diff --git a/Parse-Dashboard/Authentication.js b/Parse-Dashboard/Authentication.js index 2ba4318f0..da2bf8907 100644 --- a/Parse-Dashboard/Authentication.js +++ b/Parse-Dashboard/Authentication.js @@ -3,7 +3,8 @@ const bcrypt = require('bcryptjs'); const csrf = require('csurf'); const passport = require('passport'); const LocalStrategy = require('passport-local').Strategy; -const OTPAuth = require('otpauth') +const OTPAuth = require('otpauth'); +const session = require('express-session'); /** * Constructor for Authentication class @@ -55,34 +56,46 @@ function initialize(app, options) { const cookieSessionSecret = options.cookieSessionSecret || require('crypto').randomBytes(64).toString('hex'); const cookieSessionMaxAge = options.cookieSessionMaxAge; + app.use(require('connect-flash')()); app.use(require('body-parser').urlencoded({ extended: true })); - app.use(require('cookie-session')({ - key : 'parse_dash', - secret : cookieSessionSecret, - maxAge : cookieSessionMaxAge + + app.use(session({ + name: 'parse_dash', + secret: cookieSessionSecret, + resave: false, + saveUninitialized: false, + cookie: { + maxAge: cookieSessionMaxAge, + httpOnly: true, + secure: process.env.NODE_ENV === 'production', + sameSite: 'lax' + } })); + app.use(passport.initialize()); app.use(passport.session()); app.post('/login', csrf(), - (req,res,next) => { + (req, res, next) => { let redirect = 'apps'; if (req.body.redirect) { - redirect = req.body.redirect.charAt(0) === '/' ? req.body.redirect.substring(1) : req.body.redirect + redirect = req.body.redirect.charAt(0) === '/' ? req.body.redirect.substring(1) : req.body.redirect; } return passport.authenticate('local', { successRedirect: `${self.mountPath}${redirect}`, failureRedirect: `${self.mountPath}login${req.body.redirect ? `?redirect=${req.body.redirect}` : ''}`, - failureFlash : true - })(req, res, next) + failureFlash: true + })(req, res, next); }, ); - app.get('/logout', function(req, res){ - req.logout(); - res.redirect(`${self.mountPath}login`); + app.get('/logout', function(req, res, next) { + req.logout(function(err) { + if (err) { return next(err); } + res.redirect(`${self.mountPath}login`); + }); }); } diff --git a/package-lock.json b/package-lock.json index 7734cfb07..2b2b1367b 100644 --- a/package-lock.json +++ b/package-lock.json @@ -15,11 +15,11 @@ "body-parser": "2.2.0", "commander": "13.1.0", "connect-flash": "0.1.1", - "cookie-session": "2.1.0", "copy-to-clipboard": "3.3.3", "core-js": "3.41.0", "csurf": "1.11.0", "express": "4.21.2", + "express-session": "1.18.1", "graphiql": "2.0.8", "graphql": "16.11.0", "immutable": "5.1.2", @@ -29,7 +29,7 @@ "otpauth": "8.0.3", "package-json": "7.0.0", "parse": "3.5.1", - "passport": "0.5.3", + "passport": "0.7.0", "passport-local": "1.0.0", "prismjs": "1.30.0", "prop-types": "15.8.1", @@ -8750,75 +8750,11 @@ "node": ">= 0.6" } }, - "node_modules/cookie-session": { - "version": "2.1.0", - "resolved": "https://registry.npmjs.org/cookie-session/-/cookie-session-2.1.0.tgz", - "integrity": "sha512-u73BDmR8QLGcs+Lprs0cfbcAPKl2HnPcjpwRXT41sEV4DRJ2+W0vJEEZkG31ofkx+HZflA70siRIjiTdIodmOQ==", - "license": "MIT", - "dependencies": { - "cookies": "0.9.1", - "debug": "3.2.7", - "on-headers": "~1.0.2", - "safe-buffer": "5.2.1" - }, - "engines": { - "node": ">= 