forbeslindesay / authentication Goto Github PK

Hey there 👋

Our bot, Adaptly, found that 21 out of 22 currently open dependency update PRs can be merged.
That's 95% right there:

🔎   How does Adaptly know this?

✨ Try Adaptly yourself

🚨 You need to enable Continuous Integration on all branches of this repository. 🚨

To enable Greenkeeper, you need to make sure that a commit status is reported on all branches. This is required by Greenkeeper because it uses your CI build statuses to figure out when to notify you about breaking changes.

Since we didn’t receive a CI status on the greenkeeper/initial branch, it’s possible that you don’t have CI set up yet. We recommend using Travis CI, but Greenkeeper will work with every other CI service as well.

If you have already set up a CI for this repository, you might need to check how it’s configured. Make sure it is set to run on all new branches. If you don’t want it to run on absolutely every branch, you can whitelist branches starting with greenkeeper/.

Once you have installed and configured CI on this repository correctly, you’ll need to re-trigger Greenkeeper’s initial pull request. To do this, please delete the greenkeeper/initial branch in this repository, and then remove and re-add this repository to the Greenkeeper App’s white list on Github. You'll find this list on your repo or organization’s settings page, under Installed GitHub Apps.

can i use this module with react native

I haven't used this package before and the documentation (unlike the one for @authentication/cookie-session) don't seem to suggest this should replace or be used alongside cookie-parser. The reason for this question is that I'm trying to see if this will make cookie-parser redundant or possibly hinder the security benefits from this package.

And side question, how would you advise using the three cookie endpoints (from https://www.atauthentication.com/docs/cookie.html#usage)?

It seems like the exponencial rate limit's state has inverted values on value/timestamp properties.

After my first request, the state become:

rateLimitFinded:  {

  _id: 5f567e2be34c8f6794899a16,
  userID: '12345678expo',
  value: 1599503915810,
  timestamp: 1,
  __v: 0
}

While my bucket state:

rateLimitFinded:  {
  _id: 5f567e25e34c8f6794899a14,
  userID: '12345678bucket',
  value: 9,
  timestamp: 1599503915784,
  __v: 0
}

I'm using the same store implementation for both.
For both, bucket and exponencial, the timestamp value is a refereer for the last attempt here and here

I can't look up now. But when I have time I will search in the code where is the apparent bug

I'm trying to use @authentication/secure-hash and @authentication/generate-passcode in a Quasar project with the Registration page's <script> section as follows:

import { hash } from '@authentication/secure-hash';
import generatePassCode, { Encoding } from '@authentication/generate-passcode';

export default {
  data() {
    return {
      // ...
    };
  },
  methods: {
    async register() {
      const password = await generatePassCode(40, Encoding.base91);
      const pwHash = await hash(password);
      //...
    },
  },
};

the password generate works as console.logging password shows it, however, simply having import { hash } from '@authentication/secure-hash'; (even in a boot file) causes the require is not defined error:

ReferenceError: require is not defined
    at Object.eval (index.js?1146:6)
    at eval (index.js:165)
    at Object../node_modules/node-gyp-build/index.js (vendor.js:4450)
    at __webpack_require__ (app.js:854)
    at fn (app.js:151)
    at Object.eval (index.js?1b94:1)
    at eval (index.js:5)
    at Object../node_modules/sodium-native/index.js (vendor.js:5947)
    at __webpack_require__ (app.js:854)
    at fn (app.js:151)