asap-cli - npm Package Compare versions

Comparing version 0.3.1 to 0.3.2

lib/asap-config.js

@@ -68,2 +68,5 @@ var _ = require('lodash');
         var validateArray = function (value) { return _.isArray(value) && _.filter(value).length > 0; };
+        var validateClaims = function (claims) {
+            return _.isPlainObject(claims) && _.every(_.values(claims), validateString);
+        };
 
@@ -73,2 +76,3 @@ var validators = [
             _.partial(function (value) { return !value || validateString(value); }, config.sub),
+            _.partial(function (value) { return !value || validateClaims(value); }, config.additionalClaims),
             _.partial(validateString, config.issuer),
@@ -75,0 +79,0 @@ _.partial(validateString, config.kid),

lib/jwt-utils.js

 var jwtAuthentication = require('jwt-authentication');
+var _ = require('lodash');
 var q = require('q');
@@ -15,3 +16,4 @@
 function parseClaims(options) {
-    return {iss: options.issuer, sub: options.sub || options.issuer, aud: options.audience};
+    var claims = {iss: options.issuer, sub: options.sub || options.issuer, aud: options.audience};
+    return _.assign(claims, options.additionalClaims || {});
 }
@@ -18,0 +20,0 @@

package.json

 {
   "name": "asap-cli",
-  "version": "0.3.1",
+  "version": "0.3.2",
   "description": "A command line utility for generating ASAP (JWT tokens as per the Atlassian Service Authentication Protocol) token and making curl calls with the same.",
@@ -40,7 +40,7 @@ "license": "MIT",
   "devDependencies": {
-    "eslint": "^2.10.2",
+    "eslint": "^3.4.0",
     "jasmine": "^2.3.1",
     "jasmine-console-reporter": "^1.2.7",
     "jasmine-core": "^2.3.4",
-    "jasmine-promise-tools": "1.0.0",
+    "jasmine-promise-tools": "^1.0.0",
     "jasmine-reporters": "^2.2.0",
@@ -47,0 +47,0 @@ "proxyquire": "^1.7.4",

README.md

@@ -10,3 +10,3 @@ # ASAP Cli
 
-* http://s2sauth.bitbucket.org/
+* https://s2sauth.bitbucket.io/
 * https://tools.ietf.org/html/rfc7519
@@ -84,3 +84,6 @@
 ```
+### additional claims
 
+Any extra JWT claims you can be put under `additionalClaims` key of .asap-config.
+
 ### curl
@@ -87,0 +90,0 @@

test/helpers/jasmine-promise-tools.helper.js

@@ -1,35 +0,6 @@
-function ensureIsPromise(p) {
-    if (!p || !p.then) {
-        throw new Error('You must return a Promise');
-    }
-}
+'use strict';
 
-function handleError(done, err) {
-    done.fail('The promise rejected! ' + err);
-}
+const jasminePromiseTools = require('jasmine-promise-tools');
 
-function willResolve(fn) {
-    return function waitForResolvedPromise(done) {
-        var p = fn();
-        ensureIsPromise(p);
-        p.then(done, function(err) {
-            handleError(done, err);
-        });
-    };
-}
-
-function expectToReject(promise) {
-    return promise
-        .then(
-            function () {
-                fail('Expected promise to reject!');
-            },
-            function (err) {
-                // resolve this promise so callers can chain with .then() and inspect the value
-                return err;
-            }
-        );
-}
-
-global.willResolve = willResolve;
-global.expectToReject = expectToReject;
+global.willResolve = jasminePromiseTools.willResolve;
+global.expectToReject = jasminePromiseTools.expectToReject;

test/unit/asap-config.spec.js

@@ -245,2 +245,60 @@ var requireWithMocks = require('proxyquire').noCallThru().noPreserveCache();
 
+        it('passes when additional claims are present', willResolve(function () {
+            var config = {
+                issuer: 'Issuer',
+                audience: 'aud',
+                kid: 'kid',
+                privateKey: 'privateKey',
+                additionalClaims: {
+                    accountId: 'id',
+                    ownerId: 'id'
+                }
+            };
+
+            return asapConfig.validate(config);
+        }));
+
+        var invalidAdditionalClaims = [{
+            issuer: 'Issuer',
+            audience: 'aud',
+            kid: 'kid',
+            privateKey: 'privateKey',
+            additionalClaims: ['accountId', 'ownerId']
+        }, {
+            issuer: 'Issuer',
+            audience: 'aud',
+            kid: 'kid',
+            privateKey: 'privateKey',
+            additionalClaims: {
+                account: {
+                    id: 'id'
+                }
+            }
+        }, {
+            issuer: 'Issuer',
+            audience: 'aud',
+            kid: 'kid',
+            privateKey: 'privateKey',
+            additionalClaims: {
+                accountId: ['id']
+            }
+        }, {
+            issuer: 'Issuer',
+            audience: 'aud',
+            kid: 'kid',
+            privateKey: 'privateKey',
+            additionalClaims: {
+                accountId: null
+            }
+        }];
+
+        invalidAdditionalClaims.forEach(function (config) {
+            it('rejects when additional claims are invalid', willResolve(function () {
+                return expectToReject(asapConfig.validate(config))
+                    .then(function (err) {
+                        expect(err).toBeTruthy();
+                    });
+            }));
+        });
+
         it('rejects promise when kid is missing', willResolve(function () {
@@ -247,0 +305,0 @@ var config = {

New alerts

New author

Supply chain risk

A new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.

Found 1 instance in 1 package

Improved metrics

Lines of code

924

increased by3.7%

Number of lines in readme file

205

increased by1.49%

Worsened metrics

Total package byte prevSize

50618

decreased by-3.77%

Number of package files

19

decreased by-9.52%

Number of medium supply chain risk alerts

3

increased by50%

No dependency changes