openid-client - npm Package Compare versions

Comparing version 3.15.3 to 3.15.4

CHANGELOG.md

@@ -5,2 +5,6 @@ # Change Log
 
+## [3.15.4](https://github.com/panva/node-openid-client/compare/v3.15.3...v3.15.4) (2020-06-26)
+
+
+
 ## [3.15.3](https://github.com/panva/node-openid-client/compare/v3.15.2...v3.15.3) (2020-06-15)
@@ -7,0 +11,0 @@

lib/client.js

@@ -13,10 +13,8 @@ /* eslint-disable max-classes-per-file */
 const base64url = require('base64url');
-const defaultsDeep = require('lodash/defaultsDeep');
-const defaults = require('lodash/defaults');
-const merge = require('lodash/merge');
-const isPlainObject = require('lodash/isPlainObject');
 const tokenHash = require('oidc-token-hash');
 
+const defaults = require('./helpers/defaults');
 const { assertSigningAlgValuesSupport, assertIssuerConfiguration } = require('./helpers/assert');
 const pick = require('./helpers/pick');
+const isPlainObject = require('./helpers/is_plain_object');
 const processResponse = require('./helpers/process_response');
@@ -36,2 +34,4 @@ const TokenSet = require('./token_set');
 
+const { deep: defaultsDeep } = defaults;
+
 function pickCb(input) {
@@ -1493,3 +1493,9 @@ return pick(input, ...CALLBACK_PROPERTIES);
    */
-  async requestObject(requestObject = {}, algorithms = {}) {
+  async requestObject(requestObject = {}, {
+    sign: signingAlgorithm = this.request_object_signing_alg || 'none',
+    encrypt: {
+      alg: eKeyManagement = this.request_object_encryption_alg,
+      enc: eContentEncryption = this.request_object_encryption_enc || 'A128CBC-HS256',
+    } = {},
+  } = {}) {
     if (!isPlainObject(requestObject)) {
@@ -1499,17 +1505,6 @@ throw new TypeError('requestObject must be a plain object');
 
-    defaults(algorithms, {
-      sign: this.request_object_signing_alg,
-      encrypt: {
-        alg: this.request_object_encryption_alg,
-        enc: this.request_object_encryption_enc || 'A128CBC-HS256',
-      },
-    }, {
-      sign: 'none',
-    });
-
     let signed;
     let key;
 
-    const alg = algorithms.sign;
-    const header = { alg, typ: 'JWT' };
+    const header = { alg: signingAlgorithm, typ: 'JWT' };
     const payload = JSON.stringify(defaults({}, requestObject, {
@@ -1524,3 +1519,3 @@ iss: this.client_id,
 
-    if (alg === 'none') {
+    if (signingAlgorithm === 'none') {
       signed = [
@@ -1532,3 +1527,3 @@ base64url.encode(JSON.stringify(header)),
     } else {
-      const symmetric = alg.startsWith('HS');
+      const symmetric = signingAlgorithm.startsWith('HS');
       if (symmetric) {
@@ -1540,7 +1535,7 @@ key = await this.joseSecret();
         if (!keystore) {
-          throw new TypeError(`no keystore present for client, cannot sign using alg ${alg}`);
+          throw new TypeError(`no keystore present for client, cannot sign using alg ${signingAlgorithm}`);
         }
-        key = keystore.get({ alg, use: 'sig' });
+        key = keystore.get({ alg: signingAlgorithm, use: 'sig' });
         if (!key) {
-          throw new TypeError(`no key to sign with found for alg ${alg}`);
+          throw new TypeError(`no key to sign with found for alg ${signingAlgorithm}`);
         }
@@ -1555,7 +1550,7 @@ }
 
-    if (!algorithms.encrypt.alg) {
+    if (!eKeyManagement) {
       return signed;
     }
 
-    const fields = { alg: algorithms.encrypt.alg, enc: algorithms.encrypt.enc, cty: 'JWT' };
+    const fields = { alg: eKeyManagement, enc: eContentEncryption, cty: 'JWT' };
 
@@ -1610,6 +1605,6 @@ if (fields.alg.match(/^(RSA|ECDH)/)) {
     let token = accessToken;
-    const opts = merge({
+    const opts = defaultsDeep({}, options, {
       verb: 'GET',
       via: 'header',
-    }, options);
+    });
 
