passport-tequila - npm Package Compare versions

Comparing version 1.0.4 to 1.1.0

CHANGES.md

@@ -0,1 +1,4 @@
+# Version 1.1.0
+- Support for “Single-page app” (SPA) use-case, whence there is no session management at all, and no in-line (“middleware”) access control, done by passport-tequila at all
+
 # Version 1.0.4
@@ -2,0 +5,0 @@ - Fix tests not working on all OS

lib/passport-tequila/index.js

@@ -12,2 +12,3 @@ /**
 tequila.Strategy = require("./strategy.js");
+tequila.ServerSideFlow = require("./server-side-flow.js");
 
@@ -14,0 +15,0 @@ /**

lib/passport-tequila/protocol.js

@@ -42,3 +42,3 @@ /**
  *
- * @param req The request object
+ * @param afterAuthRedirectUrl The location that Tequila should tell the browser to go back to, once authentication succeeds
  * @param res The response object
@@ -65,9 +65,9 @@ * @param done Called as done(e) upon error, done(null, tok) upon success.
 
-Protocol.prototype.createrequest = function(req, res, done) {
-    debug("createrequest: called for request to " + req.originalUrl);
+Protocol.prototype.createrequest = function(afterAuthRedirectUrl, done) {
+    debug("createrequest: called for request to " + afterAuthRedirectUrl);
 
     var teq_options = {
         client: "node-passport-tequila",
-        urlaccess: this.redirectUrl(req, req.originalUrl),
-        service: this.service || ("Document " + req.originalUrl),
+        urlaccess: afterAuthRedirectUrl,
+        service: this.service || ("Document " + afterAuthRedirectUrl),
         ca: this.ca,
@@ -89,18 +89,12 @@ mode_auth_check: "1"
 
-Protocol.prototype.requestauth = function(res, tequila_answers) {
-    var portFragment = "";
+Protocol.prototype.requestauthRedirectUrl = function(tequila_answers) {
+    let portFragment = "";
     if (this.tequila_port != 443) {
         portFragment = ":" + this.tequila_port;
     }
-    var redirectUrl = "https://" + this.tequila_host +
+    return "https://" + this.tequila_host +
           portFragment +
           this.tequila_requestauth_path + "?" +
           "requestkey=" + tequila_answers["key"];
-    if (res.redirect) {
-        res.redirect(redirectUrl);
-    } else {  // Plain connect, e.g. from Meteor
-        res.writeHead(307, { 'Location': redirectUrl });
-        res.end();
-    }
-};
+}
 
@@ -136,8 +130,2 @@ /**
 
-Protocol.prototype.logout = function (req, res, redirectUri) {
-    res.redirect("https://" + this.tequila_host +
-        this.tequila_logout_path + "?urlaccess=" +
-        this.redirectUrl(req, redirectUri));
-};
-
 Protocol.prototype._teqRequest = function(path, teq_options, done) {
@@ -177,17 +165,2 @@ var teq_post_payload = dict2txt(teq_options);
 
-Protocol.prototype.redirectUrl = function(req, url) {
-    var protocol = req.protocol || "http";
-    var hostport = req.headers['x-forwarded-host'] || req.headers['host'];
-    if (! hostport) {
-        var port;
-        if (req.app) {  // Express
-            port = req.app.settings.port;
-        } else {
-            port = protocol == "https" ? 443 : 80;
-        }
-        hostport = defaults.myhostname + ( port == 80 || port == 443 ? '' : ':' + port );
-    }
-    return protocol + '://' + hostport + url;
-}
-
 module.exports.defaults = defaults;
@@ -194,0 +167,0 @@

