		/jslint node:true /

		// get the authentication/sessionManager library and the authorization library
		var cansec = require('./sessionManager'), auth = require('./authorization');
		var cansec = require('./sessionManager'), auth = require('./authorization'), declarative = require('./declarative');

		@@ -13,2 +13,3 @@ module.exports = {
		// merge the two into ret object
		// authentication methods
		for (i in authentication) {
		@@ -19,2 +20,3 @@ if (authentication.hasOwnProperty(i)) {
		}
		// authorization methods
		for (i in authorization) {
		@@ -25,2 +27,4 @@ if (authorization.hasOwnProperty(i)) {
		}
		// declarative authorization
		that.authorizer = ret.authorizer = declarative;
		that.getAuthMethod = ret.getAuthMethod;
		@@ -27,0 +31,0 @@ that.getUser = ret.getUser;

lib/sessionManager.js

		/global module, require, Buffer /

		var tokenlib = require('./token'), session, getUser, that, sessionManager, validatePass, getAuthCredentials,
		errors = require('./errors');
		errors = require('./errors'), validate;

		@@ -94,3 +94,14 @@ var AUTHCOOKIE = "authtoken", USERCOOKIE = "userInfo", AUTHHEADER = "X-CS-Auth", AUTHMETHODHEADER = AUTHHEADER+".method", AUTHSESSION = AUTHHEADER,
		if (creds) {
		if (validatePass && typeof(validatePass) === "function") {
		if (validate) {
		validate(creds.user,creds.password,function (success,user,message,pass) {
		if (success && user) {
		session({req: req, res: res, user: user, login: creds.user, password: pass, method:"credentials"});
		next();
		} else {
		// clear the session, pass the 401 bad credentials
		session({req: req, res: res, message: message});
		next(errors.unauthenticated(message));
		}
		});
		} else if (validatePass) {
		validatePass(creds.user,creds.password,function(user,message,pass) {
		@@ -120,3 +131,17 @@ if (user) {
		if (p && p.length >= 2) {
		if (getUser && typeof(getUser) === "function") {
		if (validate) {
		validate(p[1],undefined,function(success,user,login,pass) {
		if (success) {
		if (tokenlib.validate(auth,login,pass)) {
		session({req:req,res:res,user:user,login:login,password:pass, method:"token"});
		} else {
		session({req:req,res:res,message:"invalidtoken"});
		}
		next();
		} else {
		session({req:req,res:res,message:"invalidtoken"});
		next();
		}
		});
		} else if (getUser) {
		getUser(p[1],function(user,login,password){
		@@ -159,6 +184,11 @@ if (tokenlib.validate(auth,login,password)) {

		var fnOrNull = function(f) {
		return(f && typeof(f) === "function" ? f : null);
		};

		module.exports = {
		init: function(config) {
		getUser = config.getUser;
		validatePass = config.validatePassword;
		validate = fnOrNull(config.validate);
		getUser = fnOrNull(config.getUser);
		validatePass = fnOrNull(config.validatePassword);
		sessionExpiry = (config.expiry \|\| SESSIONEXPIRY)601000;
		@@ -165,0 +195,0 @@ tokenlib.init(config.sessionKey \|\| genRandomString(64));

package.json

		{
		"name": "cansecurity",
		"description": "cansecurity is your all-in-one security library for user authentication management and authorization in node (and specifically expressjs) apps.",
		"version": "0.4.8",
		"description": "cansecurity is your all-in-one security library for user authentication, authorization and management in node expressjs apps",
		"version": "0.5.0",
		"url": "http://github.com/deitch/cansecurity",
		@@ -10,6 +10,6 @@ "author": "Avi Deitcher <avi@deitcher.net>",
		"dependencies": {
		"lodash":">=1.3.1",
		"express":">=2.0.0"
		},
		"devDependencies": {
		"lodash":">=1.3.1",
		"express":"3.x",
		@@ -20,3 +20,5 @@ "async":"0.2.x",
		},
		"test":"./test/test.js",
		"scripts":{
		"test":"node_modules/.bin/mocha"
		},
		"repository": {
		@@ -23,0 +25,0 @@ "type" : "git",

README.md

		@@ -69,2 +69,24 @@ # cansecurity

		#### Changes to version 0.5.0
		These notes apply to anyone using cansecurity prior to v0.5.0. These changes may be breaking, so read carefully.

