[rubygems/rubygems] Display mfa warnings on gem signin

https://github.com/rubygems/rubygems/commit/4dc77b7099

Co-authored-by: Jenny Shen <jenny.shen@shopify.com>

2 files changed, 33 insertions, 16 deletions

diff --git a/lib/rubygems/gemcutter_utilities.rb b/lib/rubygems/gemcutter_utilities.rb
index 1eeb341bb8..c46650afb1 100644
--- a/lib/rubygems/gemcutter_utilities.rb
+++ b/lib/rubygems/gemcutter_utilities.rb
@@ -163,8 +163,12 @@ module Gem::GemcutterUtilities
 
     key_name     = get_key_name(scope)
     scope_params = get_scope_params(scope)
-    mfa_params   = get_mfa_params(email, password)
+    profile      = get_user_profile(email, password)
+    mfa_params   = get_mfa_params(profile)
     all_params   = scope_params.merge(mfa_params)
+    warning      = profile["warning"]
+
+    say "#{warning}\n" if warning
 
     response = rubygems_api_request(:post, "api/v1/api_key",
                                     sign_in_host, scope: scope) do |request|
@@ -273,29 +277,28 @@ module Gem::GemcutterUtilities
     self.host == Gem::DEFAULT_HOST
   end
 
-  def get_mfa_params(email, password)
+  def get_user_profile(email, password)
     return {} unless default_host?
 
-    mfa_level = get_user_mfa_level(email, password)
-    params = {}
-    if mfa_level == "ui_only" || mfa_level == "ui_and_gem_signin"
-      selected = ask_yes_no("Would you like to enable MFA for this key? (strongly recommended)")
-      params["mfa"] = true if selected
-    end
-    params
-  end
-
-  def get_user_mfa_level(email, password)
     response = rubygems_api_request(:get, "api/v1/profile/me.yaml") do |request|
       request.basic_auth email, password
     end
 
     with_response response do |resp|
-      body = Gem::SafeYAML.load clean_text(resp.body)
-      body["mfa"]
+      Gem::SafeYAML.load clean_text(resp.body)
     end
   end
 
+  def get_mfa_params(profile)
+    mfa_level = profile["mfa"]
+    params = {}
+    if mfa_level == "ui_only" || mfa_level == "ui_and_gem_signin"
+      selected = ask_yes_no("Would you like to enable MFA for this key? (strongly recommended)")
+      params["mfa"] = true if selected
+    end
+    params
+  end
+
   def get_key_name(scope)
     hostname = Socket.gethostname || "unknown-host"
     user = ENV["USER"] || ENV["USERNAME"] || "unknown-user"
diff --git a/test/rubygems/test_gem_commands_signin_command.rb b/test/rubygems/test_gem_commands_signin_command.rb
index 0f8e478840..ce745bff20 100644
--- a/test/rubygems/test_gem_commands_signin_command.rb
+++ b/test/rubygems/test_gem_commands_signin_command.rb
@@ -159,6 +159,20 @@ class TestGemCommandsSigninCommand < Gem::TestCase
     assert_equal api_key, credentials[:rubygems_api_key]
   end
 
+  def test_execute_with_warnings
+    email     = "you@example.com"
+    password  = "secret"
+    api_key   = "1234"
+    fetcher   = Gem::RemoteFetcher.fetcher
+    mfa_level = "disabled"
+    warning   = "/[WARNING/] For protection of your account and gems"
+
+    key_name_ui = Gem::MockGemUi.new "#{email}\n#{password}\ntest-key\n\ny\n\n\n\n\n\ny"
+    util_capture(key_name_ui, nil, api_key, fetcher, mfa_level, warning) { @cmd.execute }
+
+    assert_match warning, key_name_ui.output
+  end
+
   def test_execute_on_gemserver_without_profile_me_endpoint
     host = "http://some-gemcutter-compatible-host.org"
 
@@ -193,10 +207,10 @@ class TestGemCommandsSigninCommand < Gem::TestCase
 
   # Utility method to capture IO/UI within the block passed
 
-  def util_capture(ui_stub = nil, host = nil, api_key = nil, fetcher = Gem::FakeFetcher.new, mfa_level = "disabled")
+  def util_capture(ui_stub = nil, host = nil, api_key = nil, fetcher = Gem::FakeFetcher.new, mfa_level = "disabled", warning = nil)
     api_key        ||= "a5fdbb6ba150cbb83aad2bb2fede64cf040453903"
     response         = [api_key, 200, "OK"]
-    profile_response = [ "mfa: #{mfa_level}\n" , 200, "OK"]
+    profile_response = [ "mfa: #{mfa_level}\nwarning: #{warning}" , 200, "OK"]
     email            = "you@example.com"
     password         = "secret"