Research
Security News
Malicious npm Package Typosquats react-login-page to Deploy Keylogger
Socket researchers unpack a typosquatting package with malicious code that logs keystrokes and exfiltrates sensitive data to a remote server.
node-sp-auth
Advanced tools
Readme
node-sp-auth
allows you to perform SharePoint unattended (without user interaction) http authentication with nodejs using different authentication techniques. node-sp-auth
also takes care about caching authentication data for performance (no need for you to think about how long authentication will be available, that's a task for node-sp-auth
, as soon as authentication will be expired, node-sp-auth
will renew it internally).
Versions supported:
Authentication options:
Wiki contains detailed steps you need to perform in order to use any of authentication options as well as sample using.
npm install node-sp-auth --save-dev
import * as spauth from 'node-sp-auth';
import * as request from 'request-promise';
//get auth options
spauth.getAuth(url, credentialOptions)
.then(options => {
//perform request with any http-enabled library (request-promise in a sample below):
let headers = options.headers;
headers['Accept'] = 'application/json;odata=verbose';
request.get({
url: 'https://[your tenant].sharepoint.com/sites/dev/_api/web',
headers: headers
}).then(response => {
//process data
});
});
Promise resolving into object with following properties:
headers
- http headers (normally contain Authorization
header, may contain any other heraders as well)options
- any additional options you may need to include for succesful request. For example, in case of on premise user credentials authentication, you need to set agent
property on corresponding http clienturl
- required, string, url to SharePoint site, https://sp2013/sites/dev/
or https:/[your tenant].sharepoint.com/sites/dev/
credentialOptions
- optional, object in a form of key-value. Each authentication option requires predefined credential object, depending on authentication type. Based on credentials provided, node-sp-auth
automatically determines which authentication strategy to use (strategies listed in the top of the readme file).Possible values for credentialOptions
(depending on authentication strategy):
SharePoint on premise (2013, 2016):
clientId
, issuerId
, realm
, rsaPrivateKeyPath
, shaThumbprint
username
, password
, domain
, workstation
username
, password
, fba
= trueusername
, password
, tmg
= trueSharePoint Online:
clientId
, clientSecret
username
, password
ADFS user credentials:
username
, password
, relyingParty
, adfsUrl
, adfsCookie
On demand authentication
ondemand
= true, electron
, force
, persist
, ttl
no authentication - do not provide any authentication data at all, like spauth.getAuth(url).then(...)
. In that case node-sp-auth
will ask you for the site url and credentials. You will have to select any of the credential options listed above. Credentials will be stored in a user folder in an encrypted manner.
Credits: Andrew Koltyakov @koltyakov and his awesome node-sp-auth-config
Please, use Wiki to see how you can configure your environment in order to use any of this authentication options.
configuration
- object accepting some configuration values for node-sp-auth. Currently it supports only configuration of underline request
module via providing below code (for options available consider request repository):spauth.setup({
requestOptions: {... request options object}
});
I recommend using VS Code for development. Repository already contains some settings for VS Code editor.
Before creating Pull Request you need to create an appropriate issue and reference it from PR.
git clone https://github.com/s-KaiNet/node-sp-auth.git
npm run build
- runs linting and typescript compilationnpm run dev
- setup watchers and automatically runs typescript compilation, tslint and tests when you save files/test/integration/config.sample.ts
to config.ts
.config.ts
with appropriate values (urls, credentials).npm run test:integration
.FAQs
Unknown package
We found that node-sp-auth demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers unpack a typosquatting package with malicious code that logs keystrokes and exfiltrates sensitive data to a remote server.
Security News
The JavaScript community has launched the e18e initiative to improve ecosystem performance by cleaning up dependency trees, speeding up critical parts of the ecosystem, and documenting lighter alternatives to established tools.
Product
Socket now supports four distinct alert actions instead of the previous two, and alert triaging allows users to override the actions taken for all individual alerts.