lib/passport-tequila/strategy.js

 /**
  * Passport-style API for Tequila.
+ *
+ * The Passport workflow is best suited for “monolithic” or “SSR” (for
+ * Server-Side Rendered) apps, wherein the authentication check is
+ * being done before serving sensitive resources such as dynamic Web
+ * pages. If what you want is a more “modern” frontend / backend split
+ * app, you should be using server-side-flow.js (as seen in
+ * examples/express-passport-spa/backend.js) instead of this module.
  */
@@ -57,5 +64,5 @@
                         } else if (opts.redirectAfterAuth) {
-                            res.redirect(self.protocol.redirectUrl(req, url.parse(req.originalUrl).pathname));
+                            res.redirect(guessRedirectUrl(req, url.parse(req.originalUrl).pathname));
                         } else if(req.query.key || req.query.auth_check){
-                            res.redirect(removeParam("auth_check", removeParam("key",self.protocol.redirectUrl(req, req.originalUrl))));
+                            res.redirect(removeParam("auth_check", removeParam("key",guessRedirectUrl(req, req.originalUrl))));
                         } else {
@@ -69,3 +76,4 @@ next();
             debug("Making first contact with Tequila");
-            protocol.createrequest(req, res, function (err, results) {
+            const redirectAfterTequilaUrl = guessRedirectUrl(req, req.originalUrl);
+            protocol.createrequest(redirectAfterTequilaUrl, function (err, results) {
                 if (err) {
@@ -75,3 +83,3 @@ next(err);
                     debug("Redirecting user to Tequila");
-                    protocol.requestauth(res, results);
+                     self.requestauth(res, results);
                 }
@@ -84,4 +92,7 @@ });
         return function (req, res) {
-            req.logout();
-            protocol.logout(req, res, redirectUrl);
+            req.logout(function(error) {
+              if (! error) {
+                self.logout(req, res, redirectUrl);
+              }
+            });
         };
@@ -91,2 +102,24 @@ };
 
+Strategy.prototype.logout = function (req, res, redirectUri) {
+    res.redirect("https://" + this.protocol.tequila_host +
+        this.protocol.tequila_logout_path + "?urlaccess=" +
+        guessRedirectUrl(req, redirectUri));
+};
+
+
+function guessRedirectUrl (req, url) {
+    var protocol = req.protocol || "http";
+    var hostport = req.headers['x-forwarded-host'] || req.headers['host'];
+    if (! hostport) {
+        var port;
+        if (req.app) {  // Express
+            port = req.app.settings.port;
+        } else {
+            port = protocol == "https" ? 443 : 80;
+        }
+        hostport = defaults.myhostname + ( port == 80 || port == 443 ? '' : ':' + port );
+    }
+    return protocol + '://' + hostport + url;
+}
+
 /**
@@ -126,2 +159,14 @@ * Convert a Tequila result dict into a Passport-style user structure
 
+Strategy.prototype.requestauth = function(res, tequila_answers) {
+    const redirectUrl = this.protocol.requestauthRedirectUrl(tequila_answers);
+    debug("Once done, Tequila will redirect to " + redirectUrl);
+    if (res.redirect) {
+        res.redirect(redirectUrl);
+    } else {  // Plain connect, e.g. from Meteor
+        res.writeHead(307, { 'Location': redirectUrl });
+        res.end();
+    }
+};
+
+
 /*
@@ -150,2 +195,2 @@ * Remove the specified key parameter from the sourceurl
     return cleanedURL;
-}
+}

package.json

 {
   "name": "passport-tequila",
-  "version": "1.0.4",
+  "version": "1.1.0",
   "private": false,
@@ -33,3 +33,3 @@ "scripts": {
     "morgan": "^1.9.1",
-    "pem": "^1.14.3",
+    "pem": "^1.14.8",
     "q": "^1.5.1",
@@ -36,0 +36,0 @@ "request": "^2.88.0",

test/tests/protocol.js

@@ -26,5 +26,4 @@ var assert = require('assert'),
         _.extend(protocol, server.getOptions());
-        var req = new fakes.Request("/");
 
-        Q.ninvoke(protocol, "createrequest", req, new fakes.Response())
+        Q.ninvoke(protocol, "createrequest", "/")
             .should.be.fulfilled.then(function(tequilaResult) {
@@ -31,0 +30,0 @@ assert(tequilaResult.key);

Fixed alerts

New author

Supply chain risk

A new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

53463

increased by36.63%

Number of package files

16

increased by6.67%

Lines of code

881

increased by7.57%

Number of medium supply chain risk alerts

2

decreased by-33.33%

No dependency changes