adapt-authoring-auth-local 1.3.1 → 1.3.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. package/lib/LocalAuthModule.js +1 -1
  2. package/lib/PasswordUtils.js +2 -2
  3. package/package.json +1 -1
  4. package/tests/LocalAuthModule.spec.js +2 -7
  5. package/tests/PasswordUtils.spec.js +2 -9
package/lib/LocalAuthModule.js CHANGED
@@ -105,7 +105,7 @@ class LocalAuthModule extends AbstractAuthModule {
105
105
  * @param {Object} user The current user
106
106
  */
107
107
  async handleLockStatus (user) {
108
- const tempLockEndTime = new Date(user.lastFailedLoginAttempt).getTime() + this.getConfig('temporaryLockDuration') * 1000
108
+ const tempLockEndTime = new Date(user.lastFailedLoginAttempt).getTime() + this.getConfig('temporaryLockDuration')
109
109
  const tempLockRemainingSecs = Math.round((tempLockEndTime - Date.now()) / 1000)
110
110
 
111
111
  if (user.isPermLocked) {
package/lib/PasswordUtils.js CHANGED
@@ -64,7 +64,7 @@ class PasswordUtils {
64
64
  INVALID_PASSWORD_UPPERCASE: [match('passwordMustHaveUppercase', /[A-Z]/)],
65
65
  INVALID_PASSWORD_LOWERCASE: [match('passwordMustHaveLowercase', /[a-z]/)],
66
66
  INVALID_PASSWORD_SPECIAL: [match('passwordMustHaveSpecial', /[#?!@$%^&*-]/)],
67
- BLACKLISTED_PASSWORD_VALUE: [blacklisted.length === 0 || blacklisted.some(p => !(password.includes(p)))]
67
+ BLACKLISTED_PASSWORD_VALUE: [blacklisted.length === 0 || blacklisted.every(p => !(password.includes(p)))]
68
68
  }
69
69
  const errors = Object.entries(validationChecks).reduce((m, [code, [isValid, data]]) => {
70
70
  if (!isValid) m.push(App.instance.errors[code].setData(data))
@@ -164,7 +164,7 @@ class PasswordUtils {
164
164
  const [user] = await users.find({ email: tokenData.email })
165
165
  if (!user) {
166
166
  throw App.instance.errors.NOT_FOUND
167
- .setData({ type: 'user', id: token.email })
167
+ .setData({ type: 'user', id: tokenData.email })
168
168
  }
169
169
  return tokenData
170
170
  }
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "adapt-authoring-auth-local",
3
- "version": "1.3.1",
3
+ "version": "1.3.2",
4
4
  "description": "Module which implements username/password (local) authentication",
5
5
  "homepage": "https://github.com/adapt-security/adapt-authoring-auth-local",
6
6
  "license": "GPL-3.0",
package/tests/LocalAuthModule.spec.js CHANGED
@@ -505,10 +505,7 @@ describe('LocalAuthModule', () => {
505
505
  const user = {
506
506
  isPermLocked: false,
507
507
  isTempLocked: true,
508
- // NOTE: handleLockStatus multiplies temporaryLockDuration by 1000, which
509
- // appears to be a bug if the config value is already in ms (isTimeMs: true).
510
- // We set lastFailedLoginAttempt to now so the lock is still active with
511
- // the doubled value.
508
+ // NOTE: lastFailedLoginAttempt is set to now so the lock is still active.
512
509
  lastFailedLoginAttempt: new Date().toISOString()
513
510
  }
514
511
  await assert.rejects(
@@ -649,9 +646,7 @@ describe('LocalAuthModule', () => {
649
646
  assert.ok(updateCalls.length > 0)
650
647
  })
651
648
 
652
- // TODO: Bug - setUserEnabled references user.failedAttempts instead of
653
- // user.failedLoginAttempts when disabling. See BUGS.md.
654
- it('should preserve failedLoginAttempts when disabling a user', { todo: 'references user.failedAttempts instead of user.failedLoginAttempts' }, async () => {
649
+ it('should preserve failedLoginAttempts when disabling a user', async () => {
655
650
  const user = { _id: 'user-1', failedLoginAttempts: 7 }
656
651
  await mod.setUserEnabled(user, false)
657
652
  const lastUpdate = updateCalls[updateCalls.length - 1]
package/tests/PasswordUtils.spec.js CHANGED
@@ -374,11 +374,7 @@ describe('PasswordUtils', () => {
374
374
  await assert.doesNotReject(() => PasswordUtils.validate('anything1'))
375
375
  })
376
376
 
377
- // TODO: Bug - blacklist check uses .some() instead of .every()
378
- // With multiple blacklisted values, a password containing one blacklisted
379
- // value passes if another blacklisted value is absent.
380
- // See BUGS.md and PasswordUtils.js line 67.
381
- it('should throw when password contains any blacklisted value (multiple entries)', { todo: 'blacklist check uses .some() instead of .every()' }, async () => {
377
+ it('should throw when password contains any blacklisted value (multiple entries)', async () => {
382
378
  authlocalConfig.blacklistedPasswordValues = ['password', 'qwerty']
383
379
  await assert.rejects(
384
380
  () => PasswordUtils.validate('password123'),
@@ -593,10 +589,7 @@ describe('PasswordUtils', () => {
593
589
  )
594
590
  })
595
591
 
596
- // TODO: Bug - validateReset uses token.email instead of tokenData.email
597
- // in the NOT_FOUND error data. Since token is a string, token.email is
598
- // undefined. See PasswordUtils.js line 167.
599
- it('should include correct email in NOT_FOUND error when user is missing', { todo: 'uses token.email (string) instead of tokenData.email' }, async () => {
592
+ it('should include correct email in NOT_FOUND error when user is missing', async () => {
600
593
  mockPasswordResetsStore.push({
601
594
  token: 'orphan-token',
602
595
  email: 'orphan@example.com',