0.10" - } - }, - "node_modules/cookie-session/node_modules/debug": { - "version": "3.2.7", - "resolved": "https://registry.npmjs.org/debug/-/debug-3.2.7.tgz", - "integrity": "sha512-CFjzYYAi4ThfiQvizrFQevTTXHtnCqWfe7x1AhgEscTz6ZbLbfoLRLPugTQyBth6f8ZERVUSyWHFD/7Wu4t1XQ==", - "dependencies": { - "ms": "^2.1.1" - } - }, - "node_modules/cookie-session/node_modules/safe-buffer": { - "version": "5.2.1", - "resolved": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.2.1.tgz", - "integrity": "sha512-rp3So07KcdmmKbGvgaNxQSJr7bGVSVk5S9Eq1F+ppbRo70+YeaDxkw5Dd8NPN+GD6bjnYm2VuPuCXmpuYvmCXQ==", - "funding": [ - { - "type": "github", - "url": "https://github.com/sponsors/feross" - }, - { - "type": "patreon", - "url": "https://www.patreon.com/feross" - }, - { - "type": "consulting", - "url": "https://feross.org/support" - } - ] - }, "node_modules/cookie-signature": { "version": "1.0.6", "resolved": "https://registry.npmjs.org/cookie-signature/-/cookie-signature-1.0.6.tgz", "integrity": "sha1-4wOogrNCzD7oylE6eZmXNNqzriw=" }, - "node_modules/cookies": { - "version": "0.9.1", - "resolved": "https://registry.npmjs.org/cookies/-/cookies-0.9.1.tgz", - "integrity": "sha512-TG2hpqe4ELx54QER/S3HQ9SRVnQnGBtKUz5bLQWtYAQ+o6GpgMs6sYUvaiJjVxb+UXwhRhAEP3m7LbsIZ77Hmw==", - "license": "MIT", - "dependencies": { - "depd": "~2.0.0", - "keygrip": "~1.1.0" - }, - "engines": { - "node": ">= 0.8" - } - }, - "node_modules/cookies/node_modules/depd": { - "version": "2.0.0", - "resolved": "https://registry.npmjs.org/depd/-/depd-2.0.0.tgz", - "integrity": "sha512-g7nH6P6dyDioJogAAGprGpCtVImJhpPk/roCzdb3fIh61/s/nPsfR6onyMwkCAR/OlC3yBC0lESvUoQEAssIrw==", - "license": "MIT", - "engines": { - "node": ">= 0.8" - } - }, "node_modules/copy-to-clipboard": { "version": "3.3.3", "resolved": "https://registry.npmjs.org/copy-to-clipboard/-/copy-to-clipboard-3.3.3.tgz", @@ -10943,6 +10879,84 @@ "url": "https://opencollective.com/express" } }, + "node_modules/express-session": { + "version": "1.18.1", + "resolved": "https://registry.npmjs.org/express-session/-/express-session-1.18.1.tgz", + "integrity": "sha512-a5mtTqEaZvBCL9A9aqkrtfz+3SMDhOVUnjafjo+s7A9Txkq+SVX2DLvSp1Zrv4uCXa3lMSK3viWnh9Gg07PBUA==", + "license": "MIT", + "dependencies": { + "cookie": "0.7.2", + "cookie-signature": "1.0.7", + "debug": "2.6.9", + "depd": "~2.0.0", + "on-headers": "~1.0.2", + "parseurl": "~1.3.3", + "safe-buffer": "5.2.1", + "uid-safe": "~2.1.5" + }, + "engines": { + "node": ">= 0.8.0" + } + }, + "node_modules/express-session/node_modules/cookie": { + "version": "0.7.2", + "resolved": "https://registry.npmjs.org/cookie/-/cookie-0.7.2.tgz", + "integrity": "sha512-yki5XnKuf750l50uGTllt6kKILY4nQ1eNIQatoXEByZ5dWgnKqbnqmTrBE5B4N7lrMJKQ2ytWMiTO2o0v6Ew/w==", + "license": "MIT", + "engines": { + "node": ">= 