lib/rubygems/gemcutter_utilities.rb in rubygems-update-3.3.10 vs lib/rubygems/gemcutter_utilities.rb in rubygems-update-3.3.11

@@ -161,16 +161,18 @@
     password = ask_for_password "Password: "
     say "\n"
 
     key_name     = get_key_name(scope)
     scope_params = get_scope_params(scope)
+    mfa_params   = get_mfa_params(email, password)
+    all_params   = scope_params.merge(mfa_params)
 
     response = rubygems_api_request(:post, "api/v1/api_key",
                                     sign_in_host, scope: scope) do |request|
       request.basic_auth email, password
       request["OTP"] = otp if otp
-      request.body = URI.encode_www_form({ name: key_name }.merge(scope_params))
+      request.body = URI.encode_www_form({ name: key_name }.merge(all_params))
     end
 
     with_response response do |resp|
       say "Signed in with API key: #{key_name}."
       set_api_key host, resp.body
@@ -217,11 +219,11 @@
   ##
   # Returns true when the user has enabled multifactor authentication from
   # +response+ text and no otp provided by options.
 
   def set_api_key(host, key)
-    if host == Gem::DEFAULT_HOST
+    if default_host?
       Gem.configuration.rubygems_api_key = key
     else
       Gem.configuration.set_api_key host, key
     end
   end
@@ -241,11 +243,11 @@
     say 'You have enabled multi-factor authentication. Please enter OTP code.'
     options[:otp] = ask 'Code: '
   end
 
   def pretty_host(host)
-    if Gem::DEFAULT_HOST == host
+    if default_host?
       'RubyGems.org'
     else
       host
     end
   end
@@ -256,16 +258,43 @@
     if scope
       scope_params = { scope => true }
     else
       say "Please select scopes you want to enable for the API key (y/n)"
       API_SCOPES.each do |scope|
-        selected = ask "#{scope} [y/N]: "
-        scope_params[scope] = true if selected =~ /^[yY](es)?$/
+        selected = ask_yes_no("#{scope}", false)
+        scope_params[scope] = true if selected
       end
       say "\n"
     end
 
     scope_params
+  end
+
+  def default_host?
+    self.host == Gem::DEFAULT_HOST
+  end
+
+  def get_mfa_params(email, password)
+    return {} unless default_host?
+
+    mfa_level = get_user_mfa_level(email, password)
+    params = {}
+    if mfa_level == "ui_only" || mfa_level == "ui_and_gem_signin"
+      selected = ask_yes_no("Would you like to enable MFA for this key? (strongly recommended)")
+      params["mfa"] = true if selected
+    end
+    params
+  end
+
+  def get_user_mfa_level(email, password)
+    response = rubygems_api_request(:get, "api/v1/profile/me.yaml") do |request|
+      request.basic_auth email, password
+    end
+
+    with_response response do |resp|
+      body = Gem::SafeYAML.load clean_text(resp.body)
+      body["mfa"]
+    end
   end
 
   def get_key_name(scope)
     hostname = Socket.gethostname || "unknown-host"
     user = ENV["USER"] || ENV["USERNAME"] || "unknown-user"