Skip to content

Commit

Permalink
Merge pull request #260 from node-oauth/development
Browse files Browse the repository at this point in the history
Development
  • Loading branch information
jankapunkt authored Nov 7, 2023
2 parents ed2c918 + 9515530 commit 848a03a
Show file tree
Hide file tree
Showing 77 changed files with 3,785 additions and 3,298 deletions.
157 changes: 78 additions & 79 deletions .github/workflows/tests-release.yml
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,6 @@ on:
branches:
- release-* # all release-<version> branches


jobs:
# STEP 1 - NPM Audit

Expand All @@ -23,13 +22,13 @@ jobs:
runs-on: ubuntu-latest

steps:
- uses: actions/checkout@v3
- uses: actions/setup-node@v3
with:
node-version: 20
# install to create local package-lock.json but don't cache the files
# also: no audit for dev dependencies
- run: npm i --package-lock-only && npm audit --production
- uses: actions/checkout@v3
- uses: actions/setup-node@v3
with:
node-version: 20
# install to create local package-lock.json but don't cache the files
# also: no audit for dev dependencies
- run: npm i --package-lock-only && npm audit --production

# STEP 2 - basic unit tests

Expand All @@ -40,34 +39,34 @@ jobs:
needs: [audit]
strategy:
matrix:
node: [14, 16, 18]
node: [16, 18, 20]
steps:
- name: Checkout ${{ matrix.node }}
uses: actions/checkout@v3

- name: Setup node ${{ matrix.node }}
uses: actions/setup-node@v3
with:
node-version: ${{ matrix.node }}

- name: Cache dependencies ${{ matrix.node }}
uses: actions/cache@v3
with:
path: ~/.npm
key: ${{ runner.os }}-node-${{ matrix.node }}-${{ hashFiles('**/package-lock.json') }}
restore-keys: |
${{ runner.os }}-node-${{ matrix.node }}
# for this workflow we also require npm audit to pass
- run: npm i
- run: npm run test:coverage

# with the following action we enforce PRs to have a high coverage
# and ensure, changes are tested well enough so that coverage won't fail
- name: check coverage
uses: VeryGoodOpenSource/[email protected]
with:
path: './coverage/lcov.info'
min_coverage: 95
- name: Checkout ${{ matrix.node }}
uses: actions/checkout@v3

- name: Setup node ${{ matrix.node }}
uses: actions/setup-node@v3
with:
node-version: ${{ matrix.node }}

- name: Cache dependencies ${{ matrix.node }}
uses: actions/cache@v3
with:
path: ~/.npm
key: ${{ runner.os }}-node-${{ matrix.node }}-${{ hashFiles('**/package-lock.json') }}
restore-keys: |
${{ runner.os }}-node-${{ matrix.node }}
# for this workflow we also require npm audit to pass
- run: npm i
- run: npm run test:coverage

# with the following action we enforce PRs to have a high coverage
# and ensure, changes are tested well enough so that coverage won't fail
- name: check coverage
uses: VeryGoodOpenSource/[email protected]
with:
path: './coverage/lcov.info'
min_coverage: 95

# STEP 3 - Integration tests

Expand All @@ -80,41 +79,41 @@ jobs:
needs: [unittest]
strategy:
matrix:
node: [14, 16, 18] # TODO get running for node 16+
node: [16, 18, 20] # TODO get running for node 16+
steps:
# checkout this repo
- name: Checkout ${{ matrix.node }}
uses: actions/checkout@v3

# checkout express-adapter repo
- name: Checkout express-adapter ${{ matrix.node }}
uses: actions/checkout@v3
with:
repository: node-oauth/express-oauth-server
path: github/testing/express

- name: Setup node ${{ matrix.node }}
uses: actions/setup-node@v3
with:
node-version: ${{ matrix.node }}

- name: Cache dependencies ${{ matrix.node }}
uses: actions/cache@v3
with:
path: ~/.npm
key: ${{ runner.os }}-node-${{ matrix.node }}-node-oauth/express-oauth-server-${{ hashFiles('github/testing/express/**/package-lock.json') }}
restore-keys: |
${{ runner.os }}-node-${{ matrix.node }}-node-oauth/express-oauth-server
# in order to test the adapter we need to use the current checkout
# and install it as local dependency
# we just cloned and install it as local dependency
# xxx: added bluebird as explicit dependency
- run: |
cd github/testing/express
npm i
npm install ../../../
npm run test
# checkout this repo
- name: Checkout ${{ matrix.node }}
uses: actions/checkout@v3

