passport-curity - npm Package Compare versions

Comparing version 1.1.0 to 1.1.1

package.json

 {
   "name": "passport-curity",
-  "version": "1.1.0",
+  "version": "1.1.1",
   "description": "Curity authentication strategy for Passport.js",
@@ -27,8 +27,9 @@ "homepage": "https://github.com/curityio/passport-curity",
   "dependencies": {
-    "openid-client": "^3.14.2"
+    "openid-client": "^5.2.1"
   },
   "devDependencies": {
-    "ava": "^3.8.1",
+    "ava": "^5.0.1",
     "readable-mock-req": "^0.2.2",
-    "sinon": "^9.0.2"
+    "sinon": "^14.0.2",
+    "base64url": "^3.0.1"
   },
@@ -35,0 +36,0 @@ "ava": {

test/strategy.test.js

@@ -85,3 +85,17 @@ /*
 
-test.cb('Should fallback to calling userinfo when ID token not present and option set', t => {
+async function promisifyStrategyAndAuthenticate(client, t, req) {
+    return new Promise((resolve) => {
+        const strategy = new Strategy({ client, fallbackToUserInfoRequest: true }, (accessToken, refreshToken, profile, callback) => {
+            t.true(client.userinfo.called, "Client should call userinfo endpoint");
+            callback(null, profile);
+            resolve();
+        });
+
+        strategy.success = () => {};
+
+        strategy.authenticate(req);
+    })
+}
+
+test('Should fallback to calling userinfo when ID token not present and option set', async t => {
     const client = getClient();
@@ -91,9 +105,2 @@ sinon.stub(client, 'callback').callsFake(async () => {});
 
-    const strategy = new Strategy({ client, fallbackToUserInfoRequest: true }, (accessToken, refreshToken, profile, callback) => {
-        t.true(client.userinfo.called, "Client should call userinfo endpoint");
-        callback(null, profile);
-    });
-
-    strategy.success = () => { t.end(null) };
-
     const req = new MockRequest('GET', '/callback?code=somecode');
@@ -106,3 +113,3 @@ req.session = {
 
-    strategy.authenticate(req);
+    await promisifyStrategyAndAuthenticate(client, t, req)
 });

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

New author

Supply chain risk

A new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

30914

increased by0.77%

Lines of code

202

increased by3.06%

Number of medium supply chain risk alerts

0

decreased by-100%

Worsened metrics

Dev dependency count

4

increased by33.33%

Dependency changes

• + Addedjose@4.15.9(transitive)

• + Addedopenid-client@5.7.0(transitive)

• - Removed@panva/asn1.js@1.0.0(transitive)

• - Removed@sindresorhus/is@0.14.0(transitive)

• - Removed@szmarczak/http-timer@1.1.2(transitive)

• - Removed@types/got@9.6.12(transitive)

• - Removed@types/node@22.9.0(transitive)

• - Removed@types/tough-cookie@4.0.5(transitive)

• - Removedaggregate-error@3.1.0(transitive)

• - Removedasynckit@0.4.0(transitive)

• - Removedbase64url@3.0.1(transitive)

• - Removedcacheable-request@6.1.0(transitive)

• - Removedclean-stack@2.2.0(transitive)

• - Removedclone-response@1.0.3(transitive)

• - Removedcombined-stream@1.0.8(transitive)

• - Removeddecompress-response@3.3.0(transitive)

• - Removeddefer-to-connect@1.1.3(transitive)

• - Removeddelayed-stream@1.0.0(transitive)

• - Removedduplexer3@0.1.5(transitive)

• - Removedend-of-stream@1.4.4(transitive)

• - Removedform-data@2.5.2(transitive)

• - Removedget-stream@4.1.05.2.0(transitive)

• - Removedgot@9.6.0(transitive)

• - Removedhttp-cache-semantics@4.1.1(transitive)

• - Removedindent-string@4.0.0(transitive)

• - Removedjose@1.28.2(transitive)

• - Removedjson-buffer@3.0.0(transitive)

• - Removedkeyv@3.1.0(transitive)

• - Removedlowercase-keys@1.0.12.0.0(transitive)

• - Removedmake-error@1.3.6(transitive)

• - Removedmime-db@1.52.0(transitive)

• - Removedmime-types@2.1.35(transitive)

• - Removedmimic-response@1.0.1(transitive)

• - Removednormalize-url@4.5.1(transitive)

• - Removedonce@1.4.0(transitive)

• - Removedopenid-client@3.15.10(transitive)

• - Removedp-any@3.0.0(transitive)

• - Removedp-cancelable@1.1.02.1.1(transitive)

• - Removedp-some@5.0.0(transitive)

• - Removedprepend-http@2.0.0(transitive)

• - Removedpump@3.0.2(transitive)

• - Removedresponselike@1.0.2(transitive)

• - Removedsafe-buffer@5.2.1(transitive)

• - Removedto-readable-stream@1.0.0(transitive)

• - Removedundici-types@6.19.8(transitive)

• - Removedurl-parse-lax@3.0.0(transitive)

• - Removedwrappy@1.0.2(transitive)

• Updatedopenid-client@^5.2.1