0.6" + } + }, + "node_modules/express-session/node_modules/cookie-signature": { + "version": "1.0.7", + "resolved": "https://registry.npmjs.org/cookie-signature/-/cookie-signature-1.0.7.tgz", + "integrity": "sha512-NXdYc3dLr47pBkpUCHtKSwIOQXLVn8dZEuywboCOJY/osA0wFSLlSawr3KN8qXJEyX66FcONTH8EIlVuK0yyFA==", + "license": "MIT" + }, + "node_modules/express-session/node_modules/debug": { + "version": "2.6.9", + "resolved": "https://registry.npmjs.org/debug/-/debug-2.6.9.tgz", + "integrity": "sha512-bC7ElrdJaJnPbAP+1EotYvqZsb3ecl5wi6Bfi6BJTUcNowp6cvspg0jXznRTKDjm/E7AdgFBVeAPVMNcKGsHMA==", + "license": "MIT", + "dependencies": { + "ms": "2.0.0" + } + }, + "node_modules/express-session/node_modules/depd": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/depd/-/depd-2.0.0.tgz", + "integrity": "sha512-g7nH6P6dyDioJogAAGprGpCtVImJhpPk/roCzdb3fIh61/s/nPsfR6onyMwkCAR/OlC3yBC0lESvUoQEAssIrw==", + "license": "MIT", + "engines": { + "node": ">= 0.8" + } + }, + "node_modules/express-session/node_modules/ms": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz", + "integrity": "sha512-Tpp60P6IUJDTuOq/5Z8cdskzJujfwqfOTkrwIwj7IRISpnkJnT6SyJ4PCPnGMoFjC9ddhal5KVIYtAt97ix05A==", + "license": "MIT" + }, + "node_modules/express-session/node_modules/safe-buffer": { + "version": "5.2.1", + "resolved": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.2.1.tgz", + "integrity": "sha512-rp3So07KcdmmKbGvgaNxQSJr7bGVSVk5S9Eq1F+ppbRo70+YeaDxkw5Dd8NPN+GD6bjnYm2VuPuCXmpuYvmCXQ==", + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/feross" + }, + { + "type": "patreon", + "url": "https://www.patreon.com/feross" + }, + { + "type": "consulting", + "url": "https://feross.org/support" + } + ], + "license": "MIT" + }, "node_modules/express/node_modules/body-parser": { "version": "1.20.3", "resolved": "https://registry.npmjs.org/body-parser/-/body-parser-1.20.3.tgz", @@ -14966,18 +14980,6 @@ "node": ">=4.0" } }, - "node_modules/keygrip": { - "version": "1.1.0", - "resolved": "https://registry.npmjs.org/keygrip/-/keygrip-1.1.0.tgz", - "integrity": "sha512-iYSchDJ+liQ8iwbSI2QqsQOvqv58eJCEanyJPJi+Khyu8smkcKSFUCbPwzFcL7YVtZ6eONjqRX/38caJ7QjRAQ==", - "license": "MIT", - "dependencies": { - "tsscmp": "1.0.6" - }, - "engines": { - "node": ">= 0.6" - } - }, "node_modules/keyv": { "version": "4.5.4", "resolved": "https://registry.npmjs.org/keyv/-/keyv-4.5.4.tgz", @@ -19277,12 +19279,14 @@ } }, "node_modules/passport": { - "version": "0.5.3", - "resolved": "https://registry.npmjs.org/passport/-/passport-0.5.3.tgz", - "integrity": "sha512-gGc+70h4gGdBWNsR3FuV3byLDY6KBTJAIExGFXTpQaYfbbcHCBlRRKx7RBQSpqEqc5Hh2qVzRs7ssvSfOpkUEA==", + "version": "0.7.0", + "resolved": "https://registry.npmjs.org/passport/-/passport-0.7.0.tgz", + "integrity": "sha512-cPLl+qZpSc+ireUvt+IzqbED1cHHkDoVYMo30jbJIdOOjQ1MQYZBPiNvmi8UM6lJuOpTPXJGZQk0DtC4y61MYQ==", + "license": "MIT", "dependencies": { "passport-strategy": "1.x.x", - "pause": "0.0.1" + "pause": "0.0.1", + "utils-merge": "^1.0.1" }, "engines": { "node": ">= 0.4.0" diff --git a/package.json b/package.json index 83868163e..60ca71145 100644 --- a/package.json +++ b/package.json @@ -41,11 +41,11 @@ "body-parser": "2.2.0", "commander": "13.1.0", "connect-flash": "0.1.1", - "cookie-session": "2.1.0", "copy-to-clipboard": "3.3.3", "core-js": "3.41.0", "csurf": "1.11.0", "express": "4.21.2", + "express-session": "1.18.1", "graphiql": "2.0.8", "graphql": "16.11.0", "immutable": "5.1.2", @@ -55,7 +55,7 @@ "otpauth": "8.0.3", "package-json": "7.0.0", "parse": "3.5.1", - "passport": "0.5.3", + "passport": "0.7.0", "passport-local": "1.0.0", "prismjs": "1.30.0", "prop-types": "15.8.1",