From 8b6648ad4af3a04045fe1dc82aef5e065a94dae4 Mon Sep 17 00:00:00 2001 From: Joren Vandeweyer Date: Wed, 13 Oct 2021 13:56:29 +0200 Subject: [PATCH 1/2] remove lodash dependency --- .github/dependabot.yml | 33 +++++++++---------- lib/errors/access-denied-error.js | 3 +- lib/errors/insufficient-scope-error.js | 3 +- lib/errors/invalid-argument-error.js | 3 +- lib/errors/invalid-client-error.js | 3 +- lib/errors/invalid-grant-error.js | 3 +- lib/errors/invalid-request-error.js | 3 +- lib/errors/invalid-scope-error.js | 3 +- lib/errors/invalid-token-error.js | 3 +- lib/errors/oauth-error.js | 8 ++--- lib/errors/server-error.js | 3 +- lib/errors/unauthorized-client-error.js | 3 +- lib/errors/unauthorized-request-error.js | 3 +- lib/errors/unsupported-grant-type-error.js | 3 +- lib/errors/unsupported-response-type-error.js | 3 +- lib/handlers/authorize-handler.js | 7 ++-- lib/handlers/token-handler.js | 7 ++-- lib/server.js | 7 ++-- package-lock.json | 7 ++-- package.json | 1 - 20 files changed, 44 insertions(+), 65 deletions(-) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 473c411..b3e36ad 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -1,20 +1,17 @@ version: 2 updates: -- package-ecosystem: npm - directory: "/" - schedule: - interval: daily - open-pull-requests-limit: 10 - ignore: - - dependency-name: sinon - versions: - - 10.0.0 - - 9.2.4 - - dependency-name: mocha - versions: - - 8.2.1 - - 8.3.0 - - 8.3.1 - - dependency-name: lodash - versions: - - 4.17.20 + - package-ecosystem: npm + directory: "/" + schedule: + interval: daily + open-pull-requests-limit: 10 + ignore: + - dependency-name: sinon + versions: + - 10.0.0 + - 9.2.4 + - dependency-name: mocha + versions: + - 8.2.1 + - 8.3.0 + - 8.3.1 diff --git a/lib/errors/access-denied-error.js b/lib/errors/access-denied-error.js index d3ffc70..0f3dc2f 100644 --- a/lib/errors/access-denied-error.js +++ b/lib/errors/access-denied-error.js @@ -4,7 +4,6 @@ * Module dependencies. */ -var _ = require('lodash'); var OAuthError = require('./oauth-error'); var util = require('util'); @@ -17,7 +16,7 @@ var util = require('util'); */ function AccessDeniedError(message, properties) { - properties = _.assign({ + properties = Object.assign({ code: 400, name: 'access_denied' }, properties); diff --git a/lib/errors/insufficient-scope-error.js b/lib/errors/insufficient-scope-error.js index c6442ea..c522df7 100644 --- a/lib/errors/insufficient-scope-error.js +++ b/lib/errors/insufficient-scope-error.js @@ -4,7 +4,6 @@ * Module dependencies. */ -var _ = require('lodash'); var OAuthError = require('./oauth-error'); var util = require('util'); @@ -17,7 +16,7 @@ var util = require('util'); */ function InsufficientScopeError(message, properties) { - properties = _.assign({ + properties = Object.assign({ code: 403, name: 'insufficient_scope' }, properties); diff --git a/lib/errors/invalid-argument-error.js b/lib/errors/invalid-argument-error.js index cb56d5a..b667468 100644 --- a/lib/errors/invalid-argument-error.js +++ b/lib/errors/invalid-argument-error.js @@ -4,7 +4,6 @@ * Module dependencies. */ -var _ = require('lodash'); var OAuthError = require('./oauth-error'); var util = require('util'); @@ -13,7 +12,7 @@ var util = require('util'); */ function InvalidArgumentError(message, properties) { - properties = _.assign({ + properties = Object.assign({ code: 500, name: 'invalid_argument' }, properties); diff --git a/lib/errors/invalid-client-error.js b/lib/errors/invalid-client-error.js index d95358c..31aea2d 100644 --- a/lib/errors/invalid-client-error.js +++ b/lib/errors/invalid-client-error.js @@ -4,7 +4,6 @@ * Module dependencies. */ -var _ = require('lodash'); var OAuthError = require('./oauth-error'); var util = require('util'); @@ -18,7 +17,7 @@ var util = require('util'); */ function InvalidClientError(message, properties) { - properties = _.assign({ + properties = Object.assign({ code: 400, name: 'invalid_client' }, properties); diff --git a/lib/errors/invalid-grant-error.js b/lib/errors/invalid-grant-error.js index 58d032e..810242d 100644 --- a/lib/errors/invalid-grant-error.js +++ b/lib/errors/invalid-grant-error.js @@ -4,7 +4,6 @@ * Module dependencies. */ -var _ = require('lodash'); var OAuthError = require('./oauth-error'); var util = require('util'); @@ -19,7 +18,7 @@ var util = require('util'); */ function InvalidGrantError(message, properties) { - properties = _.assign({ + properties = Object.assign({ code: 400, name: 'invalid_grant' }, properties); diff --git a/lib/errors/invalid-request-error.js b/lib/errors/invalid-request-error.js index 4cf0a73..bfb178a 100644 --- a/lib/errors/invalid-request-error.js +++ b/lib/errors/invalid-request-error.js @@ -4,7 +4,6 @@ * Module dependencies. */ -var _ = require('lodash'); var OAuthError = require('./oauth-error'); var util = require('util'); @@ -18,7 +17,7 @@ var util = require('util'); */ function InvalidRequest(message, properties) { - properties = _.assign({ + properties = Object.assign({ code: 400, name: 'invalid_request' }, properties); diff --git a/lib/errors/invalid-scope-error.js b/lib/errors/invalid-scope-error.js index c3b287f..bcded24 100644 --- a/lib/errors/invalid-scope-error.js +++ b/lib/errors/invalid-scope-error.js @@ -4,7 +4,6 @@ * Module dependencies. */ -var _ = require('lodash'); var OAuthError = require('./oauth-error'); var util = require('util'); @@ -17,7 +16,7 @@ var util = require('util'); */ function InvalidScopeError(message, properties) { - properties = _.assign({ + properties = Object.assign({ code: 400, name: 'invalid_scope' }, properties); diff --git a/lib/errors/invalid-token-error.js b/lib/errors/invalid-token-error.js index d7e7a8b..cb12c3e 100644 --- a/lib/errors/invalid-token-error.js +++ b/lib/errors/invalid-token-error.js @@ -4,7 +4,6 @@ * Module dependencies. */ -var _ = require('lodash'); var OAuthError = require('./oauth-error'); var util = require('util'); @@ -17,7 +16,7 @@ var util = require('util'); */ function InvalidTokenError(message, properties) { - properties = _.assign({ + properties = Object.assign({ code: 401, name: 'invalid_token' }, properties); diff --git a/lib/errors/oauth-error.js b/lib/errors/oauth-error.js index a388cd3..f924257 100644 --- a/lib/errors/oauth-error.js +++ b/lib/errors/oauth-error.js @@ -3,7 +3,6 @@ /** * Module dependencies. */ -var _ = require('lodash'); var util = require('util'); var http = require('http'); /** @@ -13,17 +12,16 @@ var http = require('http'); function OAuthError(messageOrError, properties) { var message = messageOrError instanceof Error ? messageOrError.message : messageOrError; var error = messageOrError instanceof Error ? messageOrError : null; - if (_.isEmpty(properties)) - { + if (typeof properties !