adapt-authoring-auth-local 2.3.2 → 2.4.0

package/.github/workflows/releases.yml

@@ -1,32 +1,16 @@
 name: Release
+
 on:
   push:
     branches:
       - master
 
+permissions:
+  contents: write
+  issues: write
+  pull-requests: write
+  id-token: write
+
 jobs:
   release:
-    name: Release
-    runs-on: ubuntu-latest
-    permissions:
-      contents: write # to be able to publish a GitHub release
-      issues: write # to be able to comment on released issues
-      pull-requests: write # to be able to comment on released pull requests
-      id-token: write # to enable use of OIDC for trusted publishing and npm provenance
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v3
-        with:
-          fetch-depth: 0
-      - name: Setup Node.js
-        uses: actions/setup-node@v3
-        with:
-          node-version: 'lts/*'
-      - name: Update npm
-        run: npm install -g npm@latest
-      - name: Install dependencies
-        run: npm install
-      - name: Release
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        run: npx semantic-release
+    uses: adaptlearning/semantic-release-config/.github/workflows/release.yml@master

package/lib/PasswordUtils.js

@@ -53,7 +53,7 @@ class PasswordUtils {
     }
     const jsonschema = await App.instance.waitForModule('jsonschema')
     const schema = await jsonschema.getSchema('localpassword')
-    await schema.validate({ password: plainPassword })
+    schema.validate({ password: plainPassword })
 
     const saltRounds = await PasswordUtils.getConfig('saltRounds')
     const salt = await promisify(bcrypt.genSalt)(saltRounds)
@@ -124,7 +124,7 @@ class PasswordUtils {
     if (new Date(tokenData.expiresAt) < new Date()) {
       throw App.instance.errors.AUTH_TOKEN_EXPIRED
     }
-    const user = await users.findOne({ email: tokenData.email })
+    await users.findOne({ email: tokenData.email })
     return tokenData
   }
 }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "adapt-authoring-auth-local",
-  "version": "2.3.2",
+  "version": "2.4.0",
   "description": "Module which implements username/password (local) authentication",
   "homepage": "https://github.com/adapt-security/adapt-authoring-auth-local",
   "license": "GPL-3.0",
@@ -26,37 +26,11 @@
     "adapt-authoring-users": "^1.0.2"
   },
   "devDependencies": {
+    "@adaptlearning/semantic-release-config": "^1.0.0",
     "adapt-authoring-server": "^2.1.0",
-    "@semantic-release/git": "^10.0.1",
-    "conventional-changelog-eslint": "^6.0.0",
-    "semantic-release": "^25.0.2",
     "standard": "^17.1.0"
   },
   "release": {
-    "plugins": [
-      [
-        "@semantic-release/commit-analyzer",
-        {
-          "preset": "eslint"
-        }
-      ],
-      [
-        "@semantic-release/release-notes-generator",
-        {
-          "preset": "eslint"
-        }
-      ],
-      "@semantic-release/npm",
-      "@semantic-release/github",
-      [
-        "@semantic-release/git",
-        {
-          "assets": [
-            "package.json"
-          ],
-          "message": "Chore(release): ${nextRelease.version} [skip ci]\n\n${nextRelease.notes}"
-        }
-      ]
-    ]
+    "extends": "@adaptlearning/semantic-release-config"
   }
 }

package/tests/LocalAuthModule.spec.js

@@ -51,6 +51,13 @@ const mockUsers = {
   find: async (query) => usersStore.filter(u => {
     return Object.entries(query).every(([k, v]) => JSON.stringify(u[k]) === JSON.stringify(v))
   }),
+  findOne: async (query) => {
+    const result = usersStore.find(u => {
+      return Object.entries(query).every(([k, v]) => JSON.stringify(u[k]) === JSON.stringify(v))
+    })
+    if (!result) throw mockErrors.NOT_FOUND.setData({ type: 'user' })
+    return result
+  },
   update: async (query, data) => {
     updateCalls.push({ query, data })
     return { ...query, ...data }
@@ -59,7 +66,8 @@ const mockUsers = {
 }
 
 const mockRoles = {
-  find: async () => [{ _id: 'role-super-id', shortName: 'superuser' }]
+  find: async () => [{ _id: 'role-super-id', shortName: 'superuser' }],
+  findOne: async () => ({ _id: 'role-super-id', shortName: 'superuser' })
 }
 
 const mockMailer = {
@@ -83,7 +91,7 @@ const mockMongodb = {
 
 const mockJsonschema = {
   getSchema: async () => ({
-    validate: async () => true
+    validate: () => true
   })
 }
 
