cansecurity
Advanced tools
Comparing version 3.1.0 to 3.2.0
/*jslint node:true, nomen:false, unused:vars */ | ||
const errors = require('./errors'), rparams = require('./param'), sender = require('./sender'), | ||
constants = require('./constants').get(), | ||
constants = require('./constants').get(), HttpStatus = require('http-status-codes'), | ||
csauth = constants.header.AUTH, | ||
@@ -10,6 +10,13 @@ fields = {}, params = {}; | ||
// then everything is fine :) | ||
let logged = true; | ||
let logged = true, | ||
unauthenticatedResponse = req.unauthenticatedResponse || {} | ||
unauthCode = unauthenticatedResponse.code || HttpStatus.UNAUTHORIZED; | ||
unauthLocation = unauthenticatedResponse.location || null; | ||
rparams(req); | ||
if (!req[csauth]) { | ||
sender(res,401,errors.unauthenticated()); | ||
if (unauthLocation != null) { | ||
res.header("location", unauthLocation); | ||
} | ||
sender(res,unauthCode,errors.unauthenticated()); | ||
logged = false; | ||
@@ -105,2 +112,8 @@ } | ||
indirect: { | ||
setUnauthenticatedCode: (unauthenticatedResponse) => { | ||
return (req, res, next) => { | ||
req.unauthenticatedResponse = unauthenticatedResponse; | ||
next() | ||
}; | ||
}, | ||
// valid if user is logged in *and* the logged-in user has at least one of the given roles | ||
@@ -107,0 +120,0 @@ restrictToRoles: (roles) => { |
{ | ||
"name": "cansecurity", | ||
"description": "cansecurity is your all-in-one security library for user authentication, authorization and management in node expressjs apps", | ||
"version": "3.1.0", | ||
"version": "3.2.0", | ||
"license": "MIT", | ||
@@ -20,2 +20,3 @@ "url": "http://github.com/deitch/cansecurity", | ||
"async": "^2.5.0", | ||
"http-status-codes": "^1.3.0", | ||
"jsonwebtoken": "^7.4.3", | ||
@@ -22,0 +23,0 @@ "lodash": "^4.17.4" |
@@ -22,2 +22,3 @@ # cansecurity | ||
app.get("/secure/loggedin",cansec.restrictToLoggedIn,send200); | ||
app.get("/secure/customloggedin",cansec.setUnauthenticatedCode({code:302,location:"/login"}),cansec.restrictToLoggedIn,send200); | ||
app.get("/secure/user/:user",cansec.restrictToSelf,send200); | ||
@@ -24,0 +25,0 @@ app.get("/secure/roles/admin",cansec.restrictToRoles("admin"),send200); |
@@ -15,2 +15,11 @@ /*jslint node:true, nomen:true, unused:vars */ | ||
alltests = function () { | ||
describe('Authorization', function(){ | ||
before(function(){ | ||
path = '/secure/customloggedin'; | ||
location = '/login'; | ||
}); | ||
it('should reject with custom HTTP code when not logged in',function (done) { | ||
r.get(path).set('Accept', 'text/plain').expect('location', location).expect(302,unauthenticated,done); | ||
}); | ||
}); | ||
describe('logged in path', function(){ | ||
@@ -313,2 +322,3 @@ before(function(){ | ||
app.get("/secure/loggedin",cansec.restrictToLoggedIn,send200); | ||
app.get("/secure/customloggedin",cansec.setUnauthenticatedCode({code:302,location:"/login"}),cansec.restrictToLoggedIn,send200); | ||
app.get("/secure/user/:user",cansec.restrictToSelf,send200); | ||
@@ -315,0 +325,0 @@ app.get("/secure/roles/admin",cansec.restrictToRoles("admin"),send200); |
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Network access
Supply chain riskThis module accesses the network.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
221222
2116
959
4
3
+ Addedhttp-status-codes@^1.3.0
+ Addedhttp-status-codes@1.4.0(transitive)