Commit graph

31 commits

Author SHA1 Message Date
Yannick Bungers
325e1893f8 Change createTokenForUser signature
user is now used instead of username

Signed-off-by: Yannick Bungers <git@innay.de>
2021-10-13 22:59:51 +02:00
Yannick Bungers
d33cfa4541 fix username spelling from userName
Signed-off-by: Yannick Bungers <git@innay.de>
2021-10-13 22:54:00 +02:00
Yannick Bungers
aa8455a079 change getTokensByUsername to getTokensByUser
Signed-off-by: Yannick Bungers <git@innay.de>
2021-10-13 22:22:08 +02:00
Philip Molares
87a5f77abe chore: move password related functions from AuthService to utils file
As these methods will be used in both the AuthService and the IdentityService, it makes sense to extract them and use them in this manner. Especially if one considers that they are quite standalone functions.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-09-16 23:59:59 +02:00
Yannick Bungers
9c7ab01016 Fix copy paste error in auth toAuthTokenDto test
Add an hour difference between createdAt and validUntil to better detect
these errors.

Signed-off-by: Yannick Bungers <git@innay.de>
2021-09-03 19:19:55 +02:00
David Mehren
bcc9ec9c75
Enforce import order with prettier
Signed-off-by: David Mehren <git@herrmehren.de>
2021-08-29 18:45:46 +02:00
David Mehren
b2b3849300
Adjust tests to new Session and Author entities
Signed-off-by: David Mehren <git@herrmehren.de>
2021-05-31 18:44:00 +02:00
Philip Molares
840ca2fa6c refactor: Remove randomString function
This was done because it was only a wrapper for a nodejs function to check if the given parameter is a positive number.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-05-17 20:27:40 +02:00
David Mehren
e4317725cd
Format with Prettier 2.3
Signed-off-by: David Mehren <git@herrmehren.de>
2021-05-15 21:13:44 +02:00
David Mehren
0d9dfc4076
AuthTokenEntity: Make validUntil not nullable
As all tokens are valid for a maximum of 2 years, the
validUntil attribute is always populated.

This updates the database schema and the DTO to reflect that.

Fixes #1256

Signed-off-by: David Mehren <git@herrmehren.de>
2021-05-09 22:05:47 +02:00
David Mehren
53a0c87a53
AuthService.randomString: Throw Error instead of returning null
A string with a negative length is invalid, so we should throw here
instead of complicating the type with a possible null return value.

Signed-off-by: David Mehren <git@herrmehren.de>
2021-05-09 20:59:30 +02:00
David Mehren
72b545fec5
AuthTokenDto: Make properties consistently optional
validUntil and lastUsed already have a IsOptional decorator,
this makes the properties themselves also optional

Signed-off-by: David Mehren <git@herrmehren.de>
2021-05-09 20:59:30 +02:00
David Mehren
cfaa07806b
AuthService: Throw NotInDBError on empty DB result
This adds error handling to various functions, so they throw a
NotInDBError instead of a TypeError

Signed-off-by: David Mehren <git@herrmehren.de>
2021-05-09 20:59:30 +02:00
David Mehren
6699e4b0c8
Merge pull request #1131 from hedgedoc/improve/logging 2021-04-18 22:28:11 +02:00
Philip Molares
0ef9a338f3 UnitTests: Add appConfigMock
This is necessary as the Logger needs this config for the loglevel.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-04-18 18:50:57 +02:00
Philip Molares
51f1da7083 Tests: Fix eslint errors
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-04-16 10:14:05 +02:00
Philip Molares
434bc55bab Tests: Removed all eslint-disable lines
As we now disable what we don't need in the eslint config, we don't need this anymore.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-04-16 10:14:05 +02:00
David Mehren
8c3bf66469
Fix various ESLint errors in unit tests
Signed-off-by: David Mehren <git@herrmehren.de>
2021-02-27 16:11:27 +01:00
David Mehren
3626ce9dff
ESLint: Enable @typescript-eslint/naming-convention rule
This check enforces consistent variable naming.

Signed-off-by: David Mehren <git@herrmehren.de>
2021-02-26 12:10:53 +01:00
Philip Molares
680ca4188f Tests: Rewrote AuthService unit test
The unit test now uses per test mocking of the necessary functions instead of one mock in the beforeEach call.
Also some tests got expanded to cover more error cases.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-02-16 22:25:37 +01:00
Philip Molares
b76fa91a3c History: Add HistoryEntry
With this the backend now can hold a history entry.
Also included in this commit are some minor changes to tests and services so they can still work.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-02-04 21:50:14 +01:00
Philip Molares
5a727d530b auth: Fix secret length
The former length of 64 bytes (512-bit) is transformed into base64url (a 6-bit code) ~86 characters long. This is too long for bcrypt as it ignores any characters beyond the 72th.
This fix therefore reduces the amount of generated bytes to 54 (as 72*6/8 = 54) characters. This ensures that removing one character from the token the hash won't be the same anymore.

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-01-29 21:32:54 +01:00
Philip Molares
67a5f3c7ec auth: Add maximum token lifetime of 2 years.
Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-01-25 21:30:08 +01:00
Philip Molares
28abc37e2c auth: fixes unit and e2e tests
adds MockAuthGuard which always return user 'hardcoded'

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-01-25 21:30:08 +01:00
Philip Molares
0a3247492a auth: Add cron to clean old tokens
Rename AuthToken.identifier to label

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-01-25 21:30:04 +01:00
Philip Molares
cc2fcac532 auth: Remove userName parameter of removeToken function
As suggested by @innaytool

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-01-25 21:30:02 +01:00
Philip Molares
f68caab6e8 auth: Integrate suggestions by @davidmehren
Add number type alias TimestampMillis
Remove solved ToDos
Change AuthToken and AuthTokenDto to use Date
Rename authService unit tests

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-01-25 21:30:02 +01:00
Philip Molares
265195e305 auth: Split randomBase64UrlString in two functions
add test for BufferToBase64Url and toAuthTokenDto

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-01-25 21:30:02 +01:00
Philip Molares
84ec528d14 auth: Add tests for AuthService
Move AuthTokens to auth folder

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-01-25 21:30:02 +01:00
Philip Molares
fd70b2d121 auth: fixes unit and e2e tests
adds MockAuthGuard which always return user 'hardcoded'

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-01-25 21:30:02 +01:00
Philip Molares
8d89614a4d auth: adds token-auth to public api
adds auth service
adds auth module
adds token-auth strategy
adds token-auth to all public api calls

Signed-off-by: Philip Molares <philip.molares@udo.edu>
2021-01-25 21:29:59 +01:00