@@ -241,6 +249,25 @@ describe('LocalAuthModule', () => {
   })
 
   describe('#authenticate()', () => {
+    let correctHash
+
+    before(async () => {
+      const { default: PasswordUtils } = await import('../lib/PasswordUtils.js')
+      correctHash = await PasswordUtils.generate('correctpass')
+    })
+
+    function createMockUser (overrides = {}) {
+      return {
+        _id: 'user-1',
+        password: correctHash,
+        isPermLocked: false,
+        isTempLocked: false,
+        failedLoginAttempts: 0,
+        lastFailedLoginAttempt: null,
+        ...overrides
+      }
+    }
+
     it('should throw when password is not provided in request body', async () => {
       const req = { body: {} }
       await assert.rejects(
@@ -250,16 +277,7 @@ describe('LocalAuthModule', () => {
     })
 
     it('should reset failed attempts on successful authentication', async () => {
-      const { default: PasswordUtils } = await import('../lib/PasswordUtils.js')
-      const hash = await PasswordUtils.generate('correctpass')
-      const user = {
-        _id: 'user-1',
-        password: hash,
-        isPermLocked: false,
-        isTempLocked: false,
-        failedLoginAttempts: 2,
-        lastFailedLoginAttempt: null
-      }
+      const user = createMockUser({ failedLoginAttempts: 2 })
       const req = { body: { password: 'correctpass' } }
       await mod.authenticate(user, req, {})
       const lastUpdate = updateCalls[updateCalls.length - 1]
@@ -267,16 +285,7 @@ describe('LocalAuthModule', () => {
     })
 
     it('should increment failed attempts on wrong password', async () => {
-      const { default: PasswordUtils } = await import('../lib/PasswordUtils.js')
-      const hash = await PasswordUtils.generate('correctpass')
-      const user = {
-        _id: 'user-1',
-        password: hash,
-        isPermLocked: false,
-        isTempLocked: false,
-        failedLoginAttempts: 0,
-        lastFailedLoginAttempt: null
-      }
+      const user = createMockUser()
       const req = { body: { password: 'wrongpass' } }
       await assert.rejects(() => mod.authenticate(user, req, {}))
       const lastUpdate = updateCalls[updateCalls.length - 1]
@@ -284,16 +293,7 @@ describe('LocalAuthModule', () => {
     })
 
     it('should set lastFailedLoginAttempt on wrong password', async () => {
-      const { default: PasswordUtils } = await import('../lib/PasswordUtils.js')
-      const hash = await PasswordUtils.generate('correctpass')
-      const user = {
-        _id: 'user-1',
-        password: hash,
-        isPermLocked: false,
-        isTempLocked: false,
-        failedLoginAttempts: 0,
-        lastFailedLoginAttempt: null
-      }
+      const user = createMockUser()
       const req = { body: { password: 'wrongpass' } }
       await assert.rejects(() => mod.authenticate(user, req, {}))
       const lastUpdate = updateCalls[updateCalls.length - 1]
@@ -302,16 +302,7 @@ describe('LocalAuthModule', () => {
     })
 
     it('should temporarily lock after reaching failsUntilTemporaryLock threshold', async () => {
-      const { default: PasswordUtils } = await import('../lib/PasswordUtils.js')
-      const hash = await PasswordUtils.generate('correctpass')
-      const user = {
-        _id: 'user-1',
-        password: hash,
-        isPermLocked: false,
-        isTempLocked: false,
-        failedLoginAttempts: 4, // one more will be 5 (the threshold)
-        lastFailedLoginAttempt: null
-      }
+      const user = createMockUser({ failedLoginAttempts: 4 })
       const req = { body: { password: 'wrongpass' } }
       await assert.rejects(
         () => mod.authenticate(user, req, {}),
@@ -322,16 +313,7 @@ describe('LocalAuthModule', () => {
     })
 
