New Case Study:See how Anthropic automated 95% of dependency reviews with Socket.Learn More →
feathers-authentication
Advanced tools
feathers-authentication - npm Package Compare versions
Comparing version 0.7.8 to 0.7.9
@@ -23,3 +23,16 @@ 'use strict'; | ||
| var password = hook.data[options.passwordField]; | ||
| var password = void 0; | ||
| if (Array.isArray(hook.data)) { | ||
| // make sure we actually have password fields | ||
| var dataToCheck = [].concat(hook.data); | ||
| dataToCheck.filter(function (item) { | ||
| return item.hasOwnProperty(options.passwordField); | ||
| }); | ||
| if (dataToCheck.length > 0) { | ||
| // set it to the array so we can iterate later on it | ||
| password = hook.data; | ||
| } | ||
| } else { | ||
| password = hook.data[options.passwordField]; | ||
| } | ||
@@ -35,3 +48,3 @@ if (password === undefined) { | ||
| return new Promise(function (resolve, reject) { | ||
| crypto.genSalt(10, function (error, salt) { | ||
| var hash = function hash(item, password, salt) { | ||
| crypto.hash(password, salt, function (error, hash) { | ||
@@ -41,6 +54,17 @@ if (error) { | ||
| } | ||
| hook.data[options.passwordField] = hash; | ||
| item[options.passwordField] = hash; | ||
| resolve(hook); | ||
| }); | ||
| }; | ||
| crypto.genSalt(10, function (error, salt) { | ||
| if (Array.isArray(password)) { | ||
| password.map(function (item) { | ||
| if (!item.hasOwnProperty(options.passwordField)) { | ||
| return false; | ||
| } | ||
| hash(item, item[options.passwordField], salt); | ||
| }); | ||
| } else { | ||
| hash(hook.data, password, salt); | ||
| } | ||
| }); | ||
@@ -47,0 +71,0 @@ }); |
@@ -75,3 +75,3 @@ 'use strict'; | ||
| httpOnly: false, | ||
| secure: process.env.NODE_ENV === 'production' ? true : false | ||
| secure: process.env.NODE_ENV === 'production' | ||
| } | ||
@@ -102,2 +102,6 @@ }; | ||
| if (config.cookie) { | ||
| config.cookie = Object.assign({}, defaults.cookie, config.cookie); | ||
| } | ||
| // Merge and flatten options | ||
@@ -104,0 +108,0 @@ var authOptions = Object.assign({}, defaults, app.get('auth'), config); |
@@ -103,21 +103,24 @@ 'use strict'; | ||
| // Only send back cookies when not in production or when in production and using HTTPS | ||
| if (!req.secure && process.env.NODE_ENV === 'production') { | ||
| console.error('You should be using HTTPS in production! Refusing to send JWT in a cookie'); | ||
| } else { | ||
| var cookieOptions = Object.assign({}, options.cookie, { path: options.successRedirect }); | ||
| // Check HTTPS and cookie status in production | ||
| if (!req.secure && process.env.NODE_ENV === 'production' && options.cookie.secure) { | ||
| console.warn('WARN: Request isn\'t served through HTTPS: JWT in the cookie is exposed.'); | ||
| console.info('If you are behind a proxy (e.g. NGINX) you can:'); | ||
| console.info('- trust it: http://expressjs.com/en/guide/behind-proxies.html'); | ||
| console.info('- set cookie.secure false'); | ||
| } | ||
| // If a custom expiry wasn't passed then set the expiration to be 30 seconds from now. | ||
| if (cookieOptions.expires === undefined) { | ||
| var expiry = new Date(); | ||
| expiry.setTime(expiry.getTime() + THIRTY_SECONDS); | ||
| cookieOptions.expires = expiry; | ||
| } | ||
| var cookieOptions = Object.assign({}, options.cookie, { path: options.successRedirect }); | ||
| if (!(cookieOptions.expires instanceof Date)) { | ||
| throw new Error('cookie.expires must be a valid Date object'); | ||
| } | ||
| // If a custom expiry wasn't passed then set the expiration to be 30 seconds from now. | ||
| if (cookieOptions.expires === undefined) { | ||
| var expiry = new Date(); | ||
| expiry.setTime(expiry.getTime() + THIRTY_SECONDS); | ||
| cookieOptions.expires = expiry; | ||
| } | ||
| res.cookie(options.cookie.name, res.data.token, cookieOptions); | ||
| if (!(cookieOptions.expires instanceof Date)) { | ||
| throw new Error('cookie.expires must be a valid Date object'); | ||
| } | ||
| res.cookie(options.cookie.name, res.data.token, cookieOptions); | ||
| } | ||
@@ -124,0 +127,0 @@ |
| { | ||
| "name": "feathers-authentication", | ||
| "description": "Add Authentication to your FeathersJS app.", | ||
| "version": "0.7.8", | ||
| "version": "0.7.9", | ||
| "homepage": "https://github.com/feathersjs/feathers-authentication", | ||
@@ -6,0 +6,0 @@ "main": "lib/", |
@@ -101,90 +101,6 @@ # feathers-authentication | ||
| ## Changelog | ||
| ### 0.7.0 | ||
| - Lock down cookie [#132](https://github.com/feathersjs/feathers-authentication/issues/132) | ||
| - can now use default redirect routes with a custom handler [#121](https://github.com/feathersjs/feathers-authentication/issues/121) | ||
| - Add middleware tests for successfulLogin | ||
| - Add middleware tests for failedLogin | ||
| - Prevent emitting auth service events [#126](https://github.com/feathersjs/feathers-authentication/issues/126) | ||
| - Add tests to make sure auth service events are not fired | ||
