diff --git a/.travis.yml b/.travis.yml index 3297dfd..1beb773 100644 --- a/.travis.yml +++ b/.travis.yml @@ -1,14 +1,8 @@ language: "node_js" node_js: - - "5" - - "4" - - "3" # io.js - - "2" # io.js - - "1" # io.js - - "0.12" - - "0.10" - - "0.8" - - "0.6" + - "6" + - "8" + - "10" before_install: diff --git a/CHANGELOG.md b/CHANGELOG.md new file mode 100644 index 0000000..adfc9de --- /dev/null +++ b/CHANGELOG.md @@ -0,0 +1,8 @@ +# 1.5.0 (2018-06-29) + +* Added CHANGELOG.md @rwky +* Updated travis to use node 6, 8 and 10 @rwky +* Removed uid2 dep replaced with node crypto @rwky +* Replaced utils-merge with lodash +* Updated README.md and package.json for passport-next org + diff --git a/LICENSE b/LICENSE index 0554e9e..b017524 100644 --- a/LICENSE +++ b/LICENSE @@ -1,5 +1,6 @@ The MIT License (MIT) +Copyright (c) 2018 Rowan Wookey Copyright (c) 2011-2016 Jared Hanson Permission is hereby granted, free of charge, to any person obtaining a copy of diff --git a/README.md b/README.md index b43a38c..e7733fb 100644 --- a/README.md +++ b/README.md @@ -1,10 +1,10 @@ # passport-oauth2 -[![Build](https://img.shields.io/travis/jaredhanson/passport-oauth2.svg)](https://travis-ci.org/jaredhanson/passport-oauth2) -[![Coverage](https://img.shields.io/coveralls/jaredhanson/passport-oauth2.svg)](https://coveralls.io/r/jaredhanson/passport-oauth2) -[![Quality](https://img.shields.io/codeclimate/github/jaredhanson/passport-oauth2.svg?label=quality)](https://codeclimate.com/github/jaredhanson/passport-oauth2) -[![Dependencies](https://img.shields.io/david/jaredhanson/passport-oauth2.svg)](https://david-dm.org/jaredhanson/passport-oauth2) - +[![Build Status](https://travis-ci.org/passport-next/passport-oauth2.svg?branch=master)](https://travis-ci.org/passport-next/passport-oauth2) +[![Coverage Status](https://coveralls.io/repos/github/passport-next/passport-oauth2/badge.svg?branch=master)](https://coveralls.io/github/passport-next/passport-oauth2?branch=master) +[![Maintainability](https://api.codeclimate.com/v1/badges/5c6d93b9711897ef2949/maintainability)](https://codeclimate.com/github/passport-next/passport-oauth2/maintainability) +[![Dependencies](https://david-dm.org/passport-next/passport-oauth2.png)](https://david-dm.org/passport-next/passport-oauth2) + General-purpose OAuth 2.0 authentication strategy for [Passport](http://passportjs.org/). @@ -27,7 +27,7 @@ list so other people can find it. ## Install - $ npm install passport-oauth2 + $ npm install @passport-next/passport-oauth2 ## Usage @@ -75,12 +75,6 @@ app.get('/auth/example/callback', }); ``` -## Related Modules - -- [passport-oauth1](https://github.com/jaredhanson/passport-oauth1) — OAuth 1.0 authentication strategy -- [passport-http-bearer](https://github.com/jaredhanson/passport-http-bearer) — Bearer token authentication strategy for APIs -- [OAuth2orize](https://github.com/jaredhanson/oauth2orize) — OAuth 2.0 authorization server toolkit - ## Contributing #### Tests @@ -103,24 +97,3 @@ executing: $ make test-cov $ make view-cov ``` - -## Support - -#### Funding - -This software is provided to you as open source, free of charge. The time and -effort to develop and maintain this project is dedicated by [@jaredhanson](https://github.com/jaredhanson). -If you (or your employer) benefit from this project, please consider a financial -contribution. Your contribution helps continue the efforts that produce this -and other open source software. - -Funds are accepted via [PayPal](https://paypal.me/jaredhanson), [Venmo](https://venmo.com/jaredhanson), -and [other](http://jaredhanson.net/pay) methods. Any amount is appreciated. - -## License - -[The MIT License](http://opensource.org/licenses/MIT) - -Copyright (c) 2011-2016 Jared Hanson <[http://jaredhanson.net/](http://jaredhanson.net/)> - - Sponsor