release/v2.8.0 (#158)

* fix/TEN-100-further-logging-restrictions (#67)

* TEN-123: fixed tests and getaddress (#83)

* TEN-123: updated versions and dependencies

* TEN-123: updated package-lock

* fix/TEN-125-memory-leak (#85)

* TEN-125: updated container package RELEASES

* feat/TEN-31-on-behalf-of-as (#76)

Co-authored-by: [email protected] <[email protected]>
Co-authored-by: JustinErenJaeger <[email protected]>

* fix/TEN-130-init-startup-defer-sync-methods-callback (#96)

* TEN-130: added package-lock

* fix/TEN-126-reconnect-on-error (#88)

Co-authored-by: [email protected] <[email protected]>
Co-authored-by: JustinErenJaeger <[email protected]>

* feat/SMCCT-640-change-default-nic-get-address (#93)

* fix/TEN-65-bad-options-data-get (#98)

* TEN-65, TEN-126, TEN-123: updated dependencies, added documentation for happn client reconnect settings

* TEN-65, TEN-126, TEN-123: fixed documentation typo

* fix/TEN-138-api-client-fails-auth-delegation-on (#103)

* feat/TEN-132-authorization-cache-key-regex-masking (#100)

* TEN-132, TEN-138: updated dependencies and versions

* TEN-132, TEN-138: fixed bad version in container repo RELEASES

* chore/TEN-143-TEN-101-websocket-update-remove-elasticsearch (#105)

* test/TEN-129-security-unit-tests (#94)

* fix/TEN-141-fatal-security-generate-session (#108)

* feat/TEN-144-rest-array-arguments (#109)

* fix/TEN-146-remove-preserve-criteria (#115)

* release/TEN-129-TEN-141-TEN-144-TEN-146 updated versions

* fix/TEN-135-do-not-insert-path-default-sort (#119)

Co-authored-by: cordellcalitz <[email protected]>

* fix/TEN-140-outdated-pem-module (#125)

* doc/TEN-148-post-array-http-rpc (#122)

* feat/TEN-4-productionize-summon (#127)

* release: v12.2.0

* TEN-4: updated README

* feat/sqlite-db-provider (#128)

Co-authored-by: Aaron Marais <[email protected]>

* dep: updated RELEASES and dependencies

* fix/aec#862hyd2pk-blank-space-in-loki-journal-causes-restore-fail (#138)

* feat/loki-data-provider-archiving (#136)

Co-authored-by: Simon Bishop <[email protected]>

* TEN-4-summon-productionize-extended (#134)

Co-authored-by: Aaron Marais <[email protected]>

* TEN-4: fixed conflict in base RELEASES

* fix/TEN-152-getuser-without-params (#145)

* feat/TEN-159-switch-off-file-watching-packager (#143)

* doc/TEN-127-configurable-payload-limit-ws (#146)

* fix/TEN-144-allow-for-as-on-array-parameters (#147)

* TEN-164: updated dependencies

* feat/TEN-167-logout (#149)

* release/v2.7.0

* fix/SMCCT-1142 rest payload stringify (#155)

* fix/SMCCT-1142 rest payload stringify

* fix/SMCCT-1142 rest payload stringify

* release/v2.7.1

* SMCCT-862 add ability to reset and change password (#157)

* SMCCT-862 add abitilty to reset and change password

* SMCCT-862 review items

* SMCCT-862 Code review items.  Wrapping client functions in a maybePromisify.

* SMCCT-862 Code review items.

* SMCCT-862 Remove the only.

* SMCCT-862 Upping code coverage

* SMCCT-862 Fix code lint.

* chore(#SMCCT-862): lint fixed, modifications to happn-client

* SMCCT-862 Prettier, code review items.

* SMCCT-862 Adding back sanity on Happn Client, to ensure arguments are correct.  This will be replaced when we move away from Callback to promises.