     it('should permanently lock after reaching failsUntilPermanentLock threshold', async () => {
-      const { default: PasswordUtils } = await import('../lib/PasswordUtils.js')
-      const hash = await PasswordUtils.generate('correctpass')
-      const user = {
-        _id: 'user-1',
-        password: hash,
-        isPermLocked: false,
-        isTempLocked: false,
-        failedLoginAttempts: 19, // one more will be 20 (the threshold)
-        lastFailedLoginAttempt: null
-      }
+      const user = createMockUser({ failedLoginAttempts: 19 })
       const req = { body: { password: 'wrongpass' } }
       await assert.rejects(
         () => mod.authenticate(user, req, {}),
@@ -342,16 +324,11 @@ describe('LocalAuthModule', () => {
     })
 
     it('should throw ACCOUNT_LOCKED_PERM when user is already permanently locked', async () => {
-      const { default: PasswordUtils } = await import('../lib/PasswordUtils.js')
-      const hash = await PasswordUtils.generate('correctpass')
-      const user = {
-        _id: 'user-1',
-        password: hash,
+      const user = createMockUser({
         isPermLocked: true,
-        isTempLocked: false,
         failedLoginAttempts: 20,
         lastFailedLoginAttempt: new Date().toISOString()
-      }
+      })
       const req = { body: { password: 'correctpass' } }
       await assert.rejects(
         () => mod.authenticate(user, req, {}),
@@ -360,16 +337,11 @@ describe('LocalAuthModule', () => {
     })
 
     it('should not increment failed attempts when account is permanently locked', async () => {
-      const { default: PasswordUtils } = await import('../lib/PasswordUtils.js')
-      const hash = await PasswordUtils.generate('correctpass')
-      const user = {
-        _id: 'user-1',
-        password: hash,
+      const user = createMockUser({
         isPermLocked: true,
-        isTempLocked: false,
         failedLoginAttempts: 20,
         lastFailedLoginAttempt: new Date().toISOString()
-      }
+      })
       const req = { body: { password: 'wrongpass' } }
       await assert.rejects(() => mod.authenticate(user, req, {}))
       const lastUpdate = updateCalls[updateCalls.length - 1]
@@ -377,16 +349,11 @@ describe('LocalAuthModule', () => {
     })
 
     it('should not increment failed attempts during temp lock timeout', async () => {
-      const { default: PasswordUtils } = await import('../lib/PasswordUtils.js')
-      const hash = await PasswordUtils.generate('correctpass')
-      const user = {
-        _id: 'user-1',
-        password: hash,
-        isPermLocked: false,
+      const user = createMockUser({
         isTempLocked: true,
         failedLoginAttempts: 5,
         lastFailedLoginAttempt: new Date().toISOString()
-      }
+      })
       const req = { body: { password: 'wrongpass' } }
       await assert.rejects(() => mod.authenticate(user, req, {}))
       const lastUpdate = updateCalls[updateCalls.length - 1]
@@ -394,16 +361,7 @@ describe('LocalAuthModule', () => {
     })
 
     it('should clear lastFailedLoginAttempt on successful login', async () => {
-      const { default: PasswordUtils } = await import('../lib/PasswordUtils.js')
-      const hash = await PasswordUtils.generate('correctpass')
-      const user = {
-        _id: 'user-1',
-        password: hash,
-        isPermLocked: false,
-        isTempLocked: false,
-        failedLoginAttempts: 0,
-        lastFailedLoginAttempt: null
-      }
+      const user = createMockUser()
       const req = { body: { password: 'correctpass' } }
       await mod.authenticate(user, req, {})
       const lastUpdate = updateCalls[updateCalls.length - 1]

package/tests/PasswordUtils.spec.js

@@ -43,7 +43,7 @@ const mockAuthlocal = {
 
 const mockJsonschema = {
   getSchema: async () => ({
-    validate: async () => true
+    validate: () => true
   })
 }
 
@@ -72,6 +72,11 @@ const mockMongodb = {
 const mockUsers = {
   find: async (query) => {
     return mockUsersStore.filter(u => u.email === query.email)
+  },
+  findOne: async (query) => {
+    const result = mockUsersStore.find(u => u.email === query.email)
+    if (!result) throw mockErrors.NOT_FOUND.setData({ id: query.email, type: 'user' })
+    return result
   }
 }