bedrock-authn-token - npm Package Compare versions

Comparing version 4.0.0 to 4.0.1

CHANGELOG.md

 # bedrock-authn-token ChangeLog
 
+## 4.0.1 - 2021-10-08
+
+### Fixed
+- Fix issue with salt mismatch when multiple tokens are generated.
+
 ## 4.0.0 - 2021-05-04
@@ -4,0 +9,0 @@

lib/index.js

@@ -150,5 +150,23 @@ /*
 
+    // check for existing salt and parse rounds
+    let lastTokenSalt;
+    let parsedRounds;
+    if(tokens.length > 0) {
+      lastTokenSalt = tokens[tokens.length - 1].salt;
+      parsedRounds = parseInt(lastTokenSalt.split('$')[2]);
+    }
+
+    // only generate new salt if rounds do not match (which
+    // also happens when there was no previous salt); reuse of
+    // the last salt enables other unexpired tokens to be used
+    // for authentication
+    let salt;
+    if(parsedRounds === cfg.bcrypt.rounds) {
+      salt = lastTokenSalt;
+    } else {
+      salt = await bcrypt.genSalt(cfg.bcrypt.rounds);
+    }
+
     // generate new token
     challenge = await generateNonce(typeOptions);
-    const salt = await bcrypt.genSalt(cfg.bcrypt.rounds);
     const hash = await bcrypt.hash(challenge, salt);
@@ -338,3 +356,3 @@ token.salt = salt;
     }
-    rValue = result[0];
+    rValue = result[result.length - 1];
   } else {
@@ -341,0 +359,0 @@ rValue = result;

package.json

 {
   "name": "bedrock-authn-token",
-  "version": "4.0.0",
+  "version": "4.0.1",
   "description": "Simple token-based authentication for Bedrock apps",
@@ -5,0 +5,0 @@ "main": "./lib",

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

74442

increased by0.91%

Lines of code

1950

increased by0.83%

No dependency changes