diff --git a/lib/state/session.js b/lib/state/session.js index 1d08789..c010d96 100644 --- a/lib/state/session.js +++ b/lib/state/session.js @@ -1,4 +1,4 @@ -var uid = require('uid2'); +var crypto = require('crypto'); /** * Creates an instance of `SessionStore`. @@ -39,7 +39,7 @@ SessionStore.prototype.store = function(req, callback) { if (!req.session) { return callback(new Error('OAuth 2.0 authentication requires session support when using state. Did you forget to use express-session middleware?')); } var key = this._key; - var state = uid(24); + var state = crypto.randomBytes(16).toString('hex'); if (!req.session[key]) { req.session[key] = {}; } req.session[key].state = state; callback(null, state); diff --git a/lib/strategy.js b/lib/strategy.js index a0d50bd..fb705b9 100644 --- a/lib/strategy.js +++ b/lib/strategy.js @@ -1,5 +1,5 @@ // Load modules. -var passport = require('passport-strategy') +var passport = require('@passport-next/passport-strategy') , url = require('url') , util = require('util') , utils = require('./utils') diff --git a/lib/utils.js b/lib/utils.js index 486f9e1..2737578 100644 --- a/lib/utils.js +++ b/lib/utils.js @@ -1,4 +1,4 @@ -exports.merge = require('utils-merge'); +exports.merge = require('lodash').merge; /** * Reconstructs the original URL of the request. diff --git a/package-lock.json b/package-lock.json new file mode 100644 index 0000000..e015b33 --- /dev/null +++ b/package-lock.json @@ -0,0 +1,212 @@ +{ + "name": "@passport-next/passport-oauth2", + "version": "1.5.0", + "lockfileVersion": 1, + "requires": true, + "dependencies": { + "@passport-next/passport-strategy": { + "version": "1.1.0", + "resolved": "https://registry.npmjs.org/@passport-next/passport-strategy/-/passport-strategy-1.1.0.tgz", + "integrity": "sha512-2KhFjtPueJG6xVj2HnqXt9BlANOfYCVLyu+pXYjPGBDT8yk+vQwc/6tsceIj+mayKcoxMau2JimggXRPHgoc8w==" + }, + "assertion-error": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/assertion-error/-/assertion-error-1.0.0.tgz", + "integrity": "sha1-x/hUOP3UZrx8oWq5DIFRN5el0js=", + "dev": true + }, + "chai": { + "version": "2.3.0", + "resolved": "https://registry.npmjs.org/chai/-/chai-2.3.0.tgz", + "integrity": "sha1-ii9qNHSNqAEJD9cyh7Kqc5pOkJo=", + "dev": true, + "requires": { + "assertion-error": "1.0.0", + "deep-eql": "0.1.3" + } + }, + "chai-passport-strategy": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/chai-passport-strategy/-/chai-passport-strategy-1.0.1.tgz", + "integrity": "sha1-2rGASPbqeG7JjLlNS3nAxi/z8gQ=", + "dev": true + }, + "commander": { + "version": "2.3.0", + "resolved": "https://registry.npmjs.org/commander/-/commander-2.3.0.tgz", + "integrity": "sha1-/UMOiJgy7DU7ms0d4hfBHLPu+HM=", + "dev": true + }, + "debug": { + "version": "2.2.0", + "resolved": "https://registry.npmjs.org/debug/-/debug-2.2.0.tgz", + "integrity": "sha1-+HBX6ZWxofauaklgZkE3vFbwOdo=", + "dev": true, + "requires": { + "ms": "0.7.1" + } + }, + "deep-eql": { + "version": "0.1.3", + "resolved": "https://registry.npmjs.org/deep-eql/-/deep-eql-0.1.3.tgz", + "integrity": "sha1-71WKyrjeJSBs1xOQbXTlaTDrafI=", + "dev": true, + "requires": { + "type-detect": "0.1.1" + } + }, + "diff": { + "version": "1.4.0", + "resolved": "https://registry.npmjs.org/diff/-/diff-1.4.0.tgz", + "integrity": "sha1-fyjS657nsVqX79ic5j3P2qPMur8=", + "dev": true + }, + "escape-string-regexp": { + "version": "1.0.2", + "resolved": "https://registry.npmjs.org/escape-string-regexp/-/escape-string-regexp-1.0.2.tgz", + "integrity": "sha1-Tbwv5nTnGUnK8/smlc5/LcHZqNE=", + "dev": true + }, + "glob": { + "version": "3.2.11", + "resolved": "https://registry.npmjs.org/glob/-/glob-3.2.11.tgz", + "integrity": "sha1-Spc/Y1uRkPcV0QmH1cAP0oFevj0=", + "dev": true, + "requires": { + "inherits": "2", + "minimatch": "0.3" + } + }, + "growl": { + "version": "1.9.2", + "resolved": "https://registry.npmjs.org/growl/-/growl-1.9.2.tgz", + "integrity": "sha1-Dqd0NxXbjY3ixe3hd14bRayFwC8=", + "dev": true + }, + "inherits": { + "version": "2.0.3", + "resolved": "https://registry.npmjs.org/inherits/-/inherits-2.0.3.tgz", + "integrity": "sha1-Yzwsg+PaQqUC9SRmAiSA9CCCYd4=", + "dev": true + }, + "jade": { + "version": "0.26.3", + "resolved": "https://registry.npmjs.org/jade/-/jade-0.26.3.tgz", + "integrity": "sha1-jxDXl32NefL2/4YqgbBRPMslaGw=", + "dev": true, + "requires": { + "commander": "0.6.1", + "mkdirp": "0.3.0" + }, + "dependencies": { + "commander": { + "version": "0.6.1", + "resolved": "https://registry.npmjs.org/commander/-/commander-0.6.1.tgz", + "integrity": "sha1-+mihT2qUXVTbvlDYzbMyDp47GgY=", + "dev": true + }, + "mkdirp": { + "version": "0.3.0", + "resolved": "https://registry.npmjs.org/mkdirp/-/mkdirp-0.3.0.tgz", + "integrity": "sha1-G79asbqCevI1dRQ0kEJkVfSB/h4=", + "dev": true + } + } + }, + "lodash": { + "version": "4.17.10", + "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.10.tgz", + "integrity": "sha512-UejweD1pDoXu+AD825lWwp4ZGtSwgnpZxb3JDViD7StjQz+Nb/6l093lx4OQ0foGWNRoc19mWy7BzL+UAK2iVg==" + }, + "lru-cache": { + "version": "2.7.3", + "resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-2.7.3.tgz", + "integrity": "sha1-bUUk6LlV+V1PW1iFHOId1y+06VI=", + "dev": true + }, + "make-node": { + "version": "0.3.5", + "resolved": "https://registry.npmjs.org/make-node/-/make-node-0.3.5.tgz", + "integrity": "sha1-LTVN240+zfWg1btMrbuqRGHK3jo=", + "dev": true + }, + "minimatch": { + "version": "0.3.0", + "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-0.3.0.tgz", + "integrity": "sha1-J12O2qxPG7MyZHIInnlJyDlGmd0=", + "dev": true, + "requires": { + "lru-cache": "2", + "sigmund": "~1.0.0" + } + }, + "minimist": { + "version": "0.0.8", + "resolved": "https://registry.npmjs.org/minimist/-/minimist-0.0.8.tgz", + "integrity": "sha1-hX/Kv8M5fSYluCKCYuhqp6ARsF0=", + "dev": true + }, + "mkdirp": { + "version": "0.5.1", + "resolved": "https://registry.npmjs.org/mkdirp/-/mkdirp-0.5.1.tgz", + "integrity": "sha1-MAV0OOrGz3+MR2fzhkjWaX11yQM=", + "dev": true, + "requires": { + "minimist": "0.0.8" + } + }, + "mocha": { + "version": "2.5.3", + "resolved": "https://registry.npmjs.org/mocha/-/mocha-2.5.3.tgz", + "integrity": "sha1-FhvlvetJZ3HrmzV0UFC2IrWu/Fg=", + "dev": true, + "requires": { + "commander": "2.3.0", + "debug": "2.2.0", + "diff": "1.4.0", + "escape-string-regexp": "1.0.2", + "glob": "3.2.11", + "growl": "1.9.2", + "jade": "0.26.3", + "mkdirp": "0.5.1", + "supports-color": "1.2.0", + "to-iso-string": "0.0.2" + } + }, + "ms": { + "version": "0.7.1", + "resolved": "https://registry.npmjs.org/ms/-/ms-0.7.1.tgz", + "integrity": "sha1-nNE8A62/8ltl7/3nzoZO6VIBcJg=", + "dev": true + }, + "oauth": { + "version": "0.9.15", + "resolved": "https://registry.npmjs.org/oauth/-/oauth-0.9.15.tgz", + "integrity": "sha1-vR/vr2hslrdUda7VGWQS/2DPucE=" + }, + "sigmund": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/sigmund/-/sigmund-1.0.1.tgz", + "integrity": "sha1-P/IfGYytIXX587eBhT/ZTQ0ZtZA=", + "dev": true + }, + "supports-color": { + "version": "1.2.0", + "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-1.2.0.tgz", + "integrity": "sha1-/x7R5hFp0Gs88tWI4YixjYhH4X4=", + "dev": true + }, + "to-iso-string": { + "version": "0.0.2", + "resolved": "https://registry.npmjs.org/to-iso-string/-/to-iso-string-0.0.2.tgz", + "integrity": "sha1-TcGeZk38y+Jb2NtQiwDG2hWCVdE=", + "dev": true + }, + "type-detect": { + "version": "0.1.1", + "resolved": "https://registry.npmjs.org/type-detect/-/type-detect-0.1.1.tgz", + "integrity": "sha1-C6XsKohWQORw6k6FBZcZANrFiCI=", + "dev": true + } + } +} diff --git a/package.json b/package.json index 560a959..030ffd2 