@budibase/backend-core 2.13.52 → 2.13.53

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (24) hide show
  1. package/dist/index.js +35 -0
  2. package/dist/index.js.map +3 -3
  3. package/dist/index.js.meta.json +1 -1
  4. package/dist/package.json +4 -4
  5. package/dist/src/index.d.ts +1 -0
  6. package/dist/src/index.js +2 -1
  7. package/dist/src/index.js.map +1 -1
  8. package/dist/src/security/auth.d.ts +8 -0
  9. package/dist/src/security/auth.js +22 -0
  10. package/dist/src/security/auth.js.map +1 -0
  11. package/dist/src/security/index.d.ts +1 -0
  12. package/dist/src/security/index.js +18 -0
  13. package/dist/src/security/index.js.map +1 -0
  14. package/dist/src/users/db.js +5 -0
  15. package/dist/src/users/db.js.map +1 -1
  16. package/dist/tests/core/utilities/structures/users.js +1 -1
  17. package/dist/tests/core/utilities/structures/users.js.map +1 -1
  18. package/package.json +4 -4
  19. package/src/index.ts +1 -0
  20. package/src/security/auth.ts +24 -0
  21. package/src/security/index.ts +1 -0
  22. package/src/security/tests/auth.spec.ts +45 -0
  23. package/src/users/db.ts +7 -0
  24. package/tests/core/utilities/structures/users.ts +1 -1
package/dist/index.js CHANGED
@@ -6571,6 +6571,7 @@ __export(src_exports, {
6571
6571
  queue: () => queue_exports,
6572
6572
  redis: () => redis_exports,
6573
6573
  roles: () => roles_exports,
6574
+ security: () => security_exports,
6574
6575
  sessions: () => sessions_exports,
6575
6576
  tenancy: () => tenancy,
6576
6577
  timers: () => timers_exports,
@@ -10510,6 +10511,35 @@ async function getSession(userId, sessionId) {
10510
10511
 
10511
10512
  // src/users/db.ts
10512
10513
  init_src();
10514
+
10515
+ // src/security/index.ts
10516
+ var security_exports = {};
10517
+ __export(security_exports, {
10518
+ PASSWORD_MAX_LENGTH: () => PASSWORD_MAX_LENGTH,
10519
+ PASSWORD_MIN_LENGTH: () => PASSWORD_MIN_LENGTH,
10520
+ validatePassword: () => validatePassword
10521
+ });
10522
+
10523
+ // src/security/auth.ts
10524
+ var PASSWORD_MIN_LENGTH = +(process.env.PASSWORD_MIN_LENGTH || 8);
10525
+ var PASSWORD_MAX_LENGTH = +(process.env.PASSWORD_MAX_LENGTH || 512);
10526
+ function validatePassword(password) {
10527
+ if (!password || password.length < PASSWORD_MIN_LENGTH) {
10528
+ return {
10529
+ valid: false,
10530
+ error: `Password invalid. Minimum ${PASSWORD_MIN_LENGTH} characters.`
10531
+ };
10532
+ }
10533
+ if (password.length > PASSWORD_MAX_LENGTH) {
10534
+ return {
10535
+ valid: false,
10536
+ error: `Password invalid. Maximum ${PASSWORD_MAX_LENGTH} characters.`
10537
+ };
10538
+ }
10539
+ return { valid: true };
10540
+ }
10541
+
10542
+ // src/users/db.ts
10513
10543
  var bulkDeleteProcessing = async (dbUser) => {
10514
10544
  const userId = dbUser._id;
10515
10545
  await users_exports2.removeUser(dbUser);
@@ -10551,6 +10581,10 @@ var UserDB = class _UserDB {
10551
10581
  if (await _UserDB.isPreventPasswordActions(user, account)) {
10552
10582
  throw new HTTPError("Password change is disabled for this user", 400);
10553
10583
  }
10584
+ const passwordValidation = validatePassword(password);
10585
+ if (!passwordValidation.valid) {
10586
+ throw new HTTPError(passwordValidation.error, 400);
10587
+ }
10554
10588
  hashedPassword = opts.hashPassword ? await hash(password) : password;
10555
10589
  } else if (dbUser) {
10556
10590
  hashedPassword = dbUser.password;
@@ -13787,6 +13821,7 @@ var init8 = (opts = {}) => {
13787
13821
  queue,
13788
13822
  redis,
13789
13823
  roles,
13824
+ security,
13790
13825
  sessions,
13791
13826
  tenancy,
13792
13827
  timers,