adapt-authoring-auth-local 2.3.1 → 2.3.3

package/.github/workflows/standardjs.yml

@@ -1,4 +1,4 @@
-name: Standard.js
+name: Lint
 on: push
 jobs:
   default:
@@ -10,3 +10,4 @@ jobs:
           node-version: 'lts/*'
       - run: npm install
       - run: npx standard
+

package/lib/LocalAuthModule.js

@@ -99,7 +99,7 @@ class LocalAuthModule extends AbstractAuthModule {
    */
   async registerSuper (data) {
     const [roles, users] = await this.app.waitForModule('roles', 'users')
-    const [superRole] = await roles.find({ shortName: 'superuser' })
+    const superRole = await roles.findOne({ shortName: 'superuser' })
     const superUsers = await users.find({ roles: [superRole._id] })
     if (superUsers.length) {
       throw this.app.errors.SUPER_USER_EXISTS
@@ -256,7 +256,7 @@ class LocalAuthModule extends AbstractAuthModule {
         // allow for a specific email to be passed via body, falling back to the email from the auth data
         email = req.body.email || req.auth.user.email
         // validate the existing password for security
-        const [user] = await this.users.find({ email })
+        const user = await this.users.findOne({ email })
         await compare(req.body.oldPassword, user.password)
       } else { // no authenticated, so should expect body data
         const tokenData = await PasswordUtils.validateReset(req.body.token)

package/lib/PasswordUtils.js

@@ -69,11 +69,7 @@ class PasswordUtils {
    */
   static async createReset (email, lifespan) {
     const [mongodb, users] = await App.instance.waitForModule('mongodb', 'users')
-    const [user] = await users.find({ email })
-    if (!user) {
-      throw App.instance.errors.NOT_FOUND
-        .setData({ type: 'user', id: email })
-    }
+    const user = await users.findOne({ email })
     if (user.authType !== 'local') {
       const authlocal = await App.instance.waitForModule('auth-local')
       authlocal.log('error', `Failed to reset ${user._id} password, not authenticated with local auth`)
@@ -128,11 +124,7 @@ class PasswordUtils {
     if (new Date(tokenData.expiresAt) < new Date()) {
       throw App.instance.errors.AUTH_TOKEN_EXPIRED
     }
-    const [user] = await users.find({ email: tokenData.email })
-    if (!user) {
-      throw App.instance.errors.NOT_FOUND
-        .setData({ type: 'user', id: tokenData.email })
-    }
+    await users.findOne({ email: tokenData.email })
     return tokenData
   }
 }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "adapt-authoring-auth-local",
-  "version": "2.3.1",
+  "version": "2.3.3",
   "description": "Module which implements username/password (local) authentication",
   "homepage": "https://github.com/adapt-security/adapt-authoring-auth-local",
   "license": "GPL-3.0",

package/tests/LocalAuthModule.spec.js

@@ -51,6 +51,13 @@ const mockUsers = {
   find: async (query) => usersStore.filter(u => {
     return Object.entries(query).every(([k, v]) => JSON.stringify(u[k]) === JSON.stringify(v))
   }),
+  findOne: async (query) => {
+    const result = usersStore.find(u => {
+      return Object.entries(query).every(([k, v]) => JSON.stringify(u[k]) === JSON.stringify(v))
+    })
+    if (!result) throw mockErrors.NOT_FOUND.setData({ type: 'user' })
+    return result
+  },
   update: async (query, data) => {
     updateCalls.push({ query, data })
     return { ...query, ...data }
@@ -59,7 +66,8 @@ const mockUsers = {
 }
 
 const mockRoles = {
-  find: async () => [{ _id: 'role-super-id', shortName: 'superuser' }]
+  find: async () => [{ _id: 'role-super-id', shortName: 'superuser' }],
+  findOne: async () => ({ _id: 'role-super-id', shortName: 'superuser' })
 }
 
 const mockMailer = {
@@ -241,6 +249,25 @@ describe('LocalAuthModule', () => {
   })
 
