Commit Graph

12 Commits

Author SHA1 Message Date
Sirichai Chulee
58ca6f3d95
Updated uuid to crypto.randomUUID() (#20821)
The uuid package README suggests using the node builtin `crypto` library if
we're only using uuid.v4, which we are.
2024-09-12 09:09:30 +07:00
Daniel Lockyer
1f9d9b1185 Fixed flaky test
- the test wants to assert that the output contains 0-9 a-z characters,
  but it actually asserts the output is a number followed by alphabet
  characters
- this commit updates the regex to allow any combination of letters and
  numbers
2022-07-26 12:51:37 +02:00
Hannah Wolfe
3a7613a46e Added secret.create util to security package
- this utility existed twice in the ghost codebase:
   - f6fb823ce9/core/server/models/api-key.js (L24)
   - f6fb823ce9/core/server/data/migrations/versions/4.0/22-solve-orphaned-webhooks.js (L7)
- We also potentially need it for a second migration use case
- so moved it here, made it slightly more generic and also deprecated identifier.uid in favour of using this method as they do the same thing, but secret.create uses crypto properly
2022-05-06 15:15:40 +01:00
Nazar Gargol
d33b377c6a Corrected "declared in uppper scope" linting errors 2020-09-22 15:33:30 +12:00
Nazar Gargol
07972312ed Extended resetToken.compare return result with reason for comparison failure
refs https://github.com/TryGhost/Ghost/issues/11878

- To be able to identify the reason behind comparison failure on more granular level (like token expiration) had to provide additional information in return result for falsy token comparisons
2020-09-22 15:31:15 +12:00
Nazar Gargol
54f9ff24c2 Extended test coverage for tokens module
refs https://github.com/TryGhost/Ghost/issues/11878

- There are multiple reasons why the token can be invalid. This coverage is meant cover these reasons and pave the way for introduction of more rganular errors causing the invlid token
2020-09-22 13:17:07 +12:00
Daniel Lockyer
ec0ed397d9 Moved test files to correct name
- `yarn test` will look for files matching `*.test.js`, so this commit
  fixes the name for the tests
2020-08-11 13:45:21 +01:00
Daniel Lockyer
aa1c597e71 Removed template test file
- real tests have been pulled in so we don't need this
2020-08-11 13:35:40 +01:00
Daniel Lockyer
ff9e980fcb Merged security files and history from TryGhost/Ghost
* included commits:
  Updated var declarations to const/let and no lists
  Move tests from core to root (#11700)
  Updated to use slugify method from SDK for safe string
  Added Node v10 Support (#10058)
  Dynamic Routing: Added migration for routes.yaml file (#9692)
  Fixed missing Bluebird require in `security/password.js` (#9624)
  🔥  Drop Node v4 Support
  Added unit tests for models.Invite.add
  Added lib.security.password lib
  Moved unique identifier generation to lib/security
  Moved tokens, url safe and safe string utility to lib/security
2020-08-11 13:30:09 +01:00
Daniel Lockyer
82a698ec0b Created @tryghost/security package 2020-08-11 13:29:32 +01:00
Hannah Wolfe
36675b6494 Updated var declarations to const/let and no lists
- All var declarations are now const or let as per ES6
- All comma-separated lists / chained declarations are now one declaration per line
- This is for clarity/readability but also made running the var-to-const/let switch smoother
- ESLint rules updated to match

How this was done:

- npm install -g jscodeshift
- git clone https://github.com/cpojer/js-codemod.git
- git clone git@github.com:TryGhost/Ghost.git shallow-ghost
- cd shallow-ghost
- jscodeshift -t ../js-codemod/transforms/unchain-variables.js . -v=2
- jscodeshift -t ../js-codemod/transforms/no-vars.js . -v=2
- yarn
- yarn test
- yarn lint / fix various lint errors (almost all indent) by opening files and saving in vscode
- grunt test-regression
- sorted!
2020-04-29 16:51:13 +01:00
Hannah Wolfe
b57ecbcc4a Move tests from core to root (#11700)
- move all test files from core/test to test/
- updated all imports and other references
- all code inside of core/ is then application code
- tests are correctly at the root level
- consistent with other repos/projects

Co-authored-by: Kevin Ansfield <kevin@lookingsideways.co.uk>
2020-03-30 16:26:47 +01:00