@cimpress/simple-auth-wrapper - npm Package Compare versions

Comparing version 6.6.1 to 7.0.0

CHANGELOG.md

 # Changelog
 
+## 7.0 (2020-11-02)
+
+isLoggedIn method will now return false if it is within the expirationOffset period.  Previously it would return true if the token had not expired, but you were within the offset period. 
+
 ## 6.6.X (2020-05-14)
@@ -4,0 +8,0 @@ Added a check to see if the user's token is expired when the browser tab gains focus.  This is because the expiration timer is often times unreliable when the user's browser is asleep. A `checkExpirationOnFocus` option was added to the `centralizedAuth` options that

lib/centralizedauth.js

@@ -129,3 +129,2 @@ 'use strict';
 // Check whether the current time is past the access token's expiry time.
-// This method ignores the expiration offset option.
 
@@ -244,3 +243,3 @@
       var expiresAt = JSON.parse(localStorage.getItem('expires_at'));
-      return new Date().getTime() < expiresAt;
+      return new Date().getTime() < expiresAt - _this.expirationOffset * 1000;
     } catch (e) {
@@ -247,0 +246,0 @@ return false;

package.json

 {
   "name": "@cimpress/simple-auth-wrapper",
-  "version": "6.6.1",
+  "version": "7.0.0",
   "description": "A simple utility class to wrap basic Auth0 functionality",
@@ -9,3 +9,4 @@ "main": "lib/index.js",
     "version": "gulp version",
-    "lib": "gulp"
+    "lib": "gulp",
+    "preinstall": "npx npm-force-resolutions"
   },
@@ -36,3 +37,6 @@ "repository": {
     "jest-plugin-clock": "^2.9.0"
+  },
+  "resolutions": {
+    "graceful-fs": "^4.2.4"
   }
 }

src/centralizedauth.js

@@ -50,3 +50,3 @@ import Auth0 from 'auth0-js';
   //   lockWidgetOptions (optional, see defaults in newLockWidget)
-  constructor(options) {
+  constructor (options) {
     merge(this, DEFAULT_OPTIONS, options);
@@ -150,6 +150,6 @@ this.redirectUri = window.location.origin + this.redirectRoute;
   listenToStorage = (e) => {
-    switch(e.key) {
+    switch (e.key) {
       // TODO: add storage namespace option (e.g. "expires_at" -> "saw:expires_at") apps will likely break this wrapper's
       // behavior if they use any of the localStorage keys this wrapper relies on
-      case 'expires_at': 
+      case 'expires_at':
         // check to see if it's being removed or not
@@ -171,7 +171,6 @@ if (e.newValue) {
   // Check whether the current time is past the access token's expiry time.
-  // This method ignores the expiration offset option.
   isLoggedIn = () => {
     try {
       const expiresAt = JSON.parse(localStorage.getItem('expires_at'));
-      return new Date().getTime() < expiresAt;
+      return new Date().getTime() < (expiresAt - (this.expirationOffset * 1000));
     } catch (e) {
@@ -214,5 +213,5 @@ return false;
   getProfile = () => {
-    try { 
+    try {
       return JSON.parse(localStorage.getItem('profile')) || undefined;
-    } catch (e) {}
+    } catch (e) { }
   };
@@ -223,3 +222,3 @@
       return JSON.parse(localStorage.getItem('expires_at')) || undefined;
-    } catch (e) {}
+    } catch (e) { }
   };
@@ -234,5 +233,5 @@
   clearOldNonces = () => Object.keys(localStorage).forEach(key => {
-      if(!key.startsWith('com.auth0.auth')) return;
-      localStorage.removeItem(key);
-    });
+    if (!key.startsWith('com.auth0.auth')) return;
+    localStorage.removeItem(key);
+  });
 
@@ -246,3 +245,3 @@ // returns a proimse that resolves with an authenticated status (true, false)
     }
-    if(!window.location.hash){
+    if (!window.location.hash) {
       return _Promise.resolve(false);
@@ -258,3 +257,3 @@ }
           const returnUri = localStorage.getItem('returnUri');
-          if(returnUri){
+          if (returnUri) {
             localStorage.removeItem('returnUri')
@@ -315,3 +314,3 @@ }
       .catch(err => {
-        if(nextUri){
+        if (nextUri) {
           localStorage.setItem('returnUri', nextUri);
@@ -358,3 +357,3 @@ }
     // also log out with auth0
-    const returnTo = nextUri ? {returnTo: window.location.origin + nextUri} : {};
+    const returnTo = nextUri ? { returnTo: window.location.origin + nextUri } : {};
     if (logoutOfFederated) {
@@ -361,0 +360,0 @@ this.auth0.logout({

test/centralizedauth.test.js

@@ -32,7 +32,7 @@ import clock from 'jest-plugin-clock';
   });
-  
-  test('should add both event listeners',() => {
+
+  test('should add both event listeners', () => {
     expect(mockAddEvent).toBeCalledTimes(2)
     expect(mockAddEvent).toHaveBeenNthCalledWith(1, 'storage', testModule.listenToStorage);
-    expect(mockAddEvent).toHaveBeenNthCalledWith(2, 'visibilitychange',testModule.handleFocusChange);
+    expect(mockAddEvent).toHaveBeenNthCalledWith(2, 'visibilitychange', testModule.handleFocusChange);
   })
@@ -138,3 +138,3 @@
         window.localStorage.setItem('expires_at', newExpiration); // this does not trigger the StorageEvent
-        storageEvent = new window.StorageEvent('storage', { 
+        storageEvent = new window.StorageEvent('storage', {
           key: 'expires_at',
@@ -176,8 +176,7 @@ oldValue: now.getTime().toString(),
 
-    test('subscribing to "authenticated" should fire the event', () => {
+    test('subscribing to "authenticated" should not fire the event', () => {
       const authenticatedCallback = jest.fn();
       testModule.on('authenticated', authenticatedCallback);
 
-      expect(authenticatedCallback).toHaveBeenCalledTimes(1);
-      expect(authenticatedCallback).toBeCalledWith('initial');
+      expect(authenticatedCallback).toHaveBeenCalledTimes(0);
     });
@@ -193,8 +192,8 @@
       window.dispatchEvent(new Event('visibilitychange'))
-      
+
       expect(tokenExpiredCallback).toHaveBeenCalledTimes(2);
     });
 
-    test('isLoggedIn should return true', () => {
-      expect(testModule.isLoggedIn()).toBe(true);
+    test('isLoggedIn should return false', () => {
+      expect(testModule.isLoggedIn()).toBe(false);
     });
@@ -226,3 +225,3 @@ });
       window.dispatchEvent(new Event('visibilitychange'))
-      
+
       expect(tokenExpiredCallback).toHaveBeenCalledTimes(0);
@@ -361,3 +360,3 @@ });
 
-    test('visibility change should not fire tokenExpired callback',() => {
+    test('visibility change should not fire tokenExpired callback', () => {
       const tokenExpiredCallback = jest.fn();
@@ -364,0 +363,0 @@ testModule.on('tokenExpired', tokenExpiredCallback);

New alerts

Install scripts

Supply chain risk

Install scripts are run when the package is installed. The majority of malware in npm is hidden in install scripts.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

136159

increased by0.16%

Worsened metrics

Lines of code

1692

decreased by-0.18%

Number of high supply chain risk alerts

1

increased byInfinity%

No dependency changes