Commit Graph

120 Commits

Author SHA1 Message Date
Renovate Bot
e5ba7185ee Update dependency lodash to v4.17.20 2020-08-13 17:20:11 +00:00
Renovate Bot
cfa076f739 Update dependency @tryghost/string to v0.1.11 2020-08-13 09:25:00 +00:00
Daniel Lockyer
dcc269b9a9 Published new versions
- @tryghost/security@0.1.0
2020-08-11 13:49:57 +01:00
Daniel Lockyer
ccf0f074c7 Added missing dependencies for new @tryghost/security package 2020-08-11 13:47:34 +01:00
Daniel Lockyer
ec0ed397d9 Moved test files to correct name
- `yarn test` will look for files matching `*.test.js`, so this commit
  fixes the name for the tests
2020-08-11 13:45:21 +01:00
Daniel Lockyer
14a53f696e Populated index.js with exports to package components
- pulled lib/index.js up to root and fixed paths
2020-08-11 13:38:44 +01:00
Daniel Lockyer
aa1c597e71 Removed template test file
- real tests have been pulled in so we don't need this
2020-08-11 13:35:40 +01:00
Daniel Lockyer
ff9e980fcb Merged security files and history from TryGhost/Ghost
* included commits:
  Updated var declarations to const/let and no lists
  Move tests from core to root (#11700)
  Updated to use slugify method from SDK for safe string
  Added Node v10 Support (#10058)
  Dynamic Routing: Added migration for routes.yaml file (#9692)
  Fixed missing Bluebird require in `security/password.js` (#9624)
  🔥  Drop Node v4 Support
  Added unit tests for models.Invite.add
  Added lib.security.password lib
  Moved unique identifier generation to lib/security
  Moved tokens, url safe and safe string utility to lib/security
2020-08-11 13:30:09 +01:00
Daniel Lockyer
82a698ec0b Created @tryghost/security package 2020-08-11 13:29:32 +01:00
Hannah Wolfe
36675b6494 Updated var declarations to const/let and no lists
- All var declarations are now const or let as per ES6
- All comma-separated lists / chained declarations are now one declaration per line
- This is for clarity/readability but also made running the var-to-const/let switch smoother
- ESLint rules updated to match

How this was done:

- npm install -g jscodeshift
- git clone https://github.com/cpojer/js-codemod.git
- git clone git@github.com:TryGhost/Ghost.git shallow-ghost
- cd shallow-ghost
- jscodeshift -t ../js-codemod/transforms/unchain-variables.js . -v=2
- jscodeshift -t ../js-codemod/transforms/no-vars.js . -v=2
- yarn
- yarn test
- yarn lint / fix various lint errors (almost all indent) by opening files and saving in vscode
- grunt test-regression
- sorted!
2020-04-29 16:51:13 +01:00
Hannah Wolfe
b57ecbcc4a Move tests from core to root (#11700)
- move all test files from core/test to test/
- updated all imports and other references
- all code inside of core/ is then application code
- tests are correctly at the root level
- consistent with other repos/projects

Co-authored-by: Kevin Ansfield <kevin@lookingsideways.co.uk>
2020-03-30 16:26:47 +01:00
Rish
58084ac96e Updated to use slugify method from SDK for safe string
refs #10618

- Updated lib safe string security method
2019-05-07 15:33:07 +05:30
Katharina Irrgang
7fb0b96f3e Added Node v10 Support (#10058)
* Added Node v10 Support

no issue

Signed-off-by: kirrg001 <katharina.irrgang@googlemail.com>

* Bump amperize to version 0.3.8

no issue

* Bump mysql to version 2.16.0

no issue

- mysql 2.15.0 uses a deprecated notation for timers
- e.g. timers.unenroll()

* Bump sub dependencies

no issue

- e.g. knex-migrator used mysql 2.15.0

* Bump dependencies

no issue

* Replaced `new Buffer` with `Buffer.from`

no issue

- Buffer() is deprecated due to security and usability issues.
- https://nodejs.org/en/docs/guides/buffer-constructor-deprecation/
2018-10-30 15:45:51 +07:00
Katharina Irrgang
7d9e2a21ad Dynamic Routing: Added migration for routes.yaml file (#9692)
refs #9601

- the home.hbs behaviour for the index collection (`/`) is hardcoded in Ghost
- we would like to migrate all existing routes.yaml files
- we only replace the file if the contents of the routes.yaml file equals the old routes.yaml format (with home.hbs as template)
- updated README of settings folder
- if we don't remove the home.hbs template from the default routes.yaml file, home.hbs will be rendered for any page of the index collection
  - the backwards compatible behaviour was different
  - only render home.hbs for page 1
- remember: the default routes.yaml file reflects how Ghost was working without dynamic routing
2018-06-22 20:28:01 +02:00
Ivan Akulov
e9d1d34739 Fixed missing Bluebird require in security/password.js (#9624)
no issue
2018-05-28 23:01:01 +02:00
kirrg001
c19a0c9942 🔥 Drop Node v4 Support
no issue

- support ends today
- see https://github.com/nodejs/Release
- removed `use strict`
2018-05-01 14:06:18 +02:00
kirrg001
a0ee411e6e Added unit tests for models.Invite.add
no issue

- replaced token creation by `lib.common.security`
- added unit tests for adding invites
- allow a different invite status for internal access
2018-04-25 11:56:45 +02:00
kirrg001
5d1a4418bd Added lib.security.password lib
no issue

- move password hashing and password comparison to lib/security/password
- added two unit test
- FYI: password hashing takes ~100ms
  - we could probably mock password hashing in certain cases when unit testing
2018-02-15 21:13:04 +01:00
kirrg001
72911862e7 Moved unique identifier generation to lib/security
refs #9178
2017-12-14 13:52:20 +01:00
kirrg001
411ce69006 Moved tokens, url safe and safe string utility to lib/security
refs #9178

- we could now also move any crypto usages to lib/security, but no priority
- the main goal is to tidy up our utils folder
2017-12-14 13:38:00 +01:00