@sitewaerts/superlogin - npm Package Compare versions

@sitewaerts/superlogin

Package Overview

Dependencies

283

Advanced tools

Install Socket

Detect and block malicious and high-risk dependencies

Install

Comparing version 2.0.9 to 2.0.10

lib/dbauth/couchdb.js

		@@ -7,3 +7,3 @@ 'use strict';

		this.storeKey = function (username, key, password, expires, roles) {
		this.storeKey = function (username, key, password, expires, refreshed, roles) {
		if(roles instanceof Array) {
		@@ -23,2 +23,3 @@ // Clone roles to not overwrite original
		expires: expires,
		refreshed: refreshed,
		roles: roles
		@@ -25,0 +26,0 @@ };

lib/dbauth/index.js

		@@ -21,4 +21,4 @@ 'use strict';

		this.storeKey = function (username, key, password, expires, roles) {
		return adapter.storeKey(username, key, password, expires, roles);
		this.storeKey = function (username, key, password, expires, refreshed, roles) {
		return adapter.storeKey(username, key, password, expires, refreshed, roles);
		};
		@@ -25,0 +25,0 @@

lib/user.js

		@@ -535,4 +535,4 @@ 'use strict';
		}
		// We can only unlink if there are at least two providers
		if(!user.providers \|\| !(user.providers instanceof Array) \|\| user.providers.length < 2) {
		// We can only unlink if there are at least two providers, or if they have a password separately set up
		if(!user.derived_key && (!user.providers \|\| !(user.providers instanceof Array) \|\| user.providers.length < 2)) {
		return BPromise.reject({
		@@ -589,3 +589,3 @@ error: 'Unlink failed',
		.then(function() {
		return dbAuth.storeKey(user_id, newToken.key, password, newToken.expires, user.roles);
		return dbAuth.storeKey(user_id, newToken.key, password, newToken.expires, newToken.refreshed, user.roles);
		})
		@@ -605,2 +605,3 @@ .then(function() {
		issued: newToken.issued,
		refreshed: newToken.refreshed,
		expires: newToken.expires,
		@@ -730,2 +731,3 @@ provider: provider,
		newSession.expires = Date.now() + sessionLife * 1000;
		newSession.refreshed = Date.now();
		return BPromise.all([
		@@ -1235,2 +1237,3 @@ userDB.get(newSession._id),
		issued: now,
		refreshed: now,
		expires: now + sessionLife * 1000,
		@@ -1237,0 +1240,0 @@ roles: roles

lib/util.js

		@@ -6,5 +6,10 @@ 'use strict';
		var uuid = require('uuid');
		var pwd = require('@sensu/couch-pwd');
		var crypto = require('crypto');

		var keylen = 20;
		var size = 16;
		var iterations = 10;
		var encoding = 'hex';
		var digest = 'SHA1';

		exports.URLSafeUUID = function() {
		@@ -20,9 +25,11 @@ return URLSafeBase64.encode(uuid.v4(null, new Buffer(16)));
		return new BPromise(function (resolve, reject) {
		pwd.hash(password, function (err, salt, hash) {
		if (err) {
		return reject(err);
		}
		return resolve({
		salt: salt,
		derived_key: hash
		crypto.randomBytes(size, function(err, salt) {
		if (err) return reject(err);

		salt = salt.toString('hex');

		crypto.pbkdf2(password, salt, iterations, keylen, digest, function(err, hash){
		if (err) return reject(err);

		return resolve({ salt: salt, derived_key: hash.toString(encoding)});
		});
		@@ -34,20 +41,23 @@ });
		exports.verifyPassword = function (hashObj, password) {
		var getHash = BPromise.promisify(pwd.hash, {context: pwd});
		var iterations = hashObj.iterations;
		var salt = hashObj.salt;
		var iterations = hashObj.iterations \|\| 10;

		var derived_key = hashObj.derived_key;
		if (iterations) {
		pwd.iterations(iterations);
		}
		if(!salt \|\| !derived_key) {
		return BPromise.reject(false);
		}
		return getHash(password, salt)
		.then(function (hash) {
		if (hash === derived_key) {
		return BPromise.resolve(true);

		return new BPromise(function (resolve, reject) {
		crypto.pbkdf2(password, salt, iterations, keylen, digest, function(err, hash) {
		if (err) {
		return reject(false);
		}

		if (hash.toString(encoding) === derived_key) {
		return resolve(true);
		} else {
		return BPromise.reject(false);
		return reject(false);
		}
		});
		});
		};
		@@ -54,0 +64,0 @@

package.json

		{
		"name": "@sitewaerts/superlogin",
		"version": "2.0.9",
		"version": "2.0.10",
		"description": "Powerful authentication for APIs and single page apps using the CouchDB ecosystem which supports a variety of providers.",
		@@ -30,9 +30,2 @@ "main": "./lib/index.js",
		"author": "Colin Skow",
		"contributors": [
		{
		"name": "Bjorn Stromberg",
		"email": "bjorn@bjornstar.com",
		"url": "http://bjornstar.com/about"
		}
		],
		"license": "MIT",
		@@ -44,4 +37,3 @@ "bugs": {
		"dependencies": {
		"@sensu/couch-pwd": "^1.0.0",
		"bluebird": "^3.5.1",
		"bluebird": "^3.3.4",
		"ejs": "^2.3.1",
		@@ -48,0 +40,0 @@ "express": "^4.16.2",

README.md

		@@ -193,2 +193,15 @@ # @sensu/superlogin [![Build Status](https://travis-ci.org/sen-su/superlogin.png?branch=master)](https://travis-ci.org/sen-su/superlogin)

		Example design doc:
		``` js
		module.exports = {
		validator: {
		validate_doc_update: function (newDoc, oldDoc, userCtx) {
		if (!newDoc.name) {
		throw({forbidden: 'doc.name is required'});
		}
		}.toString()
		}
		};
		```

		If you are using Cloudant authentication, the prefixed `user_id` is inserted as the first item on the `permissions` array, which will also appear inside `roles` in your `userCtx` object. You will also find all the `roles` from your user doc here.
		@@ -369,3 +382,2 @@
		- `refresh`: (`newSession`)
		- `signup`: (`userDoc`, `provider`)
		- `password-reset`: (`userDoc`)
		@@ -372,0 +384,0 @@ - `password-change`: (`userDoc`)

.idea/workspace.xml

Sorry, the diff of this file is not supported yet

Fixed alerts

Improved metrics

Dependency changes