* SMCCT-862 Version for Release - 13.11.0

---------

Co-authored-by: Simon Bishop <[email protected]>

* dep(#SMCCT-862): updated dependencies

* dep(#SMCCT-862): updated master version and releases

---------

Co-authored-by: [email protected] <[email protected]>
Co-authored-by: JustinErenJaeger <[email protected]>
Co-authored-by: Justin Creighton (SoulCali Drago) <[email protected]>
Co-authored-by: cordellcalitz <[email protected]>
Co-authored-by: Aaron Marais <[email protected]>
Co-authored-by: Aaron Marais <[email protected]>
Co-authored-by: Jacques Erasmus <[email protected]>
Co-authored-by: Craig Sampson <[email protected]>

RELEASES.md

@@ -1,3 +1,8 @@
+2.8.0 2023-04-29
+-----------------
+  - feat: happn-3 changePassword in client
+  - feat: happn-3 resetPassword supported by auth provider
+
 2.7.1 2023-04-14
 -----------------
   - fix: happner-2 rest stringify ignores special characters

package.json

@@ -1,6 +1,6 @@
 {
   "name": "happner-suite",
-  "version": "2.7.1",
+  "version": "2.8.0",
   "scripts": {
     "test": "echo \"tests are not run from the main package of the workspace\" && exit 1",
     "re-install": "rm -rf node_modules && rm -rf ./packages/*/node_modules && rm -rf package-lock.json && npm i",

packages/happn-3/RELEASES.md

@@ -1061,3 +1061,8 @@
 -----------------
   - feat: token revocation and logout
   - fix: token revocation cluster fix
+
+13.11.0 2023-04-29
+-----------------
+  - feat: changePassword in client
+  - feat: resetPassword supported by auth provider

packages/happn-3/lib/client.js

@@ -255,7 +255,7 @@
     //ensure session scope is not on the prototype
     this.session = null;
     if (browser) {
-      return this.getResources((e) => {
+      return this.__getResources((e) => {
         if (e) return callback(e);
         this.connect((e) => {
           if (e) return callback(e);
@@ -538,7 +538,7 @@
     };
   };
 
-  HappnClient.prototype.getScript = function (url, callback) {
+  HappnClient.prototype.__getScript = function (url, callback) {
     if (!browser) return callback(new Error('only for browser'));
 
     var script = document.createElement('script');
@@ -562,10 +562,10 @@
     head.appendChild(script);
   };
 
-  HappnClient.prototype.getResources = function (callback) {
+  HappnClient.prototype.__getResources = function (callback) {
     if (typeof Primus !== 'undefined') return callback();
 
-    this.getScript(this.options.url + '/browser_primus.js', function (e) {
+    this.__getScript(this.options.url + '/browser_primus.js', function (e) {
       if (e) return callback(e);
 
       if (typeof Primus === 'undefined') {
@@ -586,7 +586,7 @@
     if (crypto) return callback();
 
     if (browser) {
-      this.getScript(this.options.url + '/browser_crypto.js', function (e) {
+      this.__getScript(this.options.url + '/browser_crypto.js', function (e) {
         if (e) return callback(e);
         crypto = new window.Crypto();
         callback();
@@ -940,7 +940,10 @@
   };
 
   HappnClient.prototype.__performSystemRequest = function (action, data, options, callback) {
-    var message = {
+    if (typeof callback !== 'function') {
+      throw new Error('Invalid system call');
+    }
+    let message = {
       action: action,
       eventId: this.getEventId(),
     };
@@ -1828,9 +1831,17 @@
     });
   };
 
-  HappnClient.prototype.revokeToken = function (callback) {
+  HappnClient.prototype.revokeToken = utils.maybePromisify(function (callback) {
     return this.__performSystemRequest('revoke-token', null, null, callback);
-  };
+  });
+
+  HappnClient.prototype.changePassword = utils.maybePromisify(function (passwordDetails, callback) {
+    return this.__performSystemRequest('change-password', passwordDetails, null, callback);
+  });
+
+  HappnClient.prototype.resetPassword = utils.maybePromisify(function (callback) {
+    return this.__performSystemRequest('reset-password', null, null, callback);
+  });
 
   HappnClient.prototype.__destroySocket = function (socket, callback) {
     //possible socket end needs to do its thing, we destroy in the next tick

packages/happn-3/lib/providers/security-base-auth-provider.js

@@ -181,6 +181,14 @@ module.exports = class SecurityBaseAuthProvider {
     return this.systemError('providerCredsLogin not implemented.');
   }
 