   describe('#authenticate()', () => {
+    let correctHash
+
+    before(async () => {
+      const { default: PasswordUtils } = await import('../lib/PasswordUtils.js')
+      correctHash = await PasswordUtils.generate('correctpass')
+    })
+
+    function createMockUser (overrides = {}) {
+      return {
+        _id: 'user-1',
+        password: correctHash,
+        isPermLocked: false,
+        isTempLocked: false,
+        failedLoginAttempts: 0,
+        lastFailedLoginAttempt: null,
+        ...overrides
+      }
+    }
+
     it('should throw when password is not provided in request body', async () => {
       const req = { body: {} }
       await assert.rejects(
@@ -250,16 +277,7 @@ describe('LocalAuthModule', () => {
     })
 
     it('should reset failed attempts on successful authentication', async () => {
-      const { default: PasswordUtils } = await import('../lib/PasswordUtils.js')
-      const hash = await PasswordUtils.generate('correctpass')
-      const user = {
-        _id: 'user-1',
-        password: hash,
-        isPermLocked: false,
-        isTempLocked: false,
-        failedLoginAttempts: 2,
-        lastFailedLoginAttempt: null
-      }
+      const user = createMockUser({ failedLoginAttempts: 2 })
       const req = { body: { password: 'correctpass' } }
       await mod.authenticate(user, req, {})
       const lastUpdate = updateCalls[updateCalls.length - 1]
@@ -267,16 +285,7 @@ describe('LocalAuthModule', () => {
     })
 
     it('should increment failed attempts on wrong password', async () => {
-      const { default: PasswordUtils } = await import('../lib/PasswordUtils.js')
-      const hash = await PasswordUtils.generate('correctpass')
-      const user = {
-        _id: 'user-1',
-        password: hash,
-        isPermLocked: false,
-        isTempLocked: false,
-        failedLoginAttempts: 0,
-        lastFailedLoginAttempt: null
-      }
+      const user = createMockUser()
       const req = { body: { password: 'wrongpass' } }
       await assert.rejects(() => mod.authenticate(user, req, {}))
       const lastUpdate = updateCalls[updateCalls.length - 1]
@@ -284,16 +293,7 @@ describe('LocalAuthModule', () => {
     })
 
     it('should set lastFailedLoginAttempt on wrong password', async () => {
-      const { default: PasswordUtils } = await import('../lib/PasswordUtils.js')
-      const hash = await PasswordUtils.generate('correctpass')
-      const user = {
-        _id: 'user-1',
-        password: hash,
-        isPermLocked: false,
-        isTempLocked: false,
-        failedLoginAttempts: 0,
-        lastFailedLoginAttempt: null
-      }
+      const user = createMockUser()
       const req = { body: { password: 'wrongpass' } }
       await assert.rejects(() => mod.authenticate(user, req, {}))
       const lastUpdate = updateCalls[updateCalls.length - 1]
@@ -302,16 +302,7 @@ describe('LocalAuthModule', () => {
     })
 
     it('should temporarily lock after reaching failsUntilTemporaryLock threshold', async () => {
-      const { default: PasswordUtils } = await import('../lib/PasswordUtils.js')
-      const hash = await PasswordUtils.generate('correctpass')
-      const user = {
-        _id: 'user-1',
-        password: hash,
-        isPermLocked: false,
-        isTempLocked: false,
-        failedLoginAttempts: 4, // one more will be 5 (the threshold)
-        lastFailedLoginAttempt: null
-      }
+      const user = createMockUser({ failedLoginAttempts: 4 })
       const req = { body: { password: 'wrongpass' } }
       await assert.rejects(
         () => mod.authenticate(user, req, {}),
@@ -322,16 +313,7 @@ describe('LocalAuthModule', () => {
     })
 
