@loopback/authorization - npm Package Compare versions

Comparing version 0.2.0 to 0.2.1

CHANGELOG.md

@@ -6,2 +6,10 @@ # Change Log
 
+## [0.2.1](https://github.com/strongloop/loopback-next/compare/@loopback/authorization@0.2.0...@loopback/authorization@0.2.1) (2019-09-03)
+
+**Note:** Version bump only for package @loopback/authorization
+
+
+
+
+
 # [0.2.0](https://github.com/strongloop/loopback-next/compare/@loopback/authorization@0.1.2...@loopback/authorization@0.2.0) (2019-08-19)
@@ -8,0 +16,0 @@

dist/authorize-interceptor.js

@@ -19,4 +19,4 @@ "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-const authentication_1 = require("@loopback/authentication");
 const context_1 = require("@loopback/context");
+const security_1 = require("@loopback/security");
 const debugFactory = require("debug");
@@ -46,3 +46,3 @@ const authorize_1 = require("./decorators/authorize");
         // retrieve it from authentication module
-        const user = await invocationCtx.get(authentication_1.AuthenticationBindings.CURRENT_USER, {
+        const user = await invocationCtx.get(security_1.SecurityBindings.USER, {
             optional: true,
@@ -119,4 +119,4 @@ });
     return {
-        name: user.name || user.id,
-        id: user.id,
+        name: user.name || user[security_1.securityId],
+        [security_1.securityId]: user.id,
         email: user.email,
@@ -123,0 +123,0 @@ type: 'USER',

dist/decorators/authorize.js

@@ -70,7 +70,7 @@ "use strict";
             // Method
-            return AuthorizeMethodDecoratorFactory.createDecorator(exports.AUTHORIZATION_METHOD_KEY, spec)(target, method, methodDescriptor);
+            return AuthorizeMethodDecoratorFactory.createDecorator(exports.AUTHORIZATION_METHOD_KEY, spec, { decoratorName: '@authorize' })(target, method, methodDescriptor);
         }
         if (typeof target === 'function' && !method && !methodDescriptor) {
             // Class
-            return AuthorizeClassDecoratorFactory.createDecorator(exports.AUTHORIZATION_CLASS_KEY, spec)(target);
+            return AuthorizeClassDecoratorFactory.createDecorator(exports.AUTHORIZATION_CLASS_KEY, spec, { decoratorName: '@authorize' })(target);
         }
@@ -77,0 +77,0 @@ // Not on a class or method

dist/types.d.ts

 import { BindingAddress, InvocationContext } from '@loopback/context';
+import { Principal, Role } from '@loopback/security';
 /**
@@ -52,82 +53,2 @@ * Built-in roles
 /**
- * Represent a user, an application, or a device
- */
-export interface Principal {
-    /**
-     * Name/id
-     */
-    name: string;
-    /**
-     * Type - user/application/device etc
-     */
-    type: string;
-    [attribute: string]: any;
-}
-/**
- * Represent a group of principals that have the same authority. There are two
- * types of roles:
- *
- * - explicit
- * - implicit
- *
- */
-export interface Role {
-    /**
-     * Name/id
-     */
-    name: string;
-    [attribute: string]: any;
-}
-/**
- * `Subject` represents both security state and operations for a single
- * application user.
- *
- * Such operations include:
- * - authentication (login)
- * - authorization (access control)
- * - session access
- * - logout
- */
-export interface Subject {
-    principals: Principal[];
-    roles: Role[];
-    scopes: string[];
-}
-/**
- * `Permission` defines an action/access against a protected resource. It's
- * the `what` for authorization.
- *
- * There are three levels of permissions
- *
- * - Resource level (Order, User)
- * - Instance level (Order-0001, User-1001)
- * - Property level (User-0001.email)
- *
- * @example
- * - create a user
- * - read email of a user
- * - change email of a user
- * - cancel an order
- */
-export interface Permission {
-    /**
-     * Action or access of a protected resources, such as `read`, `create`,
-     * `update`, or `delete`
-     */
-    action: string;
-    /**
-     * Type of protected resource, such as `Order` or `Customer`
-     */
-    resourceType: string;
-    /**
-     * Identity of a protected resource instance, such as `order-0001` or
-     * `customer-101`
-     */
-    resourceInstance?: string;
-    /**
-     * Property of a protected resource type/instance, such as `email`
-     */
-    resourceProperty?: string;
-}
-/**
  * Request context for authorization
@@ -134,0 +55,0 @@ */

package.json

 {
   "name": "@loopback/authorization",
-  "version": "0.2.0",
+  "version": "0.2.1",
   "description": "A LoopBack component for authorization support.",
@@ -25,13 +25,13 @@ "engines": {
   "dependencies": {
-    "@loopback/context": "^1.21.4",
-    "@loopback/core": "^1.9.3",
+    "@loopback/context": "^1.22.0",
+    "@loopback/core": "^1.10.0",
+    "@loopback/security": "^0.1.0",
     "debug": "^4.1.1"
   },
   "devDependencies": {
-    "@loopback/authentication": "^2.1.11",
-    "@loopback/build": "^2.0.8",
-    "@loopback/testlab": "^1.7.4",
+    "@loopback/build": "^2.0.9",
+    "@loopback/testlab": "^1.7.5",
     "@types/debug": "^4.1.4",
-    "@types/node": "10.14.15",
-    "casbin": "^3.0.3"
+    "@types/node": "10.14.17",
+    "casbin": "^3.0.4"
   },
@@ -55,3 +55,3 @@ "keywords": [
   },
-  "gitHead": "e17358d04cf9986fc692fdea37b582111932551d"
+  "gitHead": "2cc8fa9318b1592845fa251fdd28d7f3225a70c0"
 }

src/authorize-interceptor.ts

@@ -6,3 +6,2 @@ // Copyright IBM Corp. 2019. All Rights Reserved.
 