+  async providerResetPassword() {
+    return this.systemError('providerResetPassword not implemented.');
+  }
+
+  async providerChangePassword() {
+    return this.systemError('providerChangePassword not implemented.');
+  }
+
   loginFailed(username, specificMessage, e, overrideLockout) {
     let message = 'Invalid credentials';
     if (specificMessage) message = specificMessage;

packages/happn-3/lib/providers/security-happn-auth-provider.js

@@ -54,4 +54,20 @@ module.exports = class HappnAuthProvider extends SecurityBaseAuthProvider {
     }
     return this.loginOK(credentials, user, sessionId);
   }
+
+  async providerChangePassword(credentials, passwordDetails) {
+    const user = await this.securityFacade.users.getUser(credentials.username);
+    if (user == null) {
+      return this.systemError(`bad username: ${credentials.username}`);
+    }
+    if (!passwordDetails?.oldPassword || !passwordDetails?.newPassword) {
+      return this.systemError('Invalid parameters: oldPassword and newPassword required');
+    }
+    const hash = await this.securityFacade.users.getPasswordHash(credentials.username);
+    if (!(await this.securityFacade.security.matchPassword(passwordDetails.oldPassword, hash))) {
+      return this.systemError(`Invalid old password`);
+    }
+    user.password = passwordDetails.newPassword;
+    return this.securityFacade.users.upsertUser(user);
+  }
 };

packages/happn-3/lib/services/protocol/service.js

@@ -146,26 +146,14 @@ function __processSinglePath(transformed, callback) {
     if (authorized.request.action === 'set') {
       return this.happn.services.data.processStore(authorized, (e, publication) => {
         if (e) return callback(e);
-        if (publication.request.options && publication.request.options.noPublish)
-          return callback(null, publication);
+        if (publication.request?.options?.noPublish) return callback(null, publication);
         this.happn.services.publisher.processPublish(publication, function (e, result) {
           if (e) return callback(e);
           callback(null, result);
         });
       });
     }
 
-    if (authorized.request.action === 'remove')
-      return this.happn.services.data.processRemove(authorized, (e, publication) => {
-        if (e) return callback(e);
-        if (publication.request.options && publication.request.options.noPublish)
-          return callback(null, publication);
-        this.happn.services.publisher.processPublish(publication, (e, result) => {
-          if (e) return callback(e);
-          callback(null, result);
-        });
-      });
-
     if (authorized.request.action === 'get') {
       return this.happn.services.data.processGet(authorized, (e, result) => {
         if (e) return callback(e);
@@ -223,20 +211,47 @@ function __processSinglePath(transformed, callback) {
       });
     }
 
+    if (authorized.request.action === 'remove')
+      return this.happn.services.data.processRemove(authorized, (e, publication) => {
+        if (e) return callback(e);
+        if (publication.request?.options?.noPublish) return callback(null, publication);
+        this.happn.services.publisher.processPublish(publication, (e, result) => {
+          if (e) return callback(e);
+          callback(null, result);
+        });
+      });
+
     if (authorized.request.action === 'ack')
       return this.happn.services.publisher.processAcknowledge(authorized, (e, result) => {
         if (e) return callback(e);
         callback(null, result);
       });
 
-    if (authorized.request.action === 'revoke-token')
+    if (authorized.request.action === 'reset-password') {
+      if (!this.config.secure) return callback(new Error('Cannot reset-password Not Secure'));
+      return this.happn.services.security.resetPassword(authorized, (e, result) => {
+        if (e) return callback(e);
+        callback(null, result);
+      });
+    }
+
+    if (authorized.request.action === 'change-password') {
+      if (!this.config.secure) return callback(new Error('Cannot change-password Not Secure'));
+      return this.happn.services.security.changePassword(authorized, (e, result) => {
+        if (e) return callback(e);
+        callback(null, result);
+      });
+    }
+    if (authorized.request.action === 'revoke-token') {
+      if (!this.config.secure) return callback(new Error('Cannot revoke-token Not Secure'));
       return this.happn.services.session.processRevokeSessionToken(
         authorized,
         'CLIENT',
         function (e, result) {
           callback(e, result);
         }
       );
+    }
 
     if (authorized.request.action === 'disconnect-child-sessions')
       return this.happn.services.session.disconnectSessions(

packages/happn-3/lib/services/security/service.js

@@ -50,6 +50,8 @@ module.exports = class SecurityService extends require('events').EventEmitter {
     this.login = util.maybePromisify(this.login);
     this.matchPassword = util.maybePromisify(this.matchPassword);
     this.verifyAuthenticationDigest = util.maybePromisify(this.verifyAuthenticationDigest);
+    this.resetPassword = util.maybePromisify(this.#resetPassword);
+    this.changePassword = util.maybePromisify(this.#changePassword);
     this.revokeToken = util.maybePromisify(this.revokeToken);
   }
 
@@ -744,6 +746,39 @@ module.exports = class SecurityService extends require('events').EventEmitter {
     return ttl || 0; // Infinity turns to null over the wire, 0 can be 0
   }
 