== 'object') { properties = {}; } - _.defaults(properties, { code: 500 }); + properties = Object.assign({ code: 500 }, properties); if (error) { properties.inner = error; } - if (_.isEmpty(message)) { + if (!message || message.length === 0) { message = http.STATUS_CODES[properties.code]; } this.code = this.status = this.statusCode = properties.code; diff --git a/lib/errors/server-error.js b/lib/errors/server-error.js index d193af3..a1bdcf9 100644 --- a/lib/errors/server-error.js +++ b/lib/errors/server-error.js @@ -4,7 +4,6 @@ * Module dependencies. */ -var _ = require('lodash'); var OAuthError = require('./oauth-error'); var util = require('util'); @@ -17,7 +16,7 @@ var util = require('util'); */ function ServerError(message, properties) { - properties = _.assign({ + properties = Object.assign({ code: 503, name: 'server_error' }, properties); diff --git a/lib/errors/unauthorized-client-error.js b/lib/errors/unauthorized-client-error.js index c05075d..eca0d68 100644 --- a/lib/errors/unauthorized-client-error.js +++ b/lib/errors/unauthorized-client-error.js @@ -4,7 +4,6 @@ * Module dependencies. */ -var _ = require('lodash'); var OAuthError = require('./oauth-error'); var util = require('util'); @@ -17,7 +16,7 @@ var util = require('util'); */ function UnauthorizedClientError(message, properties) { - properties = _.assign({ + properties = Object.assign({ code: 400, name: 'unauthorized_client' }, properties); diff --git a/lib/errors/unauthorized-request-error.js b/lib/errors/unauthorized-request-error.js index ae7500d..afb11b8 100644 --- a/lib/errors/unauthorized-request-error.js +++ b/lib/errors/unauthorized-request-error.js @@ -4,7 +4,6 @@ * Module dependencies. */ -var _ = require('lodash'); var OAuthError = require('./oauth-error'); var util = require('util'); @@ -20,7 +19,7 @@ var util = require('util'); */ function UnauthorizedRequestError(message, properties) { - properties = _.assign({ + properties = Object.assign({ code: 401, name: 'unauthorized_request' }, properties); diff --git a/lib/errors/unsupported-grant-type-error.js b/lib/errors/unsupported-grant-type-error.js index 28ca0ec..63345ce 100644 --- a/lib/errors/unsupported-grant-type-error.js +++ b/lib/errors/unsupported-grant-type-error.js @@ -4,7 +4,6 @@ * Module dependencies. */ -var _ = require('lodash'); var OAuthError = require('./oauth-error'); var util = require('util'); @@ -17,7 +16,7 @@ var util = require('util'); */ function UnsupportedGrantTypeError(message, properties) { - properties = _.assign({ + properties = Object.assign({ code: 400, name: 'unsupported_grant_type' }, properties); diff --git a/lib/errors/unsupported-response-type-error.js b/lib/errors/unsupported-response-type-error.js index 523cc44..861ac34 100644 --- a/lib/errors/unsupported-response-type-error.js +++ b/lib/errors/unsupported-response-type-error.js @@ -4,7 +4,6 @@ * Module dependencies. */ -var _ = require('lodash'); var OAuthError = require('./oauth-error'); var util = require('util'); @@ -18,7 +17,7 @@ var util = require('util'); */ function UnsupportedResponseTypeError(message, properties) { - properties = _.assign({ + properties = Object.assign({ code: 400, name: 'unsupported_response_type' }, properties); diff --git a/lib/handlers/authorize-handler.js b/lib/handlers/authorize-handler.js index 845e25b..e54b4ea 100644 --- a/lib/handlers/authorize-handler.js +++ b/lib/handlers/authorize-handler.js @@ -4,7 +4,6 @@ * Module dependencies. */ -var _ = require('lodash'); var AccessDeniedError = require('../errors/access-denied-error'); var AuthenticateHandler = require('../handlers/authenticate-handler'); var InvalidArgumentError = require('../errors/invalid-argument-error'); @@ -186,7 +185,7 @@ AuthorizeHandler.prototype.getClient = function(request) { throw new InvalidClientError('Invalid client: missing client `grants`'); } - if (!