		##### express 3.x required
		Prior to version 0.5.0 (and preferably prior to 0.4.8), cansecurity worked with express 2.x and 3.x, although the full testing regimen worked properly only in express 2.x. Beginning with 0.5.0, only express 3.x will work.

		##### validatePassword and getUser consolidated into
		In versions of cansecurity prior to 0.5.0, there were two functions passed to `init()`:

		* `validatePassword()` was called when the user authenticated with credentials to be checked.
		* `getUser()` was called when the user was authenticated already using a token or session, and we just needed the user object.

		As of version 0.5.0, these are consolidated into a single `validate()` function. Please check the documentation below.

		Until version 1.0 of cansecurity, the legacy functions will continue to operate, if deprecated, under the following circumstances:

		IF `validate()` is `undefined`, AND (`validatePassword()` and `getUser()`) are present, THEN cansecurity will use the old API.

		IF `validate()` is defined, THEN (`validatePassword()` and `getUser()`) will be ignored, whether present or not.

		Beginning with cansecurity 1.0, the old API will not function at all.

		### Authentication
		@@ -166,9 +188,2 @@ cansecurity will manage your user authentication, including managing stateless sessions. It can use either native express sessions and or its own stateless sessions. cansecurity stateless sessions can keep a user logged in automatically across multiple nodejs instances, essentially creating free single-sign-on.

		##### Deprecation Note
		In old versions of cansecurity (prior to 0.5.0), the `validate()` function was separated into two functions: `validatePass()` and `getUser()`. Until version 1.0 of cansecurity, these will continue to function, if deprecated, under the following circumstances:

		IF `validate()` is `undefined`, AND `validatePass()` and `getUser()` are present, THEN cansecurity will use the old API.

		Beginning with cansecurity 1.0, the old API will not function.

		### Unauthenticated Errors
		@@ -175,0 +190,0 @@ cansecurity will never directly return errors. It will authenticate a user, or fail to do so, set request["X-CS-Auth"], and request.session["X-CS-Auth"] if sessions are enabled, and then call next() to jump to the next middleware.