# checkout express-adapter repo
- name: Checkout express-adapter ${{ matrix.node }}
uses: actions/checkout@v3
with:
repository: node-oauth/express-oauth-server
path: github/testing/express

- name: Setup node ${{ matrix.node }}
uses: actions/setup-node@v3
with:
node-version: ${{ matrix.node }}

- name: Cache dependencies ${{ matrix.node }}
uses: actions/cache@v3
with:
path: ~/.npm
key: ${{ runner.os }}-node-${{ matrix.node }}-node-oauth/express-oauth-server-${{ hashFiles('github/testing/express/**/package-lock.json') }}
restore-keys: |
${{ runner.os }}-node-${{ matrix.node }}-node-oauth/express-oauth-server
# in order to test the adapter we need to use the current checkout
# and install it as local dependency
# we just cloned and install it as local dependency
# xxx: added bluebird as explicit dependency
- run: |
cd github/testing/express
npm i
npm install https://github.com/node-oauth/node-oauth2-server.git#${{ github.ref_name }}
npm run test
# todo repeat with other adapters

Expand All @@ -139,13 +138,13 @@ jobs:
contents: read
packages: write
steps:
- uses: actions/checkout@v3
- uses: actions/setup-node@v3
with:
# we always publish targeting the lowest supported node version
node-version: 16
registry-url: $registry-url(npm)
- run: npm i
- run: npm publish --dry-run
env:
NODE_AUTH_TOKEN: ${{secrets.GITHUB_TOKEN}}
- uses: actions/checkout@v3
- uses: actions/setup-node@v3
with:
# we always publish targeting the lowest supported node version
node-version: 16
registry-url: $registry-url(npm)
- run: npm i
- run: npm publish --dry-run
env:
NODE_AUTH_TOKEN: ${{secrets.GITHUB_TOKEN}}
2 changes: 1 addition & 1 deletion .mocharc.yml
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
recursive: true
reporter: "spec"
retries: 1
retries: 0
slow: 20
timeout: 2000
ui: "bdd"
Expand Down
6 changes: 3 additions & 3 deletions .readthedocs.yml
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,6 @@ sphinx:

# We recommend specifying your dependencies to enable reproducible builds:
# https://docs.readthedocs.io/en/stable/guides/reproducible-builds.html
# python:
# install:
# - requirements: docs/requirements.txt
python:
install:
- requirements: docs/requirements.txt
20 changes: 19 additions & 1 deletion CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -1,5 +1,23 @@
## Changelog

## 5.0.0

This release contains several breaking changes.
Please carefully consult the documentation while updating.

- removed `bluebird` and `promisify-any`
- uses native Promises and `async/await` everywhere
- drop support for Node 14 (EOL), setting Node 16 as `engine` in `package.json`
- this is a breaking change, because **it removes callback support** for
`OAuthServer` and your model implementation.
- fixed missing await in calling generateAuthorizationCode in AuthorizeHandler
- fix scope validation bug
- revoke code before validating redirect URI
- improved Bearer token validation
- validate scope as an array of strings (breaking change)
- model support for retrieving user based on client
- more tests added; test coverage improved

## 4.2.0
### Fixed
- fix(core): Bearer regular expression matching in authenticate handler #105
Expand Down Expand Up @@ -43,7 +61,7 @@
- Upgrades all code from ES5 to ES6, where possible.