_.includes(client.grants, 'authorization_code')) { + if (!client.grants.includes('authorization_code')) { throw new UnauthorizedClientError('Unauthorized client: `grant_type` is invalid'); } @@ -194,7 +193,7 @@ AuthorizeHandler.prototype.getClient = function(request) { throw new InvalidClientError('Invalid client: missing client `redirectUri`'); } - if (redirectUri && !_.includes(client.redirectUris, redirectUri)) { + if (redirectUri && !client.redirectUris.includes(redirectUri)) { throw new InvalidClientError('Invalid client: `redirect_uri` does not match client value'); } return client; @@ -301,7 +300,7 @@ AuthorizeHandler.prototype.getResponseType = function(request) { throw new InvalidRequestError('Missing parameter: `response_type`'); } - if (!_.has(responseTypes, responseType)) { + if (!(responseType in responseTypes)) { throw new UnsupportedResponseTypeError('Unsupported response type: `response_type` is not supported'); } diff --git a/lib/handlers/token-handler.js b/lib/handlers/token-handler.js index feaad3f..12606f9 100644 --- a/lib/handlers/token-handler.js +++ b/lib/handlers/token-handler.js @@ -4,7 +4,6 @@ * Module dependencies. */ -var _ = require('lodash'); var BearerTokenType = require('../token-types/bearer-token-type'); var InvalidArgumentError = require('../errors/invalid-argument-error'); var InvalidClientError = require('../errors/invalid-client-error'); @@ -56,7 +55,7 @@ function TokenHandler(options) { } this.accessTokenLifetime = options.accessTokenLifetime; - this.grantTypes = _.assign({}, grantTypes, options.extendedGrantTypes); + this.grantTypes = Object.assign({}, grantTypes, options.extendedGrantTypes); this.model = options.model; this.refreshTokenLifetime = options.refreshTokenLifetime; this.allowExtendedTokenAttributes = options.allowExtendedTokenAttributes; @@ -208,11 +207,11 @@ TokenHandler.prototype.handleGrantType = function(request, client) { throw new InvalidRequestError('Invalid parameter: `grant_type`'); } - if (!_.has(this.grantTypes, grantType)) { + if (!(grantType in this.grantTypes)) { throw new UnsupportedGrantTypeError('Unsupported grant type: `grant_type` is invalid'); } - if (!_.includes(client.grants, grantType)) { + if (!client.grants.includes(grantType)) { throw new UnauthorizedClientError('Unauthorized client: `grant_type` is invalid'); } diff --git a/lib/server.js b/lib/server.js index fba9ccf..a588f80 100644 --- a/lib/server.js +++ b/lib/server.js @@ -4,7 +4,6 @@ * Module dependencies. */ -var _ = require('lodash'); var AuthenticateHandler = require('./handlers/authenticate-handler'); var AuthorizeHandler = require('./handlers/authorize-handler'); var InvalidArgumentError = require('./errors/invalid-argument-error'); @@ -33,7 +32,7 @@ OAuth2Server.prototype.authenticate = function(request, response, options, callb options = {scope: options}; } - options = _.assign({ + options = Object.assign({ addAcceptedScopesHeader: true, addAuthorizedScopesHeader: true, allowBearerTokensInQueryString: false @@ -49,7 +48,7 @@ OAuth2Server.prototype.authenticate = function(request, response, options, callb */ OAuth2Server.prototype.authorize = function(request, response, options, callback) { - options = _.assign({ + options = Object.assign({ allowEmptyState: false, authorizationCodeLifetime: 5 * 60 // 5 minutes. }, this.options, options); @@ -64,7 +63,7 @@ OAuth2Server.prototype.authorize = function(request, response, options, callback */ OAuth2Server.prototype.token = function(request, response, options, callback) { - options = _.assign({ + options = Object.assign({ accessTokenLifetime: 60 * 60, // 1 hour. refreshTokenLifetime: 