From 5d889c509a6ccefddf732c42a13533ccd087d0a7 Mon Sep 17 00:00:00 2001 From: Florian Nari Date: Fri, 12 Jul 2024 11:29:46 +0200 Subject: [PATCH] security: No longer allow user_hash for esup-otp-manager routes (require esup-otp-manager => 1.4.0) --- README.md | 2 +- controllers/api.js | 6 +- package-lock.json | 332 +++++++++++++++++++++++---------------------- package.json | 10 +- server/routes.js | 40 +++--- 5 files changed, 201 insertions(+), 189 deletions(-) diff --git a/README.md b/README.md index 9ee3ff8..f6d2fb6 100644 --- a/README.md +++ b/README.md @@ -3,7 +3,7 @@ esup-otp-api is a RESTful api using NodeJS to generate, send and verify one-time codes for [EsupPortail] ### Version -1.5.0 +1.6.0 Runs on Node v20.11.1 and npm v10.2.4 diff --git a/controllers/api.js b/controllers/api.js index 48b8c70..6f53002 100644 --- a/controllers/api.js +++ b/controllers/api.js @@ -381,7 +381,6 @@ export async function verify_code(req, res) { throw new errors.InvalidCredentialsError(); } - /** * Génére un nouvel attribut d'auth (secret key ou matrice ou bypass codes) * @@ -414,6 +413,11 @@ export async function delete_method_secret(req, res) { return method.delete_method_secret(user, req, res); } +export async function generate_webauthn_method_secret(req, res) { + req.params.method = "webauthn"; + return generate_method_secret(req, res); +} + export async function verify_webauthn_auth(req, res) { req.params.method = "webauthn"; const { user, method } = await getUserAndMethodModule(req); diff --git a/package-lock.json b/package-lock.json index 2994b67..f228788 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,12 +1,12 @@ { "name": "esup-otp-api", - "version": "1.5.0", + "version": "1.6.0", "lockfileVersion": 3, "requires": true, "packages": { "": { "name": "esup-otp-api", - "version": "1.5.0", + "version": "1.6.0", "license": "MIT", "dependencies": { "@simplewebauthn/server": "^9.0.3", @@ -16,9 +16,9 @@ "geoip-lite": "^1.4.10", "ldapjs-promise": "^3.0.6", "lodash": "4.17.21", - "mongoose": "^8.4.4", + "mongoose": "^8.5.1", "mysql2": "^3.10.2", - "node-device-detector": "^2.1.1", + "node-device-detector": "^2.1.2", "nodemailer": "~6.9.10", "otplib": "^12.0.1", "qrcode": "^1.5.3", @@ -28,11 +28,11 @@ "socket.io-client": "~4.7.4", "swagger-ui-restify": "github:jamidon/swagger-ui-restify#bcaca4172c57b7df111f718ccd425707a6209b0f", "undici": "^6.19.2", - "winston": "^3.13.0" + "winston": "^3.13.1" }, "devDependencies": { "eslint": "^8.57.0", - "mongodb-memory-server": "^9.4.0", + "mongodb-memory-server": "^9.4.1", "supertest": "^6.3.4" } }, @@ -134,48 +134,48 @@ "integrity": "sha512-Fc9wuJGgxoxQeavybiuwgyi+0rssr76b+nHpj+eGhXFYAdudMWyfBHvFL/I5fEHniUM/UQdFzi9VXJK2iZF7FQ==" }, "node_modules/@firebase/component": { - "version": "0.6.7", - "resolved": "https://registry.npmjs.org/@firebase/component/-/component-0.6.7.tgz", - "integrity": "sha512-baH1AA5zxfaz4O8w0vDwETByrKTQqB5CDjRls79Sa4eAGAoERw4Tnung7XbMl3jbJ4B/dmmtsMrdki0KikwDYA==", + "version": "0.6.8", + "resolved": "https://registry.npmjs.org/@firebase/component/-/component-0.6.8.tgz", + "integrity": "sha512-LcNvxGLLGjBwB0dJUsBGCej2fqAepWyBubs4jt1Tiuns7QLbXHuyObZ4aMeBjZjWx4m8g1LoVI9QFpSaq/k4/g==", "dependencies": { - "@firebase/util": "1.9.6", + "@firebase/util": "1.9.7", "tslib": "^2.1.0" } }, "node_modules/@firebase/database": { - "version": "1.0.5", - "resolved": "https://registry.npmjs.org/@firebase/database/-/database-1.0.5.tgz", - "integrity": "sha512-cAfwBqMQuW6HbhwI3Cb/gDqZg7aR0OmaJ85WUxlnoYW2Tm4eR0hFl5FEijI3/gYPUiUcUPQvTkGV222VkT7KPw==", + "version": "1.0.6", + "resolved": "https://registry.npmjs.org/@firebase/database/-/database-1.0.6.tgz", + "integrity": "sha512-nrexUEG/fpVlHtWKkyfhTC3834kZ1WS7voNyqbBsBCqHXQOvznN5Z0L3nxBqdXSJyltNAf4ndFlQqm5gZiEczQ==", "dependencies": { "@firebase/app-check-interop-types": "0.3.2", "@firebase/auth-interop-types": "0.2.3", - "@firebase/component": "0.6.7", + "@firebase/component": "0.6.8", "@firebase/logger": "0.4.2", - "@firebase/util": "1.9.6", + "@firebase/util": "1.9.7", "faye-websocket": "0.11.4", "tslib": "^2.1.0" } }, "node_modules/@firebase/database-compat": { - "version": "1.0.5", - "resolved": "https://registry.npmjs.org/@firebase/database-compat/-/database-compat-1.0.5.tgz", - "integrity": "sha512-NDSMaDjQ+TZEMDMmzJwlTL05kh1+0Y84C+kVMaOmNOzRGRM7VHi29I6YUhCetXH+/b1Wh4ZZRyp1CuWkd8s6hg==", + "version": "1.0.6", + "resolved": "https://registry.npmjs.org/@firebase/database-compat/-/database-compat-1.0.6.tgz", + "integrity": "sha512-1OGA0sLY47mkXjhICCrUTXEYFnSSXoiXWm1SHsN62b+Lzs5aKA3aWTjTUmYIoK93kDAMPkYpulSv8jcbH4Hwew==", "dependencies": { - "@firebase/component": "0.6.7", - "@firebase/database": "1.0.5", - "@firebase/database-types": "1.0.3", + "@firebase/component": "0.6.8", + "@firebase/database": "1.0.6", + "@firebase/database-types": "1.0.4", "@firebase/logger": "0.4.2", - "@firebase/util": "1.9.6", + "@firebase/util": "1.9.7", "tslib": "^2.1.0" } }, "node_modules/@firebase/database-types": { - "version": "1.0.3", - "resolved": "https://registry.npmjs.org/@firebase/database-types/-/database-types-1.0.3.tgz", - "integrity": "sha512-39V/Riv2R3O/aUjYKh0xypj7NTNXNAK1bcgY5Kx+hdQPRS/aPTS8/5c0CGFYKgVuFbYlnlnhrCTYsh2uNhGwzA==", + "version": "1.0.4", + "resolved": "https://registry.npmjs.org/@firebase/database-types/-/database-types-1.0.4.tgz", + "integrity": "sha512-mz9ZzbH6euFXbcBo+enuJ36I5dR5w+enJHHjy9Y5ThCdKUseqfDjW3vCp1YxE9zygFCSjJJ/z1cQ+zodvUcwPQ==", "dependencies": { "@firebase/app-types": "0.9.2", - "@firebase/util": "1.9.6" + "@firebase/util": "1.9.7" } }, "node_modules/@firebase/logger": { @@ -187,9 +187,9 @@ } }, "node_modules/@firebase/util": { - "version": "1.9.6", - "resolved": "https://registry.npmjs.org/@firebase/util/-/util-1.9.6.tgz", - "integrity": "sha512-IBr1MZbp4d5MjBCXL3TW1dK/PDXX4yOGbiwRNh1oAbE/+ci5Uuvy9KIrsFYY80as1I0iOaD5oOMA9Q8j4TJWcw==", + "version": "1.9.7", + "resolved": "https://registry.npmjs.org/@firebase/util/-/util-1.9.7.tgz", + "integrity": "sha512-fBVNH/8bRbYjqlbIhZ+lBtdAAS4WqZumx03K06/u7fJSpz1TGjEMm1ImvKD47w+xaFKIP2ori6z8BrbakRfjJA==", "dependencies": { "tslib": "^2.1.0" } @@ -241,9 +241,9 @@ } }, "node_modules/@google-cloud/storage": { - "version": "7.11.2", - "resolved": "https://registry.npmjs.org/@google-cloud/storage/-/storage-7.11.2.tgz", - "integrity": "sha512-jJOrKyOdujfrSF8EJODW9yY6hqO4jSTk6eVITEj2gsD43BSXuDlnMlLOaBUQhXL29VGnSkxDgYl5tlFhA6LKSA==", + "version": "7.11.3", + "resolved": "https://registry.npmjs.org/@google-cloud/storage/-/storage-7.11.3.tgz", + "integrity": "sha512-dFAR/IRENn+ZTTwBbMgoBGSrPrqNKoCEIjG7Wmq2+IpmyyjDk5BLip9HG9TUdMVRRP6xOQFrkEr7zIY1ZsoTSQ==", "optional": true, "dependencies": { "@google-cloud/paginator": "^5.0.0", @@ -276,9 +276,9 @@ } }, "node_modules/@grpc/grpc-js": { - "version": "1.10.10", - "resolved": "https://registry.npmjs.org/@grpc/grpc-js/-/grpc-js-1.10.10.tgz", - "integrity": "sha512-HPa/K5NX6ahMoeBv15njAc/sfF4/jmiXLar9UlC2UfHFKZzsCVLc3wbe7+7qua7w9VPh2/L6EBxyAV7/E8Wftg==", + "version": "1.10.11", + "resolved": "https://registry.npmjs.org/@grpc/grpc-js/-/grpc-js-1.10.11.tgz", + "integrity": "sha512-3RaoxOqkHHN2c05bwtBNVJmOf/UwMam0rZYtdl7dsRpsvDwcNpv6LkGgzltQ7xVf822LzBoKEPRvf4D7+xeIDw==", "optional": true, "dependencies": { "@grpc/proto-loader": "^0.7.13", @@ -797,9 +797,9 @@ "integrity": "sha512-/pyBZWSLD2n0dcHE3hq8s8ZvcETHtEuF+3E7XVt0Ig2nvsVQXdghHVcEkIWjy9A0wKfTn97a/PSDYohKIlnP/w==" }, "node_modules/@types/node": { - "version": "20.14.9", - "resolved": "https://registry.npmjs.org/@types/node/-/node-20.14.9.tgz", - "integrity": "sha512-06OCtnTXtWOZBJlRApleWndH4JsRVs1pDCc8dLSQp+7PpUpX3ePdHyeNSFTeSe7FtKyQkrlPvHwJOW3SLd8Oyg==", + "version": "20.14.10", + "resolved": "https://registry.npmjs.org/@types/node/-/node-20.14.10.tgz", + "integrity": "sha512-MdiXf+nDuMvY0gJKxyfZ7/6UFsETO7mGKF54MVD/ekJS6HdFtpZFBgrh6Pseu64XTb2MLyFPlbW6hj8HYRQNOQ==", "dependencies": { "undici-types": "~5.26.4" } @@ -906,9 +906,9 @@ } }, "node_modules/acorn": { - "version": "8.12.0", - "resolved": "https://registry.npmjs.org/acorn/-/acorn-8.12.0.tgz", - "integrity": "sha512-RTvkC4w+KNXrM39/lWCUaG0IbRkWdCv7W/IOW9oU6SawyxulvkQy5HQPVTKxEjczcUvapcrw3cFx/60VN/NRNw==", + "version": "8.12.1", + "resolved": "https://registry.npmjs.org/acorn/-/acorn-8.12.1.tgz", + "integrity": "sha512-tcpGyI9zbizT9JbV6oYE477V6mTlXvvi0T0G3SNIYE2apm/G5huBa1+K89VGeovbg+jycCrfhl3ADxErOuO6Jg==", "dev": true, "bin": { "acorn": "bin/acorn" @@ -927,15 +927,15 @@ } }, "node_modules/agent-base": { - "version": "6.0.2", - "resolved": "https://registry.npmjs.org/agent-base/-/agent-base-6.0.2.tgz", - "integrity": "sha512-RZNwNclF7+MS/8bDg70amg32dyeZGZxiDuQmZxKLAlQjr3jGyLx+4Kkk58UO7D2QdgFIQCovuSuZESne6RG6XQ==", - "optional": true, + "version": "7.1.1", + "resolved": "https://registry.npmjs.org/agent-base/-/agent-base-7.1.1.tgz", + "integrity": "sha512-H0TSyFNDMomMNJQBn8wFV5YC/2eJ+VXECwOadZJT554xP6cODZHPX3H9QMQECxvrgiSOP1pHjy1sMWQVYJOUOA==", + "devOptional": true, "dependencies": { - "debug": "4" + "debug": "^4.3.4" }, "engines": { - "node": ">= 6.0.0" + "node": ">= 14" } }, "node_modules/ajv": { @@ -1051,15 +1051,6 @@ "retry": "0.13.1" } }, - "node_modules/async-retry/node_modules/retry": { - "version": "0.13.1", - "resolved": "https://registry.npmjs.org/retry/-/retry-0.13.1.tgz", - "integrity": "sha512-XQBQ3I8W1Cge0Seh+6gjj03LbmRFWuoszgK9ooCpwYIrhhoO80pfq4cUkU5DkknwfOfFteRwlZ56PYOGYyFWdg==", - "optional": true, - "engines": { - "node": ">= 4" - } - }, "node_modules/asynckit": { "version": "0.4.0", "resolved": "https://registry.npmjs.org/asynckit/-/asynckit-0.4.0.tgz", @@ -1683,9 +1674,9 @@ } }, "node_modules/engine.io-parser": { - "version": "5.2.2", - "resolved": "https://registry.npmjs.org/engine.io-parser/-/engine.io-parser-5.2.2.tgz", - "integrity": "sha512-RcyUFKA93/CXH20l4SoVvzZfrSDMOTUS3bWVpTt2FuFP+XYrL8i8oonHP7WInRyVHXh0n/ORtoeiE1os+8qkSw==", + "version": "5.2.3", + "resolved": "https://registry.npmjs.org/engine.io-parser/-/engine.io-parser-5.2.3.tgz", + "integrity": "sha512-HqD3yTBfnBxIrbnM1DoD6Pcq8NECnh8d4As1Qgh0z5Gg3jRRIqijury0CL3ghu/edArpUYiYqQiDUQBIs4np3Q==", "engines": { "node": ">=10.0.0" } @@ -1841,9 +1832,9 @@ } }, "node_modules/esquery": { - "version": "1.5.0", - "resolved": "https://registry.npmjs.org/esquery/-/esquery-1.5.0.tgz", - "integrity": "sha512-YQLXUplAwJgCydQ78IMJywZCceoqk1oH01OERdSAJc/7U2AylwjhSCLDEtqwg811idIS/9fIU5GjG73IgjKMVg==", + "version": "1.6.0", + "resolved": "https://registry.npmjs.org/esquery/-/esquery-1.6.0.tgz", + "integrity": "sha512-ca9pw9fomFcKPvFLXhBKUK90ZvGibiGOvRJNbjljY7s7uq/5YO4BOzcYtJqExdx99rF6aAcnRxHmcUHcz6sQsg==", "dev": true, "dependencies": { "estraverse": "^5.1.0" @@ -2245,31 +2236,6 @@ "node": ">=14" } }, - "node_modules/gaxios/node_modules/agent-base": { - "version": "7.1.1", - "resolved": "https://registry.npmjs.org/agent-base/-/agent-base-7.1.1.tgz", - "integrity": "sha512-H0TSyFNDMomMNJQBn8wFV5YC/2eJ+VXECwOadZJT554xP6cODZHPX3H9QMQECxvrgiSOP1pHjy1sMWQVYJOUOA==", - "optional": true, - "dependencies": { - "debug": "^4.3.4" - }, - "engines": { - "node": ">= 