## 4.1.0
### Changed
### Changed
* Bump dev dependencies to resolve vulnerabilities
* Replaced jshint with eslint along with should and chai
* Use sha256 when generating tokens
Expand Down
23 changes: 17 additions & 6 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -8,9 +8,9 @@ Complete, compliant and well tested module for implementing an OAuth2 server in
[![Tests for Release](https://github.com/node-oauth/node-oauth2-server/actions/workflows/tests-release.yml/badge.svg)](https://github.com/node-oauth/node-oauth2-server/actions/workflows/tests-release.yml)
[![Documentation Status](https://readthedocs.org/projects/node-oauthoauth2-server/badge/?version=latest)](https://node-oauthoauth2-server.readthedocs.io/en/latest/?badge=latest)
[![Project Status: Active – The project has reached a stable, usable state and is being actively developed.](https://www.repostatus.org/badges/latest/active.svg)](https://www.repostatus.org/#active)
![npm Version](https://img.shields.io/npm/v/@node-oauth/oauth2-server?label=version)
![npm Downloads/Week](https://img.shields.io/npm/dw/@node-oauth/oauth2-server)
![GitHub License](https://img.shields.io/github/license/node-oauth/node-oauth2-server)
[![npm Version](https://img.shields.io/npm/v/@node-oauth/oauth2-server?label=version)](https://www.npmjs.com/package/@node-oauth/oauth2-server)
[![npm Downloads/Week](https://img.shields.io/npm/dw/@node-oauth/oauth2-server)](https://www.npmjs.com/package/@node-oauth/oauth2-server)
[![GitHub License](https://img.shields.io/github/license/node-oauth/node-oauth2-server)](https://github.com/node-oauth/node-oauth2-server/blob/master/LICENSE)

NOTE: This project has been forked from [oauthjs/node-oauth2-server](https://github.com/oauthjs/node-oauth2-server) and is a continuation due to the project appearing to be abandoned. Please see [our issue board](https://github.com/node-oauth/node-oauth2-server/issues) to talk about next steps and the future of this project.

Expand All @@ -27,24 +27,35 @@ If you're using one of those frameworks it is strongly recommended to use the re
## Features

- Supports `authorization_code`, `client_credentials`, `refresh_token` and `password` grant, as well as *extension grants*, with scopes.
- Can be used with *promises*, *Node-style callbacks*, *ES6 generators* and *async*/*await* (using [Babel](https://babeljs.io)).
- Can be used with *promises*, *ES6 generators* and *async*/*await* (using [Babel](https://babeljs.io)).
- Fully [RFC 6749](https://tools.ietf.org/html/rfc6749.html) and [RFC 6750](https://tools.ietf.org/html/rfc6750.html) compliant.
- Implicitly supports any form of storage, e.g. *PostgreSQL*, *MySQL*, *MongoDB*, *Redis*, etc.
- Support for PKCE
- Complete [test suite](https://github.com/node-oauth/node-oauth2-server/tree/master/test).

## Documentation

[Documentation](https://node-oauthoauth2-server.readthedocs.io/en/latest/) is hosted on Read the Docs.
Documentation is hosted on Read the Docs. We have multiple versions of the docs available:

- [stable](https://node-oauthoauth2-server.readthedocs.io/en/master/) (master branch)
- [development](https://node-oauthoauth2-server.readthedocs.io/en/development/) (development branch)

Please leave an issue if something is confusing or missing in the docs.

## Examples

Most users should refer to our [Express (active)](https://github.com/node-oauth/express-oauth-server) or
Most users should refer to our [Express (active)](https://github.com/node-oauth/express-oauth-server) or
[Koa (not maintained by us)](https://github.com/oauthjs/koa-oauth-server/tree/master/examples) examples.

More examples can be found here: https://github.com/14gasher/oauth-example

## Version 5 notes

Beginning with version `5.x` we removed dual support for callbacks and promises.
With this version there is only support for Promises / async/await.

With this version we also bumped the `engine` to Node 16 as 14 is now deprecated.

## Migrating from OAuthJs and 3.x

Version 4.x should not be hard-breaking, however, there were many improvements and fixes that may
Expand Down
11 changes: 6 additions & 5 deletions SECURITY.md
Original file line number Diff line number Diff line change
Expand Up @@ -5,11 +5,12 @@
Use this section to tell people about which versions of your project are
currently being supported with security updates.

| Version | Supported |
| ------- | ------------------ |
| 4.x.x | :white_check_mark: |
| 3.x.x | :white_check_mark: but only very critical security issues |
| < 3 | :x: |
| Version | Supported |
|---------|--------------------------------------------------|
| 5.x.x | :white_check_mark: |
| 4.x.x | :white_check_mark: but only high severity issues |
| 3.x.x | :x: |
| < 3 | :x: |

## Reporting a Vulnerability

Expand Down
Loading

0 comments on commit 848a03a

Please sign in to comment.