@@ -1616,0 +1611,0 @@ if (token instanceof TokenSet) {

lib/errors.js

 /* eslint-disable camelcase */
 const { format } = require('util');
 
-const assign = require('lodash/assign');
 const makeError = require('make-error');
@@ -17,3 +16,3 @@
 
-  assign(
+  Object.assign(
     this,
@@ -49,3 +48,3 @@ { error },
     }
-    assign(this, rest);
+    Object.assign(this, rest);
     if (response) {
@@ -52,0 +51,0 @@ Object.defineProperty(this, 'response', {

lib/helpers/client.js

@@ -1,3 +0,1 @@
-const merge = require('lodash/merge');
-const omitBy = require('lodash/omitBy');
 const jose = require('jose');
@@ -10,2 +8,3 @@
 const instance = require('./weak_cache');
+const { deep: defaultsDeep } = require('./defaults');
 
@@ -130,3 +129,3 @@ const formUrlEncode = (value) => encodeURIComponent(value).replace(/%20/g, '+');
   const auth = await authFor.call(this, endpointAuthMethod, { clientAssertionPayload });
-  const requestOpts = merge(opts, auth, { form: true });
+  const requestOpts = defaultsDeep({ form: true }, auth, opts);
 
@@ -144,3 +143,7 @@ const mTLS = this[`${endpointAuthMethod}_endpoint_auth_method`].includes('tls_client_auth')
   if ('body' in requestOpts) {
-    requestOpts.body = omitBy(requestOpts.body, (arg) => arg === undefined);
+    for (const [key, value] of Object.entries(requestOpts.body)) { // eslint-disable-line no-restricted-syntax, max-len
+      if (typeof value === 'undefined') {
+        delete requestOpts.body[key];
+      }
+    }
   }
@@ -147,0 +150,0 @@

lib/helpers/request.js

 const Got = require('got');
-const defaultsDeep = require('lodash/defaultsDeep');
 
 const pkg = require('../../package.json');
 
+const { deep: defaultsDeep } = require('./defaults');
 const isAbsoluteUrl = require('./is_absolute_url');
@@ -13,3 +13,3 @@ const { HTTP_OPTIONS } = require('./consts');
 const setDefaults = (options) => {
-  DEFAULT_HTTP_OPTIONS = defaultsDeep(options, DEFAULT_HTTP_OPTIONS);
+  DEFAULT_HTTP_OPTIONS = defaultsDeep({}, options, DEFAULT_HTTP_OPTIONS);
   got = Got.extend(DEFAULT_HTTP_OPTIONS);
@@ -32,3 +32,3 @@ };
   if (optsFn) {
-    opts = optsFn.call(this, defaultsDeep(options, DEFAULT_HTTP_OPTIONS));
+    opts = optsFn.call(this, defaultsDeep({}, options, DEFAULT_HTTP_OPTIONS));
   } else {
@@ -35,0 +35,0 @@ opts = options;

lib/passport_strategy.js

@@ -6,4 +6,3 @@ /* eslint-disable no-underscore-dangle */
 
-const cloneDeep = require('lodash/cloneDeep');
-
+const cloneDeep = require('./helpers/deep_clone');
 const { RPError, OPError } = require('./errors');
@@ -10,0 +9,0 @@ const { BaseClient } = require('./client');

lib/token_set.js

 const base64url = require('base64url');
-const assign = require('lodash/assign');
 
@@ -12,3 +11,3 @@ const now = require('./helpers/unix_timestamp');
   constructor(values) {
-    assign(this, values);
+    Object.assign(this, values);
   }
@@ -15,0 +14,0 @@

package.json

 {
   "name": "openid-client",
-  "version": "3.15.3",
+  "version": "3.15.4",
   "description": "OpenID Connect Relying Party (RP, Client) implementation for Node.js runtime, supports passportjs",
@@ -48,3 +48,2 @@ "keywords": [
     "jose": "^1.27.1",
-    "lodash": "^4.17.15",
     "lru-cache": "^5.1.1",
@@ -51,0 +50,0 @@ "make-error": "^1.3.6",

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

163487

increased by0.59%

Dependency count

9

decreased by-10%

Number of package files

27

increased by12.5%

Lines of code

3175

increased by0.57%

Dependency changes

• - Removedlodash@^4.17.15

• - Removedlodash@4.17.21(transitive)