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { - "name": "passport-oauth2", - "version": "1.4.0", + "name": "@passport-next/passport-oauth2", + "version": "1.5.0", "description": "OAuth 2.0 authentication strategy for Passport.", "keywords": [ "passport", @@ -13,16 +13,15 @@ "oauth2" ], "author": { - "name": "Jared Hanson", - "email": "jaredhanson@gmail.com", - "url": "http://www.jaredhanson.net/" + "name": "Rowan Wookey", + "email": "admin@rwky.net" }, "repository": { "type": "git", - "url": "git://github.com/jaredhanson/passport-oauth2.git" + "url": "git://github.com/passport-next/passport-oauth2.git" }, "bugs": { - "url": "http://github.com/jaredhanson/passport-oauth2/issues" + "url": "http://github.com/passport-next/passport-oauth2/issues" }, "license": "MIT", "licenses": [ @@ -34,9 +33,8 @@ "main": "./lib", "dependencies": { "oauth": "0.9.x", - "passport-strategy": "1.x.x", - "uid2": "0.0.x", - "utils-merge": "1.x.x" + "@passport-next/passport-strategy": "1.1.x", + "lodash": "4.17.x" }, "devDependencies": { "make-node": "0.3.x", @@ -45,7 +43,7 @@ "chai-passport-strategy": "1.x.x" }, "engines": { - "node": ">= 0.4.0" + "node": ">= 6" }, "scripts": { "test": "node_modules/.bin/mocha --reporter spec --require test/bootstrap/node test/*.test.js test/**/*.test.js" diff --git a/test/oauth2.state.session.test.js b/test/oauth2.state.session.test.js index 93f5865..7fb71a0 100644 --- a/test/oauth2.state.session.test.js +++ b/test/oauth2.state.session.test.js @@ -40,13 +40,13 @@ describe('OAuth2Strategy', function() { it('should be redirected', function() { var u = uri.parse(url, true); - expect(u.query.state).to.have.length(24); + expect(u.query.state).to.have.length(32); }); it('should save state in session', function() { var u = uri.parse(url, true); - expect(request.session['oauth2:www.example.com'].state).to.have.length(24); + expect(request.session['oauth2:www.example.com'].state).to.have.length(32); expect(request.session['oauth2:www.example.com'].state).to.equal(u.query.state); }); }); // that redirects to service provider @@ -71,13 +71,13 @@ describe('OAuth2Strategy', function() { it('should be redirected', function() { var u = uri.parse(url, true); - expect(u.query.state).to.have.length(24); + expect(u.query.state).to.have.length(32); }); it('should save state in session', function() { var u = uri.parse(url, true); - expect(request.session['oauth2:www.example.com'].state).to.have.length(24); + expect(request.session['oauth2:www.example.com'].state).to.have.length(32); expect(request.session['oauth2:www.example.com'].state).to.equal(u.query.state); }); @@ -140,13 +140,13 @@ describe('OAuth2Strategy', function() { it('should be redirected', function() { var u = uri.parse(url, true); expect(u.query.foo).equal('bar'); - expect(u.query.state).to.have.length(24); + expect(u.query.state).to.have.length(32); }); it('should save state in session', function() { var u = uri.parse(url, true); - expect(request.session['oauth2:www.example.com'].state).to.have.length(24); + expect(request.session['oauth2:www.example.com'].state).to.have.length(32); expect(request.session['oauth2:www.example.com'].state).to.equal(u.query.state); }); }); // that redirects to service provider @@ -444,13 +444,13 @@ describe('OAuth2Strategy', function() { it('should be redirected', function() { var u = uri.parse(url, true); - expect(u.query.state).to.have.length(24); + expect(u.query.state).to.have.length(32); }); it('should save state in session', function() { var u = uri.parse(url, true); - expect(request.session['oauth2:example'].state).to.have.length(24); + expect(request.session['oauth2:example'].state).to.have.length(32); expect(request.session['oauth2:example'].state).to.equal(u.query.state); }); }); // that redirects to service provider