor): string;
-export declare function getUserAsync(): Promise<Actor | undefined>;
-export declare function loginAsync({ username, password, otp, }: {
-    username: string;
-    password: string;
-    otp?: string;
-}): Promise<void>;
-export declare function logoutAsync(): Promise<void>;

package/build/user/User.js

@@ -1,16 +1,6 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.logoutAsync = exports.loginAsync = exports.getUserAsync = exports.getActorDisplayName = exports.getAccessToken = exports.getSessionSecret = void 0;
-const tslib_1 = require("tslib");
-const graphql_tag_1 = tslib_1.__importDefault(require("graphql-tag"));
-const Analytics = tslib_1.__importStar(require("../analytics/rudderstackClient"));
-const api_1 = require("../api");
-const client_1 = require("../graphql/client");
-const UserQuery_1 = require("../graphql/queries/UserQuery");
-const sessionStorage_1 = require("./sessionStorage");
-Object.defineProperty(exports, "getAccessToken", { enumerable: true, get: function () { return sessionStorage_1.getAccessToken; } });
-Object.defineProperty(exports, "getSessionSecret", { enumerable: true, get: function () { return sessionStorage_1.getSessionSecret; } });
-let currentUser;
+exports.getActorDisplayName = void 0;
 /**
  * Resolve the name of the actor, either normal user or robot user.
  * This should be used whenever the "current user" needs to be displayed.
@@ -27,52 +17,3 @@ function getActorDisplayName(user) {
     }
 }
 exports.getActorDisplayName = getActorDisplayName;
-async function getUserAsync() {
-    if (!currentUser && ((0, sessionStorage_1.getAccessToken)() || (0, sessionStorage_1.getSessionSecret)())) {
-        const user = await UserQuery_1.UserQuery.currentUserAsync();
-        currentUser = user !== null && user !== void 0 ? user : undefined;
-        if (user) {
-            await Analytics.setUserDataAsync(user.id, {
-                username: getActorDisplayName(user),
-                user_id: user.id,
-                user_type: user.__typename,
-            });
-        }
-    }
-    return currentUser;
-}
-exports.getUserAsync = getUserAsync;
-async function loginAsync({ username, password, otp, }) {
-    const body = await api_1.api.postAsync('auth/loginAsync', { body: { username, password, otp } });
-    const { sessionSecret } = body.data;
-    const result = await client_1.graphqlClient
-        .query((0, graphql_tag_1.default) `
-        query UserQuery {
-          viewer {
-            id
-            username
-          }
-        }
-      `, {}, {
-        fetchOptions: {
-            headers: {
-                'expo-session': sessionSecret,
-            },
-        },
-        additionalTypenames: [] /* UserQuery has immutable fields */,
-    })
-        .toPromise();
-    const { data } = result;
-    await (0, sessionStorage_1.setSessionAsync)({
-        sessionSecret,
-        userId: data.viewer.id,
-        username: data.viewer.username,
-        currentConnection: 'Username-Password-Authentication',
-    });
-}
-exports.loginAsync = loginAsync;
-async function logoutAsync() {
-    currentUser = undefined;
-    await (0, sessionStorage_1.setSessionAsync)(undefined);
-}
-exports.logoutAsync = logoutAsync;

package/build/user/fetchSessionSecretAndUser.d.ts

@@ -0,0 +1,9 @@
+export declare function fetchSessionSecretAndUserAsync({ username, password, otp, }: {
+    username: string;
+    password: string;
+    otp?: string;
+}): Promise<{
+    sessionSecret: string;
+    id: string;
+    username: string;
+}>;

package/build/user/fetchSessionSecretAndUser.js

@@ -0,0 +1,43 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.fetchSessionSecretAndUserAsync = void 0;
+const tslib_1 = require("tslib");
+const graphql_tag_1 = tslib_1.__importDefault(require("graphql-tag"));
+const api_1 = require("../api");
+const createGraphqlClient_1 = require("../commandUtils/context/contextUtils/createGraphqlClient");
+async function fetchSessionSecretAndUserAsync({ username, password, otp, }) {
+    // this is a logged-out endpoint
+    const apiV2Client = new api_1.ApiV2Client({
+        accessToken: null,
+        sessionSecret: null,
+    });
+    const body = await apiV2Client.postAsync('auth/loginAsync', {
+        body: { username, password, otp },
+    });
+    const { sessionSecret } = body.data;
+    const graphqlClient = (0, createGraphqlClient_1.createGraphqlClient)({ accessToken: null, sessionSecret: null });
+    const result = await graphqlClient
+        .query((0, graphql_tag_1.default) `
+        query UserQuery {
+          viewer {
+            id
+            username
+          }
+        }
+      `, {}, {
+        fetchOptions: {
+            headers: {
+                'expo-session': sessionSecret,
+            },
+        },
+        additionalTypenames: [] /* UserQuery has immutable fields */,
+    })
+        .toPromise();
+    const { data } = result;
+    return {
+        sessionSecret,
+        id: data.viewer.id,
+        username: data.viewer.username,
+    };
+}
+exports.fetchSessionSecretAndUserAsync = fetchSessionSecretAndUserAsync;

package/build/utils/statuspageService.d.ts

@@ -1,2 +1,3 @@
+import { ExpoGraphqlClient } from '../commandUtils/context/contextUtils/createGraphqlClient';
 import { StatuspageServiceName } from '../graphql/generated';
-export declare function maybeWarnAboutEasOutagesAsync(serviceNames: StatuspageServiceName[]): Promise<void>;
+export declare function maybeWarnAboutEasOutagesAsync(graphqlClient: ExpoGraphqlClient, serviceNames: StatuspageServiceName[]): Promise<void>;

package/build/utils/statuspageService.js

@@ -6,8 +6,8 @@ const chalk_1 = tslib_1.__importDefault(require("chalk"));
 const generated_1 = require("../graphql/generated");
 const StatuspageServiceQuery_1 = require("../graphql/queries/StatuspageServiceQuery");
 const log_1 = tslib_1.__importStar(require("../log"));
-async function maybeWarnAboutEasOutagesAsync(serviceNames) {
-    const services = await getStatuspageServiceAsync(serviceNames);
+async function maybeWarnAboutEasOutagesAsync(graphqlClient, serviceNames) {
+    const services = await getStatuspageServiceAsync(graphqlClient, serviceNames);
     for (const service of services) {
         warnAboutServiceOutage(service);
     }
@@ -31,9 +31,9 @@ function warnAboutServiceOutage(service) {
     log_1.default.warn(`All information on service status and incidents available at ${(0, log_1.link)('https://status.expo.dev/')}.`);
     log_1.default.newLine();
 }
-async function getStatuspageServiceAsync(serviceNames) {
+async function getStatuspageServiceAsync(graphqlClient, serviceNames) {
     try {
-        return await StatuspageServiceQuery_1.StatuspageServiceQuery.statuspageServicesAsync(serviceNames);
+        return await StatuspageServiceQuery_1.StatuspageServiceQuery.statuspageServicesAsync(graphqlClient, serviceNames);
     }
     catch {
         return [];