@guardian/pan-domain-node 1.1.0 → 1.2.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (9) hide show
  1. package/.github/workflows/check-labels.yaml +9 -0
  2. package/.github/workflows/node-release.yml +5 -1
  3. package/CHANGELOG.md +18 -0
  4. package/dist/src/panda.d.ts +1 -1
  5. package/dist/src/panda.js +1 -1
  6. package/dist/test/panda.test.js +11 -0
  7. package/package.json +2 -2
  8. package/src/panda.ts +2 -2
  9. package/test/panda.test.ts +14 -0
package/.github/workflows/check-labels.yaml ADDED
@@ -0,0 +1,9 @@
1
+ name: CORE4 label enforcement
2
+ permissions:
3
+ contents: read
4
+ on:
5
+ pull_request:
6
+ types: [opened, labeled, unlabeled, synchronize, reopened, edited]
7
+ jobs:
8
+ require-label:
9
+ uses: guardian/.github/.github/workflows/require-label.yaml@4cb5024736632ffcc564b7f4b772c38b8e5ce739 # v2.0.0
package/.github/workflows/node-release.yml CHANGED
@@ -22,6 +22,11 @@ jobs:
22
22
  cache: npm
23
23
  cache-dependency-path: "package-lock.json"
24
24
 
25
+ # See https://docs.npmjs.com/trusted-publishers
26
+ # Find the latest version with `npm info npm@latest version`
27
+ - name: Install suitable NPM version for trusted publishing
28
+ run: npm install -g npm@11.10.1
29
+
25
30
  - name: Install
26
31
  run: npm ci
27
32
 
@@ -54,4 +59,3 @@ jobs:
54
59
 
55
60
  env:
56
61
  GITHUB_TOKEN: ${{ steps.app-token.outputs.token }}
57
- NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
package/CHANGELOG.md CHANGED
@@ -1,5 +1,23 @@
1
1
  # @guardian/pan-domain-node
2
2
 
3
+ ## 1.2.2
4
+
5
+ ### Patch Changes
6
+
7
+ - 567436a: no-op release to test migration to NPM trusted publishing #2
8
+
9
+ ## 1.2.1
10
+
11
+ ### Patch Changes
12
+
13
+ - 502bbd5: no-op release to test migration to NPM trusted publishing
14
+
15
+ ## 1.2.0
16
+
17
+ ### Minor Changes
18
+
19
+ - 5c14027: Fix app crash with no cookie value
20
+
3
21
  ## 1.1.0
4
22
 
5
23
  ### Minor Changes
package/dist/src/panda.d.ts CHANGED
@@ -17,5 +17,5 @@ export declare class PanDomainAuthentication {
17
17
  constructor(cookieName: string, region: string, bucket: string, keyFile: string, validateUser: ValidateUserFn, credentialsProvider?: AwsCredentialIdentityProvider);
18
18
  stop(): void;
19
19
  getPublicKey(): Promise<string>;
20
- verify(requestCookies: string): Promise<AuthenticationResult>;
20
+ verify(requestCookies: string | undefined): Promise<AuthenticationResult>;
21
21
  }
package/dist/src/panda.js CHANGED
@@ -157,7 +157,7 @@ class PanDomainAuthentication {
157
157
  }
158
158
  verify(requestCookies) {
159
159
  return this.getPublicKey().then(publicKey => {
160
- const cookies = cookie.parse(requestCookies);
160
+ const cookies = cookie.parse(requestCookies !== null && requestCookies !== void 0 ? requestCookies : '');
161
161
  const pandaCookie = cookies[this.cookieName];
162
162
  return verifyUser(pandaCookie, publicKey, new Date(), this.validateUser);
163
163
  });
package/dist/test/panda.test.js CHANGED
@@ -283,5 +283,16 @@ describe('panda class', function () {
283
283
  };
284
284
  expect(authenticationResult).toStrictEqual(expected);
285
285
  }));
286
+ it('should fail to authenticate with no-cookie reason if no cookie is present at all', () => __awaiter(this, void 0, void 0, function* () {
287
+ jest.setSystemTime(100);
288
+ const panda = new panda_1.PanDomainAuthentication('rightcookiename', 'region', 'bucket', 'keyfile', api_1.guardianValidation);
289
+ const noCookie = undefined;
290
+ const authenticationResult = yield panda.verify(noCookie);
291
+ const expected = {
292
+ success: false,
293
+ reason: "no-cookie"
294
+ };
295
+ expect(authenticationResult).toStrictEqual(expected);
296
+ }));
286
297
  });
287
298
  });
package/package.json CHANGED
@@ -1,12 +1,12 @@
1
1
  {
2
2
  "name": "@guardian/pan-domain-node",
3
- "version": "1.1.0",
3
+ "version": "1.2.2",
4
4
  "description": "NodeJs implementation of Guardian pan-domain auth verification",
5
5
  "main": "dist/src/api.js",
6
6
  "types": "dist/src/api.d.ts",
7
7
  "repository": {
8
8
  "type": "git",
9
- "url": "https://github.com/guardian/pan-domain-authentication.git"
9
+ "url": "git+https://github.com/guardian/pan-domain-node.git"
10
10
  },
11
11
  "keywords": [
12
12
  "auth",
package/src/panda.ts CHANGED
@@ -146,9 +146,9 @@ export class PanDomainAuthentication {
146
146
  });
147
147
  }
148
148
 
149
- verify(requestCookies: string): Promise<AuthenticationResult> {
149
+ verify(requestCookies: string | undefined): Promise<AuthenticationResult> {
150
150
  return this.getPublicKey().then(publicKey => {
151
- const cookies = cookie.parse(requestCookies);
151
+ const cookies = cookie.parse(requestCookies ?? '');
152
152
  const pandaCookie = cookies[this.cookieName];
153
153
  return verifyUser(pandaCookie, publicKey, new Date(), this.validateUser);
154
154
  });
package/test/panda.test.ts CHANGED
@@ -349,6 +349,20 @@ describe('panda class', function () {
349
349
  };
350
350
  expect(authenticationResult).toStrictEqual(expected);
351
351
  });
352
+
353
+ it('should fail to authenticate with no-cookie reason if no cookie is present at all', async () => {
354
+ jest.setSystemTime(100);
355
+
356
+ const panda = new PanDomainAuthentication('rightcookiename', 'region', 'bucket', 'keyfile', guardianValidation);
357
+ const noCookie = undefined;
358
+ const authenticationResult = await panda.verify(noCookie);
359
+
360
+ const expected: CookieFailure = {
361
+ success: false,
362
+ reason: "no-cookie"
363
+ };
364
+ expect(authenticationResult).toStrictEqual(expected);
365
+ });
352
366
  });
353
367
 
354
368
  });