cansecurity
Advanced tools
Comparing version 3.1.0 to 3.2.0
| /*jslint node:true, nomen:false, unused:vars */ | ||
| const errors = require('./errors'), rparams = require('./param'), sender = require('./sender'), | ||
| constants = require('./constants').get(), | ||
| constants = require('./constants').get(), HttpStatus = require('http-status-codes'), | ||
| csauth = constants.header.AUTH, | ||
@@ -10,6 +10,13 @@ fields = {}, params = {}; | ||
| // then everything is fine :) | ||
| let logged = true; | ||
| let logged = true, | ||
| unauthenticatedResponse = req.unauthenticatedResponse || {} | ||
| unauthCode = unauthenticatedResponse.code || HttpStatus.UNAUTHORIZED; | ||
| unauthLocation = unauthenticatedResponse.location || null; | ||
| rparams(req); | ||
| if (!req[csauth]) { | ||
| sender(res,401,errors.unauthenticated()); | ||
| if (unauthLocation != null) { | ||
| res.header("location", unauthLocation); | ||
| } | ||
| sender(res,unauthCode,errors.unauthenticated()); | ||
| logged = false; | ||
@@ -105,2 +112,8 @@ } | ||
| indirect: { | ||
| setUnauthenticatedCode: (unauthenticatedResponse) => { | ||
| return (req, res, next) => { | ||
| req.unauthenticatedResponse = unauthenticatedResponse; | ||
| next() | ||
| }; | ||
| }, | ||
| // valid if user is logged in *and* the logged-in user has at least one of the given roles | ||
@@ -107,0 +120,0 @@ restrictToRoles: (roles) => { |
| { | ||
| "name": "cansecurity", | ||
| "description": "cansecurity is your all-in-one security library for user authentication, authorization and management in node expressjs apps", | ||
| "version": "3.1.0", | ||
| "version": "3.2.0", | ||
| "license": "MIT", | ||
@@ -20,2 +20,3 @@ "url": "http://github.com/deitch/cansecurity", | ||
| "async": "^2.5.0", | ||
| "http-status-codes": "^1.3.0", | ||
| "jsonwebtoken": "^7.4.3", | ||
@@ -22,0 +23,0 @@ "lodash": "^4.17.4" |
@@ -22,2 +22,3 @@ # cansecurity | ||
| app.get("/secure/loggedin",cansec.restrictToLoggedIn,send200); | ||
| app.get("/secure/customloggedin",cansec.setUnauthenticatedCode({code:302,location:"/login"}),cansec.restrictToLoggedIn,send200); | ||
| app.get("/secure/user/:user",cansec.restrictToSelf,send200); | ||
@@ -24,0 +25,0 @@ app.get("/secure/roles/admin",cansec.restrictToRoles("admin"),send200); |
@@ -15,2 +15,11 @@ /*jslint node:true, nomen:true, unused:vars */ | ||
| alltests = function () { | ||
| describe('Authorization', function(){ | ||
| before(function(){ | ||
| path = '/secure/customloggedin'; | ||
| location = '/login'; | ||
| }); | ||
| it('should reject with custom HTTP code when not logged in',function (done) { | ||
| r.get(path).set('Accept', 'text/plain').expect('location', location).expect(302,unauthenticated,done); | ||
| }); | ||
| }); | ||
| describe('logged in path', function(){ | ||
@@ -313,2 +322,3 @@ before(function(){ | ||
| app.get("/secure/loggedin",cansec.restrictToLoggedIn,send200); | ||
| app.get("/secure/customloggedin",cansec.setUnauthenticatedCode({code:302,location:"/login"}),cansec.restrictToLoggedIn,send200); | ||
| app.get("/secure/user/:user",cansec.restrictToSelf,send200); | ||
@@ -315,0 +325,0 @@ app.get("/secure/roles/admin",cansec.restrictToRoles("admin"),send200); |
New alerts
Network access
Supply chain riskThis module accesses the network.
Found 1 instance in 1 package
Improved metrics
- Total package byte prevSize
- increased by0.54%
221222
- Lines of code
- increased by1.05%
2116
- Number of lines in readme file
- increased by0.1%
959
Worsened metrics
- Dependency count
- increased by33.33%
4
- Number of medium supply chain risk alerts
- increased by50%
3
Dependency changes
+ Addedhttp-status-codes@^1.3.0
+ Addedhttp-status-codes@1.4.0(transitive)