119

test/resources/cs.js

		@@ -10,61 +10,70 @@ /jslint node:true, nomen:true /

		module.exports = cs.init({
		validate: function (login,pass,callback) {
		var found = null;
		// search for our user
		_.each(user,function(val,key){
		var ret = true;
		if (val.name === login) {
		found = val;
		ret = false;
		}
		return(ret);
		module.exports = {
		init: function () {
		return cs.init({
		validate: function (login,pass,callback) {
		var found = null;
		// search for our user
		_.each(user,function(val,key){
		var ret = true;
		if (val.name === login) {
		found = val;
		ret = false;
		}
		return(ret);
		});
		if (!found) {
		callback(false,null,"invaliduser");
		} else if (pass === undefined) {
		callback(true,found,found.name,found.pass);
		} else if (pass === found.pass) {
		callback(true,found,found.name,found.pass);
		} else {
		callback(false,null,"invalidpass");
		}
		},
		sessionKey: SESSIONKEY
		});
		if (!found) {
		callback(false,null,"invaliduser");
		} else if (pass === undefined) {
		callback(true,found,found.name,found.pass);
		} else if (pass === found.pass) {
		callback(true,found,found.name,found.pass);
		} else {
		callback(false,null,"invalidpass");
		}
		},
		getUser: function(login,success,failure){
		var found = null;
		// search for our user
		_.each(user,function(val,key){
		var ret = true;
		if (val.name === login) {
		found = val;
		ret = false;
		}
		return(ret);
		});
		if (found) {
		success(found,found.name,found.pass);
		} else {
		failure();
		}
		},
		validatePassword: function(login,pass,cb){
		var p = null, message = "invaliduser", resuser = null;
		// search for our user
		_.each(user,function(val,key) {
		var ret = true;
		if (val.name === login) {
		ret = false;
		if (val.pass === pass) {
		message = null;
		resuser = val;
		p = pass;
		initLegacy: function () {
		return cs.init({
		getUser: function(login,success,failure){
		var found = null;
		// search for our user
		_.each(user,function(val,key){
		var ret = true;
		if (val.name === login) {
		found = val;
		ret = false;
		}
		return(ret);
		});
		if (found) {
		success(found,found.name,found.pass);
		} else {
		message = "invalidpass";
		failure();
		}
		}
		return(ret);
		},
		validatePassword: function(login,pass,cb){
		var p = null, message = "invaliduser", resuser = null;
		// search for our user
		_.each(user,function(val,key) {
		var ret = true;
		if (val.name === login) {
		ret = false;
		if (val.pass === pass) {
		message = null;
		resuser = val;
		p = pass;
		} else {
		message = "invalidpass";
		}
		}
		return(ret);
		});
		cb(resuser,message,p);
		},
		sessionKey: SESSIONKEY
		});
		cb(resuser,message,p);
		},
		sessionKey: SESSIONKEY
		});
		}
		};

test/test-authorization.js

		/jslint node:true, nomen:true /
		/global before, it, describe /
		var express = require('express'), app = express(), request = require('supertest'), _ = require('lodash'),
		cansec = require('./resources/cs'), errorHandler = require('./resources/error'),
		cansec = require('./resources/cs').init(), errorHandler = require('./resources/error'),
		r, path, q, unauthenticated = {message:"unauthenticated"}, unauthorized = {message:"unauthorized"},
		@@ -6,0 +6,0 @@ send200 = function(req,res,next){

test/test-authtoken.js

		/jslint node:true /
		/global before,it,describe /
		var express = require('express'), app = express(), async = require('async'),
		cansec = require('./resources/cs'), tokenlib = require('../lib/token'), request = require('supertest'), r,
		cansec = require('./resources/cs').init(), tokenlib = require('../lib/token'), request = require('supertest'), r,
		authHeader = "X-CS-Auth".toLowerCase(), path = "/public";
		@@ -6,0 +6,0 @@

test/test-localsession.js

		/jslint node:true, nomen:true /
		/global before,it,describe /
		var express = require('express'), app = express(), cansec = require('./resources/cs'), request = require('supertest'),
		var express = require('express'), app = express(), cansec = require('./resources/cs').init(), request = require('supertest'),
		path = "/public", r, async = require('async'),
		@@ -5,0 +5,0 @@ authHeader = "X-CS-Auth".toLowerCase(), successRe = /^success=(([^:]):([^:]):([^:]*))$/, user = "john", pass = "1234";

test/test-userpass.js

		/jslint node:true /
		/global before,it,describe /
		var express = require('express'), app = express(), cansec = require('./resources/cs'), errorHandler = require('./resources/error'),
		var express = require('express'), app = express(), cansec = require('./resources/cs').init(), errorHandler = require('./resources/error'),
		request = require('supertest'), r,
		@@ -5,0 +5,0 @@ authHeader = "X-CS-Auth".toLowerCase(), path = "/public";

tesold/test-authorization.js

tesold/test-authtoken.js

tesold/test-localsession.js

tesold/test-userpass.js

tesold/test.js

tesold/whattotest.txt

cansecurity - npm Package Compare versions

New alerts

Fixed alerts

Improved metrics

Worsened metrics

Dependency changes