@sitewaerts/superlogin
Advanced tools
Comparing version 2.0.9 to 2.0.10
@@ -7,3 +7,3 @@ 'use strict'; | ||
this.storeKey = function (username, key, password, expires, roles) { | ||
this.storeKey = function (username, key, password, expires, refreshed, roles) { | ||
if(roles instanceof Array) { | ||
@@ -23,2 +23,3 @@ // Clone roles to not overwrite original | ||
expires: expires, | ||
refreshed: refreshed, | ||
roles: roles | ||
@@ -25,0 +26,0 @@ }; |
@@ -21,4 +21,4 @@ 'use strict'; | ||
this.storeKey = function (username, key, password, expires, roles) { | ||
return adapter.storeKey(username, key, password, expires, roles); | ||
this.storeKey = function (username, key, password, expires, refreshed, roles) { | ||
return adapter.storeKey(username, key, password, expires, refreshed, roles); | ||
}; | ||
@@ -25,0 +25,0 @@ |
@@ -535,4 +535,4 @@ 'use strict'; | ||
} | ||
// We can only unlink if there are at least two providers | ||
if(!user.providers || !(user.providers instanceof Array) || user.providers.length < 2) { | ||
// We can only unlink if there are at least two providers, or if they have a password separately set up | ||
if(!user.derived_key && (!user.providers || !(user.providers instanceof Array) || user.providers.length < 2)) { | ||
return BPromise.reject({ | ||
@@ -589,3 +589,3 @@ error: 'Unlink failed', | ||
.then(function() { | ||
return dbAuth.storeKey(user_id, newToken.key, password, newToken.expires, user.roles); | ||
return dbAuth.storeKey(user_id, newToken.key, password, newToken.expires, newToken.refreshed, user.roles); | ||
}) | ||
@@ -605,2 +605,3 @@ .then(function() { | ||
issued: newToken.issued, | ||
refreshed: newToken.refreshed, | ||
expires: newToken.expires, | ||
@@ -730,2 +731,3 @@ provider: provider, | ||
newSession.expires = Date.now() + sessionLife * 1000; | ||
newSession.refreshed = Date.now(); | ||
return BPromise.all([ | ||
@@ -1235,2 +1237,3 @@ userDB.get(newSession._id), | ||
issued: now, | ||
refreshed: now, | ||
expires: now + sessionLife * 1000, | ||
@@ -1237,0 +1240,0 @@ roles: roles |
@@ -6,5 +6,10 @@ 'use strict'; | ||
var uuid = require('uuid'); | ||
var pwd = require('@sensu/couch-pwd'); | ||
var crypto = require('crypto'); | ||
var keylen = 20; | ||
var size = 16; | ||
var iterations = 10; | ||
var encoding = 'hex'; | ||
var digest = 'SHA1'; | ||
exports.URLSafeUUID = function() { | ||
@@ -20,9 +25,11 @@ return URLSafeBase64.encode(uuid.v4(null, new Buffer(16))); | ||
return new BPromise(function (resolve, reject) { | ||
pwd.hash(password, function (err, salt, hash) { | ||
if (err) { | ||
return reject(err); | ||
} | ||
return resolve({ | ||
salt: salt, | ||
derived_key: hash | ||
crypto.randomBytes(size, function(err, salt) { | ||
if (err) return reject(err); | ||
salt = salt.toString('hex'); | ||
crypto.pbkdf2(password, salt, iterations, keylen, digest, function(err, hash){ | ||
if (err) return reject(err); | ||
return resolve({ salt: salt, derived_key: hash.toString(encoding)}); | ||
}); | ||
@@ -34,20 +41,23 @@ }); | ||
exports.verifyPassword = function (hashObj, password) { | ||
var getHash = BPromise.promisify(pwd.hash, {context: pwd}); | ||
var iterations = hashObj.iterations; | ||
var salt = hashObj.salt; | ||
var iterations = hashObj.iterations || 10; | ||
var derived_key = hashObj.derived_key; | ||
if (iterations) { | ||
pwd.iterations(iterations); | ||
} | ||
if(!salt || !derived_key) { | ||
return BPromise.reject(false); | ||
} | ||
return getHash(password, salt) | ||
.then(function (hash) { | ||
if (hash === derived_key) { | ||
return BPromise.resolve(true); | ||
return new BPromise(function (resolve, reject) { | ||
crypto.pbkdf2(password, salt, iterations, keylen, digest, function(err, hash) { | ||
if (err) { | ||
return reject(false); | ||
} | ||
if (hash.toString(encoding) === derived_key) { | ||
return resolve(true); | ||
} else { | ||
return BPromise.reject(false); | ||
return reject(false); | ||
} | ||
}); | ||
}); | ||
}; | ||
@@ -54,0 +64,0 @@ |
{ | ||
"name": "@sitewaerts/superlogin", | ||
"version": "2.0.9", | ||
"version": "2.0.10", | ||
"description": "Powerful authentication for APIs and single page apps using the CouchDB ecosystem which supports a variety of providers.", | ||
@@ -30,9 +30,2 @@ "main": "./lib/index.js", | ||
"author": "Colin Skow", | ||
"contributors": [ | ||
{ | ||
"name": "Bjorn Stromberg", | ||
"email": "bjorn@bjornstar.com", | ||
"url": "http://bjornstar.com/about" | ||
} | ||
], | ||
"license": "MIT", | ||
@@ -44,4 +37,3 @@ "bugs": { | ||
"dependencies": { | ||
"@sensu/couch-pwd": "^1.0.0", | ||
"bluebird": "^3.5.1", | ||
"bluebird": "^3.3.4", | ||
"ejs": "^2.3.1", | ||
@@ -48,0 +40,0 @@ "express": "^4.16.2", |
@@ -193,2 +193,15 @@ # @sensu/superlogin [![Build Status](https://travis-ci.org/sen-su/superlogin.png?branch=master)](https://travis-ci.org/sen-su/superlogin) | ||
Example design doc: | ||
``` js | ||
module.exports = { | ||
validator: { | ||
validate_doc_update: function (newDoc, oldDoc, userCtx) { | ||
if (!newDoc.name) { | ||
throw({forbidden: 'doc.name is required'}); | ||
} | ||
}.toString() | ||
} | ||
}; | ||
``` | ||
If you are using Cloudant authentication, the prefixed `user_id` is inserted as the first item on the `permissions` array, which will also appear inside `roles` in your `userCtx` object. You will also find all the `roles` from your user doc here. | ||
@@ -369,3 +382,2 @@ | ||
- `refresh`: (`newSession`) | ||
- `signup`: (`userDoc`, `provider`) | ||
- `password-reset`: (`userDoc`) | ||
@@ -372,0 +384,0 @@ - `password-change`: (`userDoc`) |
Sorry, the diff of this file is not supported yet
No License Found
License(Experimental) License information could not be found
Found 1 instance in 1 package
177488
18
0
3355
534
- Removed@sensu/couch-pwd@^1.0.0
- Removed@sensu/couch-pwd@1.0.1(transitive)
Updatedbluebird@^3.3.4