14" - } - }, - "node_modules/gaxios/node_modules/https-proxy-agent": { - "version": "7.0.5", - "resolved": "https://registry.npmjs.org/https-proxy-agent/-/https-proxy-agent-7.0.5.tgz", - "integrity": "sha512-1e4Wqeblerz+tMKPIq2EMGiiWW1dIjZOksyHWSUm1rmuvw/how9hBHZ38lAGj5ID4Ik6EdkOw7NmWPy6LAwalw==", - "optional": true, - "dependencies": { - "agent-base": "^7.0.2", - "debug": "4" - }, - "engines": { - "node": ">= 14" - } - }, "node_modules/gcp-metadata": { "version": "6.1.0", "resolved": "https://registry.npmjs.org/gcp-metadata/-/gcp-metadata-6.1.0.tgz", @@ -2419,9 +2385,9 @@ } }, "node_modules/google-gax": { - "version": "4.3.7", - "resolved": "https://registry.npmjs.org/google-gax/-/google-gax-4.3.7.tgz", - "integrity": "sha512-3bnD8RASQyaxOYTdWLgwpQco/aytTxFavoI/UN5QN5txDLp8QRrBHNtCUJ5+Ago+551GD92jG8jJduwvmaneUw==", + "version": "4.3.8", + "resolved": "https://registry.npmjs.org/google-gax/-/google-gax-4.3.8.tgz", + "integrity": "sha512-SKAQKtvdjtNW3PMOhmKEqpQP+2C5ZqNKfwWxy70efpSwxvRYuAcgMJs6aRHTBPJjz3SO6ZbiXwM6WIuGYFZ7LQ==", "optional": true, "dependencies": { "@grpc/grpc-js": "^1.10.9", @@ -2643,6 +2609,18 @@ "node": ">= 6" } }, + "node_modules/http-proxy-agent/node_modules/agent-base": { + "version": "6.0.2", + "resolved": "https://registry.npmjs.org/agent-base/-/agent-base-6.0.2.tgz", + "integrity": "sha512-RZNwNclF7+MS/8bDg70amg32dyeZGZxiDuQmZxKLAlQjr3jGyLx+4Kkk58UO7D2QdgFIQCovuSuZESne6RG6XQ==", + "optional": true, + "dependencies": { + "debug": "4" + }, + "engines": { + "node": ">= 6.0.0" + } + }, "node_modules/http-signature": { "version": "1.4.0", "resolved": "https://registry.npmjs.org/http-signature/-/http-signature-1.4.0.tgz", @@ -2657,16 +2635,16 @@ } }, "node_modules/https-proxy-agent": { - "version": "5.0.1", - "resolved": "https://registry.npmjs.org/https-proxy-agent/-/https-proxy-agent-5.0.1.tgz", - "integrity": "sha512-dFcAjpTQFgoLMzC2VwU+C/CbS7uRL0lWmxDITmqm7C+7F0Odmj6s9l6alZc6AELXhrnggM2CeWSXHGOdX2YtwA==", - "optional": true, + "version": "7.0.5", + "resolved": "https://registry.npmjs.org/https-proxy-agent/-/https-proxy-agent-7.0.5.tgz", + "integrity": "sha512-1e4Wqeblerz+tMKPIq2EMGiiWW1dIjZOksyHWSUm1rmuvw/how9hBHZ38lAGj5ID4Ik6EdkOw7NmWPy6LAwalw==", + "devOptional": true, "dependencies": { - "agent-base": "6", + "agent-base": "^7.0.2", "debug": "4" }, "engines": { - "node": ">= 6" + "node": ">= 14" } }, "node_modules/iconv-lite": { @@ -2840,9 +2818,9 @@ "dev": true }, "node_modules/jose": { - "version": "4.15.7", - "resolved": "https://registry.npmjs.org/jose/-/jose-4.15.7.tgz", - "integrity": "sha512-L7ioP+JAuZe8v+T5+zVI9Tx8LtU8BL7NxkyDFVMv+Qr3JW0jSoYDedLtodaXwfqMpeCyx4WXFNyu9tJt4WvC1A==", + "version": "4.15.9", + "resolved": "https://registry.npmjs.org/jose/-/jose-4.15.9.tgz", + "integrity": "sha512-1vUQX+IdDMVPj4k8kOxgUqlcK518yluMuGZwqlr44FS1ppZB/5GWh4rZG89erpOBOJjU/OBsnCVFfapsRz6nEA==", "funding": { "url": "https://github.com/sponsors/panva" } @@ -3155,9 +3133,9 @@ "integrity": "sha512-Sb487aTOCr9drQVL8pIxOzVhafOjZN9UU54hiN8PU3uAiSV7lx1yYNpbNmex2PK6dSJoNTSJUUswT651yww3Mg==" }, "node_modules/logform": { - "version": "2.6.0", - "resolved": "https://registry.npmjs.org/logform/-/logform-2.6.0.tgz", - "integrity": "sha512-1ulHeNPp6k/LD8H91o7VYFBng5i1BDE7HoKxVbZiGFidS1Rj65qcywLxX+pVfAPoQJEjRdvKcusKwOupHCVOVQ==", + "version": "2.6.1", + "resolved": "https://registry.npmjs.org/logform/-/logform-2.6.1.tgz", + "integrity": "sha512-CdaO738xRapbKIMVn2m4F6KTj4j7ooJ8POVnebSgKo3KBz5axNXRAL7ZdRjIV6NOr2Uf4vjtRkxrFETOioCqSA==", "dependencies": { "@colors/colors": "1.6.0", "@types/triple-beam": "^1.3.2", @@ -3324,13 +3302,13 @@ } }, "node_modules/mongodb-memory-server": { - "version": "9.4.0", - "resolved": "https://registry.npmjs.org/mongodb-memory-server/-/mongodb-memory-server-9.4.0.tgz", - "integrity": "sha512-O6n7TxWvcLSSDP3IrXsLsdG0iouljlqdZ7sH3ZaqEyymzZglMroV3CwMj1lvMNks7fRVj8HMrza0gnwF3MyFGA==", + "version": "9.4.1", + "resolved": "https://registry.npmjs.org/mongodb-memory-server/-/mongodb-memory-server-9.4.1.tgz", + "integrity": "sha512-qONlW4sKPbtk9pqFnlPn7R73G3Q4TuebJJ5pHfoiKTqVJquojQ8xWmkCyz+/YnpA2vYBo/jib+nXvjfKwh7cjg==", "dev": true, "hasInstallScript": true, "dependencies": { - "mongodb-memory-server-core": "9.4.0", + "mongodb-memory-server-core": "9.4.1", "tslib": "^2.6.3" }, "engines": { @@ -3338,9 +3316,9 @@ } }, "node_modules/mongodb-memory-server-core": { - "version": "9.4.0", - "resolved": "https://registry.npmjs.org/mongodb-memory-server-core/-/mongodb-memory-server-core-9.4.0.tgz", - "integrity": "sha512-irqdj/RPHJ2M9lgtxrvhXUbqFv/DfmUG+wvcAqtgtBJ8qVq1VGBD5rkKkLP5b3g8OoadP3OzsXTGCi1P2dDBQQ==", + "version": "9.4.1", + "resolved": "https://registry.npmjs.org/mongodb-memory-server-core/-/mongodb-memory-server-core-9.4.1.tgz", + "integrity": "sha512-lobapXaysH64zrn521NTkmqHc3krSPUFkuuZ8A/BmQV8ON7p2SzAEvpoJPDXIeJkxIzYw06dYL6Gn5OcZdEElA==", "dev": true, "dependencies": { "async-mutex": "^0.4.1", @@ -3360,18 +3338,6 @@ "node": ">=14.20.1" } }, - "node_modules/mongodb-memory-server-core/node_modules/agent-base": { - "version": "7.1.1", - "resolved": "https://registry.npmjs.org/agent-base/-/agent-base-7.1.1.tgz", - "integrity": "sha512-H0TSyFNDMomMNJQBn8wFV5YC/2eJ+VXECwOadZJT554xP6cODZHPX3H9QMQECxvrgiSOP1pHjy1sMWQVYJOUOA==", - "dev": true, - "dependencies": { - "debug": "^4.3.4" - }, - "engines": { - "node": ">= 14" - } - }, "node_modules/mongodb-memory-server-core/node_modules/bson": { "version": "5.5.1", "resolved": "https://registry.npmjs.org/bson/-/bson-5.5.1.tgz", @@ -3381,19 +3347,6 @@ "node": ">=14.20.1" } }, - "node_modules/mongodb-memory-server-core/node_modules/https-proxy-agent": { - "version": "7.0.5", - "resolved": "https://registry.npmjs.org/https-proxy-agent/-/https-proxy-agent-7.0.5.tgz", - "integrity": "sha512-1e4Wqeblerz+tMKPIq2EMGiiWW1dIjZOksyHWSUm1rmuvw/how9hBHZ38lAGj5ID4Ik6EdkOw7NmWPy6LAwalw==", - "dev": true, - "dependencies": { - "agent-base": "^7.0.2", - "debug": "4" - }, - "engines": { - "node": ">= 14" - } - }, "node_modules/mongodb-memory-server-core/node_modules/mongodb": { "version": "5.9.2", "resolved": "https://registry.npmjs.org/mongodb/-/mongodb-5.9.2.tgz", @@ -3449,13 +3402,13 @@ } }, "node_modules/mongoose": { - "version": "8.4.4", - "resolved": "https://registry.npmjs.org/mongoose/-/mongoose-8.4.4.tgz", - "integrity": "sha512-Nya808odIJoHP4JuJKbWA2eIaerXieu59kE8pQlvJpUBoSKWUyhLji0g1WMVaYXWmzPYXP2Jd6XdR4KJE8RELw==", + "version": "8.5.1", + "resolved": "https://registry.npmjs.org/mongoose/-/mongoose-8.5.1.tgz", + "integrity": "sha512-OhVcwVl91A1G6+XpjDcpkGP7l7ikZkxa0DylX7NT/lcEqAjggzSdqDxb48A+xsDxqNAr0ntSJ1yiE3+KJTOd5Q==", "dependencies": { "bson": "^6.7.0", "kareem": "2.6.3", - "mongodb": "6.6.2", + "mongodb": "6.7.0", "mpath": "0.9.0", "mquery": "5.0.0", "ms": "2.1.3", @@ -3477,6 +3430,19 @@ "@types/webidl-conversions": "*" } }, + "node_modules/mongoose/node_modules/agent-base": { + "version": "6.0.2", + "resolved": "https://registry.npmjs.org/agent-base/-/agent-base-6.0.2.tgz", + "integrity": "sha512-RZNwNclF7+MS/8bDg70amg32dyeZGZxiDuQmZxKLAlQjr3jGyLx+4Kkk58UO7D2QdgFIQCovuSuZESne6RG6XQ==", + "optional": true, + "peer": true, + "dependencies": { + "debug": "4" + }, + "engines": { + "node": ">= 6.0.0" + } + }, "node_modules/mongoose/node_modules/gaxios": { "version": "5.1.3", "resolved": "https://registry.npmjs.org/gaxios/-/gaxios-5.1.3.tgz", @@ -3507,10 +3473,24 @@ "node": ">=12" } }, + "node_modules/mongoose/node_modules/https-proxy-agent": { + "version": "5.0.1", + "resolved": "https://registry.npmjs.org/https-proxy-agent/-/https-proxy-agent-5.0.1.tgz", + "integrity": "sha512-dFcAjpTQFgoLMzC2VwU+C/CbS7uRL0lWmxDITmqm7C+7F0Odmj6s9l6alZc6AELXhrnggM2CeWSXHGOdX2YtwA==", + "optional": true, + "peer": true, + "dependencies": { + "agent-base": "6", + "debug": "4" + }, + "engines": { + "node": ">= 6" + } + }, "node_modules/mongoose/node_modules/mongodb": { - "version": "6.6.2", - "resolved": "https://registry.npmjs.org/mongodb/-/mongodb-6.6.2.tgz", - "integrity": "sha512-ZF9Ugo2JCG/GfR7DEb4ypfyJJyiKbg5qBYKRintebj8+DNS33CyGMkWbrS9lara+u+h+yEOGSRiLhFO/g1s1aw==", + "version": "6.7.0", + "resolved": "https://registry.npmjs.org/mongodb/-/mongodb-6.7.0.tgz", + "integrity": "sha512-TMKyHdtMcO0fYBNORiYdmM25ijsHs+Njs963r4Tro4OQZzqYigAzYQouwWRg4OIaiLRUEGUh/1UAcH5lxdSLIA==", "dependencies": { "@mongodb-js/saslprep": "^1.1.5", "bson": "^6.7.0", @@ -3699,9 +3679,9 @@ } }, "node_modules/node-device-detector": { - "version": "2.1.1", - "resolved": "https://registry.npmjs.org/node-device-detector/-/node-device-detector-2.1.1.tgz", - "integrity": "sha512-SDhM1adZ4xF2z2kj/NsMI4tJvzSBNB87vFbvxv7Z+Eg2iiGJT8RKYnUUzqSGPvVw7wSsoJIOf1bg26gOs2Mdpg==", + "version": "2.1.2", + "resolved": "https://registry.npmjs.org/node-device-detector/-/node-device-detector-2.1.2.tgz", + "integrity": "sha512-GmL0jKxHbxQO/t2+ahwMF/hVayiNPaWeN0MKsuLB3hlVenhc1JpNZSN589Prh6+wWbzXO6ROj7gNTkDY604mcQ==", "dependencies": { "js-yaml": "^4.1.0" }, @@ -4288,9 +4268,9 @@ } }, "node_modules/qs": { - "version": "6.12.1", - "resolved": "https://registry.npmjs.org/qs/-/qs-6.12.1.tgz", - "integrity": "sha512-zWmv4RSuB9r2mYQw3zxQuHWeU+42aKi1wWig/j4ele4ygELZ7PEO6MM7rim9oAQH2A5MWfsAVf/jPvTPgCbvUQ==", + "version": "6.12.3", + "resolved": "https://registry.npmjs.org/qs/-/qs-6.12.3.tgz", + "integrity": "sha512-AWJm14H1vVaO/iNZ4/hO+HyaTehuy9nRqVdkTqlJt0HWvBiBIEXFmb4C0DGeYo3Xes9rrEW+TxHsaigCbN5ICQ==", "dependencies": { "side-channel": "^1.0.6" }, @@ -4472,6 +4452,15 @@ "node": ">=4" } }, + "node_modules/retry": { + "version": "0.13.1", + "resolved": "https://registry.npmjs.org/retry/-/retry-0.13.1.tgz", + "integrity": "sha512-XQBQ3I8W1Cge0Seh+6gjj03LbmRFWuoszgK9ooCpwYIrhhoO80pfq4cUkU5DkknwfOfFteRwlZ56PYOGYyFWdg==", + "optional": true, + "engines": { + "node": ">= 4" + } + }, "node_modules/retry-request": { "version": "7.0.2", "resolved": "https://registry.npmjs.org/retry-request/-/retry-request-7.0.2.tgz", @@ -5157,6 +5146,31 @@ "node": ">=14" } }, + "node_modules/teeny-request/node_modules/agent-base": { + "version": "6.0.2", + "resolved": "https://registry.npmjs.org/agent-base/-/agent-base-6.0.2.tgz", + "integrity": "sha512-RZNwNclF7+MS/8bDg70amg32dyeZGZxiDuQmZxKLAlQjr3jGyLx+4Kkk58UO7D2QdgFIQCovuSuZESne6RG6XQ==", + "optional": true, + "dependencies": { + "debug": "4" + }, + "engines": { + "node": ">= 6.0.0" + } + }, + "node_modules/teeny-request/node_modules/https-proxy-agent": { + "version": "5.0.1", + "resolved": "https://registry.npmjs.org/https-proxy-agent/-/https-proxy-agent-5.0.1.tgz", + "integrity": "sha512-dFcAjpTQFgoLMzC2VwU+C/CbS7uRL0lWmxDITmqm7C+7F0Odmj6s9l6alZc6AELXhrnggM2CeWSXHGOdX2YtwA==", + "optional": true, + "dependencies": { + "agent-base": "6", + "debug": "4" + }, + "engines": { + "node": ">= 6" + } + }, "node_modules/teeny-request/node_modules/uuid": { "version": "9.0.1", "resolved": "https://registry.npmjs.org/uuid/-/uuid-9.0.1.tgz", @@ -5171,9 +5185,9 @@ } }, "node_modules/text-decoder": { - "version": "1.1.0", - "resolved": "https://registry.npmjs.org/text-decoder/-/text-decoder-1.1.0.tgz", - "integrity": "sha512-TmLJNj6UgX8xcUZo4UDStGQtDiTzF7BzWlzn9g7UWrjkpHr5uJTK1ld16wZ3LXb2vb6jH8qU89dW5whuMdXYdw==", + "version": "1.1.1", + "resolved": "https://registry.npmjs.org/text-decoder/-/text-decoder-1.1.1.tgz", + "integrity": "sha512-8zll7REEv4GDD3x4/0pW+ppIxSNs7H1J10IKFZsuOMscumCdM2a+toDGLPA3T+1+fLBql4zbt5z83GEQGGV5VA==", "dev": true, "dependencies": { "b4a": "^1.6.4" @@ -5409,15 +5423,15 @@ "integrity": "sha512-iBdZ57RDvnOR9AGBhML2vFZf7h8vmBjhoaZqODJBFWHVtKkDmKuHai3cx5PgVMrX5YDNp27AofYbAwctSS+vhQ==" }, "node_modules/winston": { - "version": "3.13.0", - "resolved": "https://registry.npmjs.org/winston/-/winston-3.13.0.tgz", - "integrity": "sha512-rwidmA1w3SE4j0E5MuIufFhyJPBDG7Nu71RkZor1p2+qHvJSZ9GYDA81AyleQcZbh/+V6HjeBdfnTZJm9rSeQQ==", + "version": "3.13.1", + "resolved": "https://registry.npmjs.org/winston/-/winston-3.13.1.tgz", + "integrity": "sha512-SvZit7VFNvXRzbqGHsv5KSmgbEYR5EiQfDAL9gxYkRqa934Hnk++zze0wANKtMHcy/gI4W/3xmSDwlhf865WGw==", "dependencies": { "@colors/colors": "^1.6.0", "@dabh/diagnostics": "^2.0.2", "async": "^3.2.3", "is-stream": "^2.0.0", - "logform": "^2.4.0", + "logform": "^2.6.0", "one-time": "^1.0.0", "readable-stream": "^3.4.0", "safe-stable-stringify": "^2.3.1", @@ -5430,12 +5444,12 @@ } }, "node_modules/winston-transport": { - "version": "4.7.0", - "resolved": "https://registry.npmjs.org/winston-transport/-/winston-transport-4.7.0.tgz", - "integrity": "sha512-ajBj65K5I7denzer2IYW6+2bNIVqLGDHqDw3Ow8Ohh+vdW+rv4MZ6eiDvHoKhfJFZ2auyN8byXieDDJ96ViONg==", + "version": "4.7.1", + "resolved": "https://registry.npmjs.org/winston-transport/-/winston-transport-4.7.1.tgz", + "integrity": "sha512-wQCXXVgfv/wUPOfb2x0ruxzwkcZfxcktz6JIMUaPLmcNhO4bZTwA/WtDWK74xV3F2dKu8YadrFv0qhwYjVEwhA==", "dependencies": { - "logform": "^2.3.2", - "readable-stream": "^3.6.0", + "logform": "^2.6.1", + "readable-stream": "^3.6.2", "triple-beam": "^1.3.0" }, "engines": { diff --git a/package.json b/package.json index acc5799..380bc3a 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "esup-otp-api", - "version": "1.5.0", + "version": "1.6.0", "description": "One time passwords api for ESUP", "author": "Alex Bouskine ", "repository": { @@ -17,9 +17,9 @@ "geoip-lite": "^1.4.10", "ldapjs-promise": "^3.0.6", "lodash": "4.17.21", - "mongoose": "^8.4.4", + "mongoose": "^8.5.1", "mysql2": "^3.10.2", - "node-device-detector": "^2.1.1", + "node-device-detector": "^2.1.2", "nodemailer": "~6.9.10", "otplib": "^12.0.1", "qrcode": "^1.5.3", @@ -29,7 +29,7 @@ "socket.io-client": "~4.7.4", "swagger-ui-restify": "github:jamidon/swagger-ui-restify#bcaca4172c57b7df111f718ccd425707a6209b0f", "undici": "^6.19.2", - "winston": "^3.13.0" + "winston": "^3.13.1" }, "overrides": { "swagger-ui-restify": { @@ -44,7 +44,7 @@ }, "devDependencies": { "eslint": "^8.57.0", - "mongodb-memory-server": "^9.4.0", + "mongodb-memory-server": "^9.4.1", "supertest": "^6.3.4" } } diff --git a/server/routes.js b/server/routes.js index e414b30..aab5d0a 100644 --- a/server/routes.js +++ b/server/routes.js @@ -17,7 +17,8 @@ export function initialize(server, version) { return Promise.all([ initializeUnprotectedRoutes(server, version), - initializeUserRoutes(server), + initializeEsupAuthRoutes(server), + initializeCasOtpClientRoutes(server), initializeWebAuthnRoutes(server), initializeNfcRoutes(server), initializeProtectedRoutes(server), @@ -69,28 +70,28 @@ async function initializeOpenapiRoutes(server, version) { /** * @param { restify.Server } server */ -async function initializeUserRoutes(server) { - //app +async function initializeCasOtpClientRoutes(server) { + server.get("/users/:uid/:hash", validator.check_hash, api_controller.get_user_infos); + server.post("/users/:uid/methods/:method/transports/:transport/:hash", validator.check_hash, api_controller.send_message); + // push + server.post("/users/:uid/methods/:method/transports/push/:lt/:hash", validator.check_hash, api_controller.send_message); server.get("/users/:uid/methods/:method/:loginTicket/:hash", validator.check_hash, api_controller.check_accept_authentication); + // WebAuthn + server.post("/users/:uid/webauthn/login/:hash", validator.check_hash, api_controller.verify_webauthn_auth); + server.post("/users/:uid/methods/webauthn/secret/:hash", validator.check_hash, api_controller.generate_webauthn_method_secret); +} + +/** + * @param { restify.Server } server + */ +async function initializeEsupAuthRoutes(server) { server.get("/users/:uid/methods/:method/:tokenSecret", api_controller.pending); server.post("/users/:uid/methods/:method/:loginTicket/:tokenSecret", api_controller.accept_authentication); server.post("/users/:uid/methods/:method/autoActivateTotp/:tokenSecret", api_controller.autoActivateTotp); - server.post("/users/:uid/methods/:method/transports/push/:lt/:hash", validator.check_hash, api_controller.send_message); - server.get("/users/:uid/transports/:transport/test/:hash", validator.check_hash, api_controller.transport_test); - server.put("/users/:uid/transports/:transport/:new_transport/:hash", validator.check_hash, userDb_controller.update_transport); - server.get("/users/:uid/transports/:transport/:new_transport/test/:hash", validator.check_hash, api_controller.new_transport_test); - server.del("/users/:uid/transports/:transport/:hash", validator.check_hash, userDb_controller.delete_transport); - server.post("/users/:uid/methods/:method/secret/:hash", validator.check_hash, api_controller.generate_method_secret); - server.put("/users/:uid/methods/:method/deactivate/:hash", validator.check_hash, api_controller.deactivate_method); - server.put("/users/:uid/methods/:method/activate/:hash", validator.check_hash, api_controller.activate_method); server.post("/users/:uid/methods/push/activate/:activation_code/:gcm_id/:platform/:manufacturer/:model", api_controller.confirm_activate_push); - server.post("/users/:uid/methods/:method/activate/:activation_code/:hash", validator.check_hash, api_controller.confirm_activate_method); server.post("/users/:uid/methods/:method/refresh/:tokenSecret/:gcm_id/:gcm_id_refreshed", api_controller.refresh_gcm_id_method); server.del("/users/:uid/methods/:method/:tokenSecret", api_controller.desync); - //user_hash - server.get("/users/:uid/:hash", validator.check_hash, api_controller.get_user_infos); - server.post("/users/:uid/methods/:method/transports/:transport/:hash", validator.check_hash, api_controller.send_message); } /** @@ -107,21 +108,14 @@ async function initializeNfcRoutes(server) { * @param { restify.Server } server */ async function initializeWebAuthnRoutes(server) { - // USER - server.post("/users/:uid/methods/:method/confirm_activate/:hash", validator.check_hash, api_controller.confirm_activate_method); - server.post("/users/:uid/methods/:method/auth/:authenticator_id/:hash", validator.check_hash, api_controller.change_method_special); - server.del("/users/:uid/methods/:method/auth/:authenticator_id/:hash", validator.check_hash, api_controller.delete_method_special); - // MANAGER server.post("/protected/users/:uid/methods/:method/confirm_activate", validator.check_api_password, api_controller.confirm_activate_method); server.post("/protected/users/:uid/methods/:method/auth/:authenticator_id", validator.check_api_password, api_controller.change_method_special); server.del("/protected/users/:uid/methods/:method/auth/:authenticator_id", validator.check_api_password, api_controller.delete_method_special); - - // CAS-OTP - server.post("/users/:uid/webauthn/login/:hash", validator.check_hash, api_controller.verify_webauthn_auth); } /** + * routes used by manager or simple user in esup-otp-manager * @param { restify.Server } server */ async function initializeProtectedRoutes(server) {