60 * 60 * 24 * 14, // 2 weeks. allowExtendedTokenAttributes: false, diff --git a/package-lock.json b/package-lock.json index b749db8..6df6d4b 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1160,7 +1160,8 @@ "lodash": { "version": "4.17.21", "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.21.tgz", - "integrity": "sha512-v2kDEe57lecTulaDIuNTPy3Ry4gLGJ6Z1O3vE1krgXZNrsQ+LFTGHVxVjcXPs17LhbZVGedAJv8XZ1tvj5FvSg==" + "integrity": "sha512-v2kDEe57lecTulaDIuNTPy3Ry4gLGJ6Z1O3vE1krgXZNrsQ+LFTGHVxVjcXPs17LhbZVGedAJv8XZ1tvj5FvSg==", + "dev": true }, "lodash.flattendeep": { "version": "4.4.0", @@ -1228,7 +1229,7 @@ "mocha": { "version": "5.2.0", "resolved": "https://registry.npmjs.org/mocha/-/mocha-5.2.0.tgz", - "integrity": "sha1-bYrlCPWRZ/lA8rWzxKYSrlDJCuY=", + "integrity": "sha512-2IUgKDhc3J7Uug+FxMXuqIyYzH7gJjXECKe/w43IGgQHTSj3InJi+yAA7T24L9bQMRKiUEHxEX37G5JpVUGLcQ==", "dev": true, "requires": { "browser-stdout": "1.3.1", @@ -1247,7 +1248,7 @@ "glob": { "version": "7.1.2", "resolved": "https://registry.npmjs.org/glob/-/glob-7.1.2.tgz", - "integrity": "sha1-wZyd+aAocC1nhhI4SmVSQExjbRU=", + "integrity": "sha512-MJTUg1kjuLeQCJ+ccE4Vpa6kKVXkPYJ2mOCQyUuKLcLQsdrMCpBPUi8qVE6+YuaJkozeA9NusTAw3hLr8Xe5EQ==", "dev": true, "requires": { "fs.realpath": "^1.0.0", diff --git a/package.json b/package.json index a03c2e5..d71f6f9 100644 --- a/package.json +++ b/package.json @@ -20,7 +20,6 @@ "dependencies": { "basic-auth": "2.0.1", "bluebird": "3.7.2", - "lodash": "4.17.21", "promisify-any": "2.0.1", "type-is": "1.6.18" }, From fc228a6db3a0be5259f3914e038089f4e7a278e9 Mon Sep 17 00:00:00 2001 From: Joren Vandeweyer Date: Wed, 13 Oct 2021 17:44:53 +0200 Subject: [PATCH 2/2] implemented feedback jwerre --- lib/errors/oauth-error.js | 2 +- lib/handlers/authorize-handler.js | 2 +- lib/handlers/token-handler.js | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/lib/errors/oauth-error.js b/lib/errors/oauth-error.js index f924257..fc66f75 100644 --- a/lib/errors/oauth-error.js +++ b/lib/errors/oauth-error.js @@ -12,7 +12,7 @@ var http = require('http'); function OAuthError(messageOrError, properties) { var message = messageOrError instanceof Error ? messageOrError.message : messageOrError; var error = messageOrError instanceof Error ? messageOrError : null; - if (typeof properties !== 'object') { + if (properties == null || !Object.entries(properties).length ) { properties = {}; } diff --git a/lib/handlers/authorize-handler.js b/lib/handlers/authorize-handler.js index e54b4ea..b1dd9a8 100644 --- a/lib/handlers/authorize-handler.js +++ b/lib/handlers/authorize-handler.js @@ -185,7 +185,7 @@ AuthorizeHandler.prototype.getClient = function(request) { throw new InvalidClientError('Invalid client: missing client `grants`'); } - if (!client.grants.includes('authorization_code')) { + if (!Array.isArray(clients.grants) || !client.grants.includes('authorization_code')) { throw new UnauthorizedClientError('Unauthorized client: `grant_type` is invalid'); } diff --git a/lib/handlers/token-handler.js b/lib/handlers/token-handler.js index 12606f9..1cce63e 100644 --- a/lib/handlers/token-handler.js +++ b/lib/handlers/token-handler.js @@ -211,7 +211,7 @@ TokenHandler.prototype.handleGrantType = function(request, client) { throw new UnsupportedGrantTypeError('Unsupported grant type: `grant_type` is invalid'); } - if (!client.grants.includes(grantType)) { + if (!Array.isArray(clients.grants) || !client.grants.includes(grantType)) { throw new UnauthorizedClientError('Unauthorized client: `grant_type` is invalid'); }