+  #resetPassword(authorized, callback) {
+    let session = authorized.session;
+    this.#matchAuthProvider(session.user.username, (e, authProvider) => {
+      if (e) return callback(e);
+      let error;
+      authProvider.instance
+        .providerResetPassword(authorized.session.user)
+        .catch((e) => {
+          error = e;
+        })
+        .finally(() => {
+          callback(error, authorized);
+        });
+    });
+  }
+
+  #changePassword(authorized, callback) {
+    let session = authorized.session;
+    let passwordDetails = authorized.request.data;
+    this.#matchAuthProvider(session.user.username, (e, authProvider) => {
+      if (e) return callback(e);
+      let error;
+      authProvider.instance
+        .providerChangePassword(authorized.session.user, passwordDetails)
+        .catch((e) => {
+          error = e;
+        })
+        .finally(() => {
+          callback(error, authorized);
+        });
+    });
+  }
+
   revokeToken(token, reason, callback) {
     if (typeof reason === 'function') {
       callback = reason;

packages/happn-3/package.json

@@ -1,6 +1,6 @@
 {
   "name": "happn-3",
-  "version": "13.10.0",
+  "version": "13.11.0",
   "description": "pub/sub api as a service using primus and mongo & redis or nedb, can work as cluster, single process or embedded using nedb",
   "keywords": [
     "mongo",
@@ -58,9 +58,9 @@
     "commander": "^4.1.0",
     "debug": "4.1.1",
     "gulp": "^4.0.2",
-    "happn-cluster": "12.3.2",
+    "happn-cluster": "12.4.0",
     "happn-commons-test": "1.2.1",
-    "happn-db-provider-mongo": "1.1.8",
+    "happn-db-provider-mongo": "1.1.9",
     "happn-random-activity-generator": "0.2.1",
     "jsprim": "^2.0.0",
     "mongodb": "^4.1.3",

packages/happn-3/test/__fixtures/test/integration/security/authentication/secondAuthProvider.js

@@ -1,4 +1,6 @@
-module.exports = class SecondAuthProvider extends require('../../../../../..').providers.SecurityBaseAuthProvider {
+module.exports = class SecondAuthProvider extends (
+  require('../../../../../..').providers.SecurityBaseAuthProvider
+) {
   constructor(securityFacade, config) {
     super(securityFacade, config);
   }
@@ -8,4 +10,4 @@ module.exports = class SecondAuthProvider extends require('../../../../../..').p
   async login() {
     return 'Login called in second auth provider';
   }
-};
+};

packages/happn-3/test/__fixtures/test/integration/security/authentication/workingAuth.js

@@ -1,4 +1,6 @@
-module.exports = class TestAuthProvider extends require('../../../../../..').providers.SecurityBaseAuthProvider {
+module.exports = class TestAuthProvider extends (
+  require('../../../../../..').providers.SecurityBaseAuthProvider
+) {
   constructor(securityFacade, happnConfig, providerOptions) {
     super(securityFacade, happnConfig, providerOptions);
   }
@@ -7,25 +9,32 @@ module.exports = class TestAuthProvider extends require('../../../../../..').pro
     return new TestAuthProvider(securityFacade, config, providerOptions);
   }
 
-  async providerCredsLogin(credentials, sessionId) {      
-    if (credentials.username === "[email protected]" && credentials.password === "secondPass") {        
-      let user = {username: "[email protected]", groups:[]}
+  async providerCredsLogin(credentials, sessionId) {
+    if (
+      credentials.username === '[email protected]' &&
+      credentials.password === 'secondPass'
+    ) {
+      let user = { username: '[email protected]', groups: [] };
       return this.loginOK(credentials, user, sessionId);
     }
     return this.loginFailed(credentials.username, 'Invalid credentials');
   }
 
-  async providerTokenLogin(credentials, decodedToken, sessionId) {      
-    if (decodedToken.username === "[email protected]" && credentials.token != null) {        
-      let user = {username: "[email protected]", groups:[]}
+  async providerTokenLogin(credentials, decodedToken, sessionId) {
+    if (decodedToken.username === '[email protected]' && credentials.token != null) {
+      let user = { username: '[email protected]', groups: [] };
       return this.loginOK(credentials, user, sessionId);
     }
     return this.loginFailed(credentials.username, 'Invalid credentials');
   }
 
+  async providerResetPassword(credentials) {
+    throw new Error(`Works !! Password reset ${credentials.username}`);
+  }
+
   defaults(options) {
     return {
       test: (options?.test || 0) + 1,
-    }
+    };
   }
 };