@loopback/authorization - npm Package Compare versions

Comparing version 0.4.8 to 0.4.9

CHANGELOG.md

@@ -6,2 +6,13 @@ # Change Log
 
+## [0.4.9](https://github.com/strongloop/loopback-next/compare/@loopback/authorization@0.4.8...@loopback/authorization@0.4.9) (2020-02-05)
+
+
+### Bug Fixes
+
+* **authorization:** make sure an authorizer is only invoked once per request ([b29bbeb](https://github.com/strongloop/loopback-next/commit/b29bbeb35c0c34784aae683fe03003a3b239cb87))
+
+
+
+
+
 ## [0.4.8](https://github.com/strongloop/loopback-next/compare/@loopback/authorization@0.4.7...@loopback/authorization@0.4.8) (2020-01-27)
@@ -8,0 +19,0 @@

dist/authorize-interceptor.d.ts

 import { Interceptor, InvocationContext, Next, Provider } from '@loopback/context';
-import { AuthorizationOptions, Authorizer } from './types';
+import { AuthorizationOptions } from './types';
 export declare class AuthorizationInterceptor implements Provider<Interceptor> {
-    private authorizers;
     private options;
-    constructor(authorizers: Authorizer[], options?: AuthorizationOptions);
+    constructor(options?: AuthorizationOptions);
     value(): Interceptor;
     intercept(invocationCtx: InvocationContext, next: Next): Promise<any>;
 }

dist/authorize-interceptor.js

@@ -31,4 +31,3 @@ "use strict";
 let AuthorizationInterceptor = class AuthorizationInterceptor {
-    constructor(authorizers, options = {}) {
-        this.authorizers = authorizers;
+    constructor(options = {}) {
         this.options = Object.assign({ defaultDecision: types_1.AuthorizationDecision.DENY, precedence: types_1.AuthorizationDecision.DENY }, options);
@@ -67,5 +66,4 @@ debug('Authorization options', this.options);
         debug('Security context for %s', description, authorizationCtx);
-        let authorizers = await loadAuthorizers(invocationCtx, (_b = metadata.voters, (_b !== null && _b !== void 0 ? _b : [])));
+        const authorizers = await loadAuthorizers(invocationCtx, (_b = metadata.voters, (_b !== null && _b !== void 0 ? _b : [])));
         let finalDecision = this.options.defaultDecision;
-        authorizers = authorizers.concat(this.authorizers);
         for (const fn of authorizers) {
@@ -104,5 +102,4 @@ const decision = await fn(authorizationCtx, metadata);
     context_1.bind(context_1.asGlobalInterceptor('authorization')),
-    __param(0, context_1.inject(context_1.filterByTag(keys_1.AuthorizationTags.AUTHORIZER))),
-    __param(1, context_1.config({ fromBinding: keys_1.AuthorizationBindings.COMPONENT })),
-    __metadata("design:paramtypes", [Array, Object])
+    __param(0, context_1.config({ fromBinding: keys_1.AuthorizationBindings.COMPONENT })),
+    __metadata("design:paramtypes", [Object])
 ], AuthorizationInterceptor);
@@ -109,0 +106,0 @@ exports.AuthorizationInterceptor = AuthorizationInterceptor;

package.json

 {
   "name": "@loopback/authorization",
-  "version": "0.4.8",
+  "version": "0.4.9",
   "description": "A LoopBack component for authorization support.",
@@ -25,12 +25,12 @@ "engines": {
   "dependencies": {
-    "@loopback/context": "^2.0.0",
-    "@loopback/core": "^1.12.2",
-    "@loopback/security": "^0.1.11",
+    "@loopback/context": "^2.1.0",
+    "@loopback/core": "^1.12.3",
+    "@loopback/security": "^0.1.12",
     "debug": "^4.1.1"
   },
   "devDependencies": {
-    "@loopback/build": "^3.1.0",
-    "@loopback/testlab": "^1.10.2",
+    "@loopback/build": "^3.1.1",
+    "@loopback/testlab": "^1.10.3",
     "@types/debug": "^4.1.4",
-    "@types/node": "10.17.13",
+    "@types/node": "10.17.14",
     "casbin": "^3.1.0"
@@ -55,3 +55,3 @@ },
   },
-  "gitHead": "d08f135a0d1040edc61497739a8d86a866e4e29a"
+  "gitHead": "b5e53892d327c6cf4c6023055d2b38f13fe4729e"
 }

src/authorize-interceptor.ts

@@ -13,4 +13,2 @@ // Copyright IBM Corp. 2019. All Rights Reserved.
   Context,
-  filterByTag,
-  inject,
   Interceptor,
@@ -41,4 +39,2 @@ InvocationContext,
   constructor(
-    @inject(filterByTag(AuthorizationTags.AUTHORIZER))
-    private authorizers: Authorizer[],
     @config({fromBinding: AuthorizationBindings.COMPONENT})
@@ -92,3 +88,3 @@ options: AuthorizationOptions = {},
     debug('Security context for %s', description, authorizationCtx);
-    let authorizers = await loadAuthorizers(
+    const authorizers = await loadAuthorizers(
       invocationCtx,
@@ -99,3 +95,2 @@ metadata.voters ?? [],
     let finalDecision = this.options.defaultDecision;
-    authorizers = authorizers.concat(this.authorizers);
     for (const fn of authorizers) {
@@ -102,0 +97,0 @@ const decision = await fn(authorizationCtx, metadata);

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Worsened metrics

Total package byte prevSize

66254

decreased by-0.41%

Lines of code

1296

decreased by-0.69%

Dependency changes

• Updated@loopback/context@^2.1.0

• Updated@loopback/core@^1.12.3

• Updated@loopback/security@^0.1.12