-import {AuthenticationBindings, UserProfile} from '@loopback/authentication';
 import {
@@ -22,2 +21,8 @@ asGlobalInterceptor,
 } from '@loopback/context';
+import {
+  Principal,
+  SecurityBindings,
+  securityId,
+  UserProfile,
+} from '@loopback/security';
 import * as debugFactory from 'debug';
@@ -32,3 +37,2 @@ import {getAuthorizationMetadata} from './decorators/authorize';
   Authorizer,
-  Principal,
 } from './types';
@@ -74,8 +78,5 @@
     // retrieve it from authentication module
-    const user = await invocationCtx.get<UserProfile>(
-      AuthenticationBindings.CURRENT_USER,
-      {
-        optional: true,
-      },
-    );
+    const user = await invocationCtx.get<UserProfile>(SecurityBindings.USER, {
+      optional: true,
+    });
 
@@ -158,4 +159,4 @@ debug('Current user', user);
   return {
-    name: user.name || user.id,
-    id: user.id,
+    name: user.name || user[securityId],
+    [securityId]: user.id,
     email: user.email,
@@ -162,0 +163,0 @@ type: 'USER',

src/decorators/authorize.ts

@@ -112,2 +112,3 @@ // Copyright IBM Corp. 2019. All Rights Reserved.
         spec,
+        {decoratorName: '@authorize'},
       )(target, method, methodDescriptor!);
@@ -120,2 +121,3 @@ }
         spec,
+        {decoratorName: '@authorize'},
       )(target);
@@ -122,0 +124,0 @@ }

src/types.ts

@@ -7,2 +7,3 @@ // Copyright IBM Corp. 2018. All Rights Reserved.
 import {BindingAddress, InvocationContext} from '@loopback/context';
+import {Principal, Role} from '@loopback/security';
 
@@ -64,93 +65,2 @@ /**
 /**
- * Represent a user, an application, or a device
- */
-export interface Principal {
-  /**
-   * Name/id
-   */
-  name: string;
-  /**
-   * Type - user/application/device etc
-   */
-  type: string;
-
-  // organization/realm/domain/tenant
-  // team/group
-
-  // eslint-disable-next-line @typescript-eslint/no-explicit-any
-  [attribute: string]: any;
-}
-
-/**
- * Represent a group of principals that have the same authority. There are two
- * types of roles:
- *
- * - explicit
- * - implicit
- *
- */
-export interface Role {
-  /**
-   * Name/id
-   */
-  name: string;
-  // eslint-disable-next-line @typescript-eslint/no-explicit-any
-  [attribute: string]: any;
-}
-
-/**
- * `Subject` represents both security state and operations for a single
- * application user.
- *
- * Such operations include:
- * - authentication (login)
- * - authorization (access control)
- * - session access
- * - logout
- */
-export interface Subject {
-  principals: Principal[];
-  roles: Role[];
-  scopes: string[];
-}
-
-/**
- * `Permission` defines an action/access against a protected resource. It's
- * the `what` for authorization.
- *
- * There are three levels of permissions
- *
- * - Resource level (Order, User)
- * - Instance level (Order-0001, User-1001)
- * - Property level (User-0001.email)
- *
- * @example
- * - create a user
- * - read email of a user
- * - change email of a user
- * - cancel an order
- */
-export interface Permission {
-  /**
-   * Action or access of a protected resources, such as `read`, `create`,
-   * `update`, or `delete`
-   */
-  action: string;
-
-  /**
-   * Type of protected resource, such as `Order` or `Customer`
-   */
-  resourceType: string;
-  /**
-   * Identity of a protected resource instance, such as `order-0001` or
-   * `customer-101`
-   */
-  resourceInstance?: string;
-  /**
-   * Property of a protected resource type/instance, such as `email`
-   */
-  resourceProperty?: string;
-}
-
-/**
  * Request context for authorization
@@ -157,0 +67,0 @@ */

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

New author

Supply chain risk

A new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.

Found 1 instance in 1 package

Improved metrics

Dev dependency count

5

decreased by-16.67%

Number of medium supply chain risk alerts

0

decreased by-100%

Worsened metrics

Total package byte prevSize

60811

decreased by-4.82%

Dependency count

4

increased by33.33%

Lines of code

1226

decreased by-11.48%

Dependency changes

• + Added@loopback/security@^0.1.0

• + Added@loopback/security@0.1.13(transitive)

• Updated@loopback/context@^1.22.0

• Updated@loopback/core@^1.10.0