@koopjs/auth-direct-file - npm Package Compare versions

Comparing version 2.0.1 to 2.0.2

CHANGELOG.md

@@ -5,2 +5,5 @@ # Change Log
 
+## 2.0.2
+* patch - invalidate with user not found
+
 ## 2.0.1
@@ -7,0 +10,0 @@ * migrate to jest

package.json

 {
   "name": "@koopjs/auth-direct-file",
-  "version": "2.0.1",
+  "version": "2.0.2",
   "description": "Module for implementing a direct authentication pattern with file-based user-store in Koop",
@@ -5,0 +5,0 @@ "main": "src/index.js",

src/validate-credentials.js

@@ -19,2 +19,6 @@ const fs = require('fs-extra');
   
+    if (!user) {
+      return false;
+    }
+    
     return user?.password === password;
@@ -21,0 +25,0 @@ } catch (err) {

src/validate-credentials.spec.js

@@ -10,3 +10,3 @@ const fs = require('fs-extra');
       return Buffer.from(JSON.stringify([
-        { username: 'foo', 'password': 'bar' }
+        { username: 'foo', password: 'bar' }
       ]));
@@ -19,2 +19,24 @@ });
 
+  test('should invalidate if user not found', async () => {
+    fs.readFile.mockImplementationOnce(() => {
+      return Buffer.from(JSON.stringify([
+        { username: 'fooz', password: 'bar' }
+      ]));
+    });
+
+    const result = await validateCredentials('foo', 'bar');
+    expect(result).toEqual(false);
+  });
+
+  test('should invalidate if password does not match', async () => {
+    fs.readFile.mockImplementationOnce(() => {
+      return Buffer.from(JSON.stringify([
+        { username: 'foo', password: 'baz' }
+      ]));
+    });
+
+    const result = await validateCredentials('foo', 'bar');
+    expect(result).toEqual(false);
+  });
+
   test('should throw error reading store', async () => {
@@ -21,0 +43,0 @@ fs.readFile.mockImplementationOnce(() => {

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Major refactor

Supply chain risk

Package has recently undergone a major refactor. It may be unstable or indicate significant internal changes. Use caution when updating to versions that include significant changes.

Found 1 instance in 1 package

New author

Supply chain risk

A new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

59754

increased by1.25%

Lines of code

478

increased by4.6%

Number of medium supply chain risk alerts

0

decreased by-100%

No dependency changes