@sap/xssec
Advanced tools
@sap/xssec - npm Package Compare versions
Comparing version 3.2.7 to 3.2.8
| # Change Log | ||
| All notable changes to this project will be documented in this file. | ||
| ## 3.2.7 - 2020-09-15 | ||
| ## 3.2.8 - 2021-10-18 | ||
| - add additional getter for user properties on XSUAA context | ||
| - remove deed and unneeded code for IAS context | ||
| - fix token flows in requests if subdomain is provided using certificate | ||
| ## 3.2.7 - 2021-09-15 | ||
| - replace got with axios library because of a bug in got lib during https get | ||
| ## 3.2.5 - 2020-09-07 | ||
| ## 3.2.5 - 2021-09-07 | ||
| - fix to be backward-compatible for tokenFlow-APIs | ||
| ## 3.2.4 - 2020-09-03 | ||
| ## 3.2.4 - 2021-09-03 | ||
| - fix an issue with IAS multitenancy support | ||
| - remove the deprecated request library with got library | ||
| ## 3.2.3 - 2020-08-23 | ||
| ## 3.2.3 - 2021-08-23 | ||
| - add checkFollowingInstanceScope to SecurityContext to retrieve instance specific scope without need to build scope string on your own | ||
@@ -19,3 +24,3 @@ - fix a reference error in key verification | ||
| ## 3.2.2 - 2020-06-16 | ||
| ## 3.2.2 - 2021-06-16 | ||
| - Support for tokenexchanges with X.509 certificates managed by XSUAA | ||
@@ -25,9 +30,9 @@ - Support for tokenexchanges with manually managed X.509 certificates | ||
| ## 3.2.1 - 2020-06-01 | ||
| ## 3.2.1 - 2021-06-01 | ||
| - Add some more error and tracing information | ||
| ## 3.2.0 - 2020-04-20 | ||
| ## 3.2.0 - 2021-04-20 | ||
| - Support for IAS token validation. ([more details](doc/IAS.md)) | ||
| ## 3.1.2 - 2020-03-01 | ||
| ## 3.1.2 - 2021-03-01 | ||
| - Feature: Support for IAS to XSUAA token exchange ([more details](doc/IAStoXSUAA.md)) | ||
@@ -37,7 +42,7 @@ - Feature: Support for ZoneID enabled token flows ([more details](doc/TokenFlows.md)) | ||
| ## 3.1.1 - 2020-02-11 | ||
| ## 3.1.1 - 2021-02-11 | ||
| - Bugfix: Tokenexchange with additional attributes may result in a wrong formatted url | ||
| - Feature: The passport middleware allows to provide scopes to be validated at authentication time. Details [here](http://www.passportjs.org/docs/oauth/#scope) | ||
| ## 3.1.0 - 2020-02-10 | ||
| ## 3.1.0 - 2021-02-10 | ||
| - Support for multiple configurations for one security context ([more details here](doc/MultiConfiguration.md)) | ||
@@ -49,3 +54,3 @@ - Bugfix: support for additional attributes in token exchange | ||
| ## 3.0.10 - 2020-10-01 | ||
| ## 3.0.10 - 2021-10-01 | ||
| - The requests to the XSUAA are now available using the requests module also if you do not have a securityContext | ||
@@ -52,0 +57,0 @@ |
@@ -144,3 +144,3 @@ 'use strict'; | ||
| this.getAttribute = function (name) { | ||
| this.getAttributes = function () { | ||
| if (!ifNotClientCredentialsToken('SecurityContext.getAttribute', true)) { | ||
@@ -161,2 +161,8 @@ return null; | ||
| } | ||
| return userAttributes; | ||
| } | ||
| this.getAttribute = function (name) { | ||
| const attributes = this.getAttributes(); | ||
| if (!attributes) return null; | ||
| if (!name) { | ||
@@ -166,7 +172,7 @@ debugTrace('\nInvalid attribute name (may not be null, empty, or undefined).'); | ||
| } | ||
| if (!userAttributes[name]) { | ||
| if (!attributes[name]) { | ||
| debugTrace('\nNo attribute "' + name + '" found for user "' + this.getLogonName() + '".'); | ||
| return null; | ||
| } | ||
| return userAttributes[name]; | ||
| return attributes[name]; | ||
| }; | ||
@@ -173,0 +179,0 @@ |
@@ -153,12 +153,2 @@ 'use strict'; | ||
| }); | ||
| requests.requestOpenIDConfiguration(serviceUrl, function(err, result) { | ||
| if(err) { | ||
| return cb(err); | ||
| } | ||
| var tokenUrl = result.jwks_uri; | ||
| }); | ||
| } | ||
@@ -165,0 +155,0 @@ |
@@ -84,9 +84,14 @@ 'use strict'; | ||
| } | ||
| if (tokenSubdomain !== null && tokenRequestSubdomain != null && tokenSubdomain !== tokenRequestSubdomain) { | ||
| urlWithCorrectSubdomain = uaaUrl.protocol + "//" + tokenSubdomain + uaaUrl.host.substring(uaaUrl.host.indexOf('.'), uaaUrl.host.size); | ||
| urlWithCorrectSubdomain = uaaUrl.protocol + "//" + tokenSubdomain + uaaUrl.host.substring(uaaUrl.host.indexOf('.'), uaaUrl.host.size); | ||
| } | ||
| } | ||
| if (serviceCredentials.certificate) { | ||
| urlWithCorrectSubdomain = serviceCredentials.certurl; | ||
| if (serviceCredentials.certificate) { | ||
| urlWithCorrectSubdomain = urlWithCorrectSubdomain.replace(".authentication.", ".authentication.cert.") | ||
| } | ||
| } else { | ||
| if (serviceCredentials.certificate) { | ||
| urlWithCorrectSubdomain = serviceCredentials.certurl; | ||
| } | ||
| } | ||
@@ -93,0 +98,0 @@ |
| { | ||
| "name": "@sap/xssec", | ||
| "version": "3.2.7", | ||
| "version": "3.2.8", | ||
| "description": "XS Advanced Container Security API for node.js", | ||
@@ -5,0 +5,0 @@ "main": "./lib", |
New alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Fixed alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Improved metrics
- Total package byte prevSize
- increased by0.33%
120091
- Lines of code
- increased by0.18%
1677