     it('should permanently lock after reaching failsUntilPermanentLock threshold', async () => {
-      const { default: PasswordUtils } = await import('../lib/PasswordUtils.js')
-      const hash = await PasswordUtils.generate('correctpass')
-      const user = {
-        _id: 'user-1',
-        password: hash,
-        isPermLocked: false,
-        isTempLocked: false,
-        failedLoginAttempts: 19, // one more will be 20 (the threshold)
-        lastFailedLoginAttempt: null
-      }
+      const user = createMockUser({ failedLoginAttempts: 19 })
       const req = { body: { password: 'wrongpass' } }
       await assert.rejects(
         () => mod.authenticate(user, req, {}),
@@ -342,16 +324,11 @@ describe('LocalAuthModule', () => {
     })
 
     it('should throw ACCOUNT_LOCKED_PERM when user is already permanently locked', async () => {
-      const { default: PasswordUtils } = await import('../lib/PasswordUtils.js')
-      const hash = await PasswordUtils.generate('correctpass')
-      const user = {
-        _id: 'user-1',
-        password: hash,
+      const user = createMockUser({
         isPermLocked: true,
-        isTempLocked: false,
         failedLoginAttempts: 20,
         lastFailedLoginAttempt: new Date().toISOString()
-      }
+      })
       const req = { body: { password: 'correctpass' } }
       await assert.rejects(
         () => mod.authenticate(user, req, {}),
@@ -360,16 +337,11 @@ describe('LocalAuthModule', () => {
     })
 
     it('should not increment failed attempts when account is permanently locked', async () => {
-      const { default: PasswordUtils } = await import('../lib/PasswordUtils.js')
-      const hash = await PasswordUtils.generate('correctpass')
-      const user = {
-        _id: 'user-1',
-        password: hash,
+      const user = createMockUser({
         isPermLocked: true,
-        isTempLocked: false,
         failedLoginAttempts: 20,
         lastFailedLoginAttempt: new Date().toISOString()
-      }
+      })
       const req = { body: { password: 'wrongpass' } }
       await assert.rejects(() => mod.authenticate(user, req, {}))
       const lastUpdate = updateCalls[updateCalls.length - 1]
@@ -377,16 +349,11 @@ describe('LocalAuthModule', () => {
     })
 
     it('should not increment failed attempts during temp lock timeout', async () => {
-      const { default: PasswordUtils } = await import('../lib/PasswordUtils.js')
-      const hash = await PasswordUtils.generate('correctpass')
-      const user = {
-        _id: 'user-1',
-        password: hash,
-        isPermLocked: false,
+      const user = createMockUser({
         isTempLocked: true,
         failedLoginAttempts: 5,
         lastFailedLoginAttempt: new Date().toISOString()
-      }
+      })
       const req = { body: { password: 'wrongpass' } }
       await assert.rejects(() => mod.authenticate(user, req, {}))
       const lastUpdate = updateCalls[updateCalls.length - 1]
@@ -394,16 +361,7 @@ describe('LocalAuthModule', () => {
     })
 
     it('should clear lastFailedLoginAttempt on successful login', async () => {
-      const { default: PasswordUtils } = await import('../lib/PasswordUtils.js')
-      const hash = await PasswordUtils.generate('correctpass')
-      const user = {
-        _id: 'user-1',
-        password: hash,
-        isPermLocked: false,
-        isTempLocked: false,
-        failedLoginAttempts: 0,
-        lastFailedLoginAttempt: null
-      }
+      const user = createMockUser()
       const req = { body: { password: 'correctpass' } }
       await mod.authenticate(user, req, {})
       const lastUpdate = updateCalls[updateCalls.length - 1]

package/tests/PasswordUtils.spec.js

@@ -72,6 +72,11 @@ const mockMongodb = {
 const mockUsers = {
   find: async (query) => {
     return mockUsersStore.filter(u => u.email === query.email)
+  },
+  findOne: async (query) => {
+    const result = mockUsersStore.find(u => u.email === query.email)
+    if (!result) throw mockErrors.NOT_FOUND.setData({ id: query.email, type: 'user' })
+    return result
   }
 }