diff --git a/.travis.yml b/.travis.yml index e402bb0..510f5a2 100644 --- a/.travis.yml +++ b/.travis.yml @@ -4,6 +4,7 @@ node_js: - "6" - "5" - "4" +after_success: yarn run coverage addons: apt: sources: diff --git a/README.md b/README.md index 3c462f8..788f2e6 100644 --- a/README.md +++ b/README.md @@ -1,11 +1,16 @@ # bookshelf-secure-password + +[![Version](https://img.shields.io/npm/v/bookshelf-secure-password.svg)](https://www.npmjs.com/package/bookshelf-secure-password) +[![Build Status](https://img.shields.io/travis/venables/bookshelf-secure-password/master.svg)](https://travis-ci.org/venables/bookshelf-secure-password) +[![Coverage Status](https://img.shields.io/coveralls/venables/bookshelf-secure-password.svg)](https://coveralls.io/github/venables/bookshelf-secure-password) [![Dependency Status](https://david-dm.org/venables/bookshelf-secure-password.png)](https://david-dm.org/venables/bookshelf-secure-password) [![Standard - JavaScript Style Guide](https://img.shields.io/badge/code_style-standard-brightgreen.svg)](http://standardjs.com/) +[![Downloads](https://img.shields.io/npm/dm/bookshelf-secure-password.svg)](https://www.npmjs.com/package/bookshelf-secure-password) A Bookshelf.js plugin for handling secure passwords. -Adds a method to securely set and authenticate a password. +Adds a method to securely set and authenticate a password using BCrypt. Similar to [has_secure_password](http://api.rubyonrails.org/classes/ActiveModel/SecurePassword/ClassMethods.html) in Ruby on Rails. @@ -23,7 +28,7 @@ npm install bookshelf-secure-password --save ## Usage -1. Initialize the plugin +1. Enable the plugin in your Bookshelf setup ```javascript const bookshelf = require('bookshelf')(knex) @@ -41,7 +46,7 @@ npm install bookshelf-secure-password --save }) ``` - By default, this requires a field on the table named `password_digest`. To use a different column, simply set `true` to be the column name. For example: + By default, this will use the database column named `password_digest`. To use a different column, simply change `true` to be the column name. For example: ```javascript const User = bookshelf.Model.extend({ @@ -50,13 +55,14 @@ npm install bookshelf-secure-password --save }) ``` -3. To authenticate against the password, simply call the instance method `authenticate`: +3. To authenticate against the password, simply call the instance method `authenticate`, which returns a `Promise` resolving to the authenticated Model. ```javascript user.authenticate('some-password').then(function (user) { // do something with the authenticated user }, function (err) { - // invalid password + // invalid password. + // `err` will be of type `PasswordMismatchError`, which extends the `Error` class }) ``` @@ -79,7 +85,7 @@ function signUp (email, password) { /** * Sign in with a given email, password combination * - * @returns {Promise.} A promise resolving to the authenticated User, or rejected with an error. + * @returns {Promise.} A promise resolving to the authenticated User, or rejected with a `PasswordMismatchError`. */ function signIn (email, password) { return User.forge({ email: email }) @@ -92,6 +98,7 @@ function signIn (email, password) { ## Notes +* BCrypt requires that passwords are 72 characters maximum (it ignores characters after 72). * This library uses the bcrypt synchronous methods when setting a password. This is to ensure the raw password is never stored on the model (in memory, or otherwise). * This library enables the built-in `virtuals` plugin on Bookshelf. diff --git a/package.json b/package.json index b39cf77..4487af0 100644 --- a/package.json +++ b/package.json @@ -4,7 +4,8 @@ "description": "A Bookshelf.js plugin for handling secure passwords", "main": "lib/secure-password.js", "scripts": { - "test": "NODE_ENV=test ./node_modules/.bin/nyc ./node_modules/.bin/mocha 'test/**/*.spec.js'" + "test": "NODE_ENV=test ./node_modules/.bin/nyc ./node_modules/.bin/mocha 'test/**/*.spec.js'", + "coverage": "./node_modules/.bin/nyc report --reporter=text-lcov | ./node_modules/.bin/coveralls" }, "repository": { "type": "git", @@ -34,6 +35,7 @@ "devDependencies": { "bookshelf": "^0.10.3", "chai": "^3.5.0", + "coveralls": "^2.11.16", "knex": "^0.12.6", "mocha": "^3.2.0", "nyc": "^10.1.2" diff --git a/yarn.lock b/yarn.lock index 56f6f65..e06b24c 100644 --- a/yarn.lock +++ b/yarn.lock @@ -47,6 +47,12 @@ are-we-there-yet@~1.1.2: delegates "^1.0.0" readable-stream "^2.0.0 || ^1.1.13" +argparse@^1.0.7: + version "1.0.9" + resolved "https://registry.yarnpkg.com/argparse/-/argparse-1.0.9.tgz#73d83bc263f86e97f8cc4f6bae1b0e90a7d22c86" + dependencies: + sprintf-js "~1.0.2" + arr-diff@^2.0.0: version "2.0.0" resolved "https://registry.yarnpkg.com/arr-diff/-/arr-diff-2.0.0.tgz#8f3b827f955a8bd669697e4a4256ac3ceae356cf" @@ -349,6 +355,16 @@ core-util-is@~1.0.0: version "1.0.2" resolved "https://registry.yarnpkg.com/core-util-is/-/core-util-is-1.0.2.tgz#b5fd54220aa2bc5ab57aab7140c940754503c1a7" +coveralls@^2.11.16: + version "2.11.16" + resolved "https://registry.yarnpkg.com/coveralls/-/coveralls-2.11.16.tgz#da9061265142ddee954f68379122be97be8ab4b1" + dependencies: + js-yaml "3.6.1" + lcov-parse "0.0.10" + log-driver "1.2.5" + minimist "1.2.0" + request "2.79.0" + create-error@~0.3.1: version "0.3.1" resolved "https://registry.yarnpkg.com/create-error/-/create-error-0.3.1.tgz#69810245a629e654432bf04377360003a5351a23" @@ -442,6 +458,10 @@ escape-string-regexp@1.0.5, escape-string-regexp@^1.0.2: version "1.0.5" resolved "https://registry.yarnpkg.com/escape-string-regexp/-/escape-string-regexp-1.0.5.tgz#1b61c0562190a8dff6ae3bb2cf0200ca130b86d4" +esprima@^2.6.0: + version "2.7.3" + resolved "https://registry.yarnpkg.com/esprima/-/esprima-2.7.3.tgz#96e3b70d5779f6ad49cd032673d1c312767ba581" + esutils@^2.0.2: version "2.0.2" resolved "https://registry.yarnpkg.com/esutils/-/esutils-2.0.2.tgz#0abf4f1caa5bcb1f7a9d8acc6dea4faaa04bac9b" @@ -948,6 +968,13 @@ js-tokens@^3.0.0: version "3.0.1" resolved "https://registry.yarnpkg.com/js-tokens/-/js-tokens-3.0.1.tgz#08e9f132484a2c45a30907e9dc4d5567b7f114d7" +js-yaml@3.6.1: + version "3.6.1" + resolved "https://registry.yarnpkg.com/js-yaml/-/js-yaml-3.6.1.tgz#6e5fe67d8b205ce4d22fad05b7781e8dadcc4b30" + dependencies: + argparse "^1.0.7" + esprima "^2.6.0" + jsbn@~0.1.0: version "0.1.1" resolved "https://registry.yarnpkg.com/jsbn/-/jsbn-0.1.1.tgz#a5e654c2e5a2deb5f201d96cefbca80c0ef2f513" @@ -1018,6 +1045,10 @@ lcid@^1.0.0: dependencies: invert-kv "^1.0.0" +lcov-parse@0.0.10: + version "0.0.10" + resolved "https://registry.yarnpkg.com/lcov-parse/-/lcov-parse-0.0.10.tgz#1b0b8ff9ac9c7889250582b70b71315d9da6d9a3" + liftoff@~2.2.0: version "2.2.5" resolved "https://registry.yarnpkg.com/liftoff/-/liftoff-2.2.5.tgz#998c2876cff484b103e4423b93d356da44734c91" @@ -1089,6 +1120,10 @@ lodash@^4.13.1, lodash@^4.2.0, lodash@^4.6.0: version "4.17.4" resolved "https://registry.yarnpkg.com/lodash/-/lodash-4.17.4.tgz#78203a4d1c328ae1d86dca6460e369b57f4055ae" +log-driver@1.2.5: + version "1.2.5" + resolved "https://registry.yarnpkg.com/log-driver/-/log-driver-1.2.5.tgz#7ae4ec257302fd790d557cb10c97100d857b0056" + longest@^1.0.1: version "1.0.1" resolved "https://registry.yarnpkg.com/longest/-/longest-1.0.1.tgz#30a0b2da38f73770e8294a0d22e6625ed77d0097" @@ -1160,7 +1195,7 @@ minimist@0.0.8, minimist@~0.0.1: version "0.0.8" resolved "https://registry.yarnpkg.com/minimist/-/minimist-0.0.8.tgz#857fcabfc3397d2625b8228262e86aa7a011b05d" -minimist@^1.2.0: +minimist@1.2.0, minimist@^1.2.0: version "1.2.0" resolved "https://registry.yarnpkg.com/minimist/-/minimist-1.2.0.tgz#a35008b20f41383eec1fb914f4cd5df79a264284" @@ -1486,7 +1521,7 @@ repeating@^2.0.0: dependencies: is-finite "^1.0.0" -request@^2.79.0: +request@2.79.0, request@^2.79.0: version "2.79.0" resolved "https://registry.yarnpkg.com/request/-/request-2.79.0.tgz#4dfe5bf6be8b8cdc37fcf93e04b65577722710de" dependencies: @@ -1607,6 +1642,10 @@ spdx-license-ids@^1.0.2: version "1.2.2" resolved "https://registry.yarnpkg.com/spdx-license-ids/-/spdx-license-ids-1.2.2.tgz#c9df7a3424594ade6bd11900d596696dc06bac57" +sprintf-js@~1.0.2: + version "1.0.3" + resolved "https://registry.yarnpkg.com/sprintf-js/-/sprintf-js-1.0.3.tgz#04e6926f662895354f3dd015203633b857297e2c" + sshpk@^1.7.0: version "1.10.2" resolved "https://registry.yarnpkg.com/sshpk/-/sshpk-1.10.2.tgz#d5a804ce22695515638e798dbe23273de070a5fa"