| - `restrictToOwner` now throws an error [#128](https://github.com/feathersjs/feathers-authentication/issues/128) | ||
| - `restrictToRoles` now throws an error [#127](https://github.com/feathersjs/feathers-authentication/issues/127) | ||
| - user profile should be updated when using OAuth2 [#124](https://github.com/feathersjs/feathers-authentication/issues/124) | ||
| - All hooks should support internal usage passthrough [#138](https://github.com/feathersjs/feathers-authentication/issues/138) | ||
| - Clear cookie on logout [#122](https://github.com/feathersjs/feathers-authentication/issues/122) | ||
| - de-auth socket on logout [#136](https://github.com/feathersjs/feathers-authentication/issues/136) | ||
| - Move to bcryptjs instead of native brcrypt | ||
| - Removes ability to authenticate with the cookie that is used to transmit the JWT to the client | ||
| - Adds a TON of test coverage | ||
| ### 0.6.0 | ||
| - Fixes for [#107](https://github.com/feathersjs/feathers-authentication/issues/107), [#103](https://github.com/feathersjs/feathers-authentication/issues/103), [#102](https://github.com/feathersjs/feathers-authentication/issues/102), [#105](https://github.com/feathersjs/feathers-authentication/issues/105), [#119](https://github.com/feathersjs/feathers-authentication/issues/105) | ||
| - Adds a bunch of tests ([#9](https://github.com/feathersjs/feathers-authentication/issues/9), [#59](https://github.com/feathersjs/feathers-authentication/issues/59)) | ||
| - All hooks now pull from auth config ([#93](https://github.com/feathersjs/feathers-authentication/issues/93)) | ||
| - Added ability to disable local and OAuth2 redirects independently ([#89](https://github.com/feathersjs/feathers-authentication/issues/89)) | ||
| - Removed `toLowerCase` hook. It already lives in [feathers-hooks](https://github.com/feathersjs/feathers-hooks/blob/master/src/bundled.js#L3) | ||
| - Renamed `requireAuth` hook to `restrictToAuthenticated` | ||
| - Renamed `queryWithUserId` hook to `queryWithCurrentUser` | ||
| - Renamed `setUserId` hook to `associateCurrentUser` | ||
| - Renamed `restrictToSelf` hook to `restrictToOwner` as it could be used on other resources other than users | ||
| - Added a `restrictToRoles` hook | ||
| ### 0.5.0 | ||
| - Removing `app.user` and `app.token` | ||
| - Removing dependency on `feathers-localstorage` | ||
| - Abstracting socket connect and disconnect events so developers don't need to do it and the interface is the same between REST and sockets. | ||
| - Adding more tests | ||
| - Cleaning up the example | ||
| ### 0.4.0 | ||
| - Customize the JWT payload ([#78](https://github.com/feathersjs/feathers-authentication/issues/78)) | ||
| - Using `feathers-localstorage` for storing user and token credentials. | ||
| - Adds support for using auth in NodeJS and React Native | ||
| - Fixes issue where user was not getting added to response on authentication for databases that use `_id` as their field name. | ||
| - adds better client side error handling | ||
| ### 0.3.1 | ||
| - Fix `toLowerCase` hook ([#74](https://github.com/feathersjs/feathers-authentication/issues/74)) | ||
| ### 0.2.2 | ||
| - Fix customization of the `tokenEndpoint` ([#57](https://github.com/feathersjs/feathers-authentication/issues/57)) | ||
| ### 0.2.1 | ||
| - fixing passing custom local options. ([#55](https://github.com/feathersjs/feathers-authentication/issues/55)) | ||
| ### 0.2.0 | ||
| - Migrating existing code to use services | ||
| - Standardizing on a hook spec | ||
| - Adds support for authenticating with socketio and primus ([#32](https://github.com/feathersjs/feathers-authentication/issues/32)) | ||
| - Only signs the JWT with user id ([#38](https://github.com/feathersjs/feathers-authentication/issues/38)) | ||
| - Locks down socket authentication ([#33](https://github.com/feathersjs/feathers-authentication/issues/33)) | ||
| - Continues the work @marshallswain did on handling expired tokens ([#25](https://github.com/feathersjs/feathers-authentication/issues/25)) | ||
| - Adds a bunch more tests. | ||
| - Adds support for OAuth2 ([#43](https://github.com/feathersjs/feathers-authentication/issues/43)) | ||
| - Adds a client side component for easy authentication with Feathers ([#44](https://github.com/feathersjs/feathers-authentication/issues/44)) | ||
| - Adds preliminary support for graceful fallback to cookies for JWT ([#45](https://github.com/feathersjs/feathers-authentication/issues/45)) | ||
| - Adds an example project showing all the different ways you can authenticate | ||
| ### 0.1.0 | ||
| - Adding local authentication | ||
| - Adding bundled hooks | ||
| ### 0.0.5 | ||
| - Initial release | ||
| ## License | ||
| Copyright (c) 2015 | ||
| Copyright (c) 2016 | ||
| Licensed under the [MIT license](LICENSE). |
No alert changes
Improved metrics
- Total package byte prevSize
- increased by25.69%
131122
- Number of package files
- increased by3.45%
30
- Lines of code
- increased by1.95%
1565
Worsened metrics
- Number of lines in readme file
- decreased by-44.21%
106
No dependency changes