Merge branch 'master' into authinfo-assignprop

Author: jaredhanson

.github/workflows/node.yml

@@ -0,0 +1,42 @@
+# This workflow will do a clean install of node dependencies, cache/restore them, build the source code and run tests across different versions of node
+# For more information see: https://help.github.com/actions/language-and-framework-guides/using-nodejs-with-github-actions
+
+name: Node.js CI
+
+on:
+  push:
+    branches: [ master ]
+  pull_request:
+    branches: [ master ]
+
+jobs:
+  build:
+
+    runs-on: ubuntu-latest
+
+    strategy:
+      matrix:
+        node-version:
+          - '17'
+          - '16'
+          - '14'
+          - '12'
+          - '10'
+          - '8'
+          - '6'
+          - '4'
+          # - '3' # io.js
+          # - '2' # io.js
+          # - '1' # io.js
+          - '0.12'
+          - '0.10'
+          # - '0.8'
+
+    steps:
+    - uses: actions/checkout@v2
+    - name: Use Node.js ${{ matrix.node-version }}
+      uses: actions/setup-node@v2
+      with:
+        node-version: ${{ matrix.node-version }}
+    - run: npm install
+    - run: npm test

CHANGELOG.md

@@ -0,0 +1,76 @@
+# Changelog
+All notable changes to this project will be documented in this file.
+
+The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
+and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+
+## [Unreleased]
+
+## [0.6.0] - 2022-05-20
+### Added
+- `authenticate()`, `req#login`, and `req#logout` accept a
+`keepSessionInfo: true` option to keep session information after regenerating
+the session.
+
+### Changed
+
+- `req#login()` and `req#logout()` regenerate the the session and clear session
+information by default.
+- `req#logout()` is now an asynchronous function and requires a callback
+function as the last argument.
+
+### Security
+
+- Improved robustness against session fixation attacks in cases where there is
+physical access to the same system or the application is susceptible to
+cross-site scripting (XSS).
+
+## [0.5.3] - 2022-05-16
+### Fixed
+
+- `initialize()` middleware extends request with `login()`, `logIn()`,
+`logout()`, `logOut()`, `isAuthenticated()`, and `isUnauthenticated()` functions
+again, reverting change from 0.5.1.
+
+## [0.5.2] - 2021-12-16
+### Fixed
+- Introduced a compatibility layer for strategies that depend directly on
+`[email protected]` or earlier (such as `passport-azure-ad`), which were
+broken by the removal of private variables in `[email protected]`.
+
+## [0.5.1] - 2021-12-15
+### Added
+- Informative error message in session strategy if session support is not
+available.
+
+### Changed
+
+- `authenticate()` middleware, rather than `initialize()` middleware, extends
+request with `login()`, `logIn()`, `logout()`, `logOut()`, `isAuthenticated()`,
+and `isUnauthenticated()` functions.
+
+## [0.5.0] - 2021-09-23
+### Changed
+
+- `initialize()` middleware extends request with `login()`, `logIn()`,
+`logout()`, `logOut()`, `isAuthenticated()`, and `isUnauthenticated()`
+functions.
+
+### Removed
+
+- `login()`, `logIn()`, `logout()`, `logOut()`, `isAuthenticated()`, and
+`isUnauthenticated()` functions no longer added to `http.IncomingMessage.prototype`.
+
+### Fixed
+
+- `userProperty` option to `initialize()` middleware only affects the current
+request, rather than all requests processed via singleton Passport instance,
+eliminating a race condition in situations where `initialize()` middleware is
+used multiple times in an application with `userProperty` set to different
+values.
+
+[Unreleased]: https://github.com/jaredhanson/passport/compare/v0.6.0...HEAD
+[0.6.0]: https://github.com/jaredhanson/passport/compare/v0.5.3...v0.6.0
+[0.5.3]: https://github.com/jaredhanson/passport/compare/v0.5.2...v0.5.3
+[0.5.2]: https://github.com/jaredhanson/passport/compare/v0.5.1...v0.5.2
+[0.5.1]: https://github.com/jaredhanson/passport/compare/v0.5.0...v0.5.1

LICENSE

@@ -1,6 +1,6 @@
 The MIT License (MIT)
 
-Copyright (c) 2011-2019 Jared Hanson
+Copyright (c) 2011-2021 Jared Hanson
 
 Permission is hereby granted, free of charge, to any person obtaining a copy of
 this software and associated documentation files (the "Software"), to deal in

Makefile

@@ -21,5 +21,8 @@ clean: clean-docs clean-cov
 clobber: clean
 	-rm -r node_modules
 
+html:
+	jsdoc -c etc/jsdoc.json -d ./doc $(SOURCES)
+
 
 .PHONY: clean clobber

README.md

@@ -17,11 +17,22 @@ hooks for controlling what occurs when authentication succeeds or fails.
 <p align="center">
   <sup>Sponsors</sup>
   <br>
-  <a href="https://www.loginradius.com/?utm_source=sponsership&utm_medium=github&utm_campaign=jaredhanson"><img src="https://raw.githubusercontent.com/jaredhanson/passport/master/sponsors/loginradius.png"></a><br/>
-  <a href="https://accounts.loginradius.com/auth.aspx?action=register?utm_source=sponsership&utm_medium=github&utm_campaign=jaredhanson">LoginRadius</a> is built for the developer community to integrate robust Authentication and Single Sign-On in just a few lines of code.<br/><a href="https://accounts.loginradius.com/auth.aspx?action=register?utm_source=sponsership&utm_medium=github&utm_campaign=jaredhanson">FREE Signup</a>
-  <br><br>
   <a href="https://workos.com/?utm_campaign=github_repo&utm_medium=referral&utm_content=passport_js&utm_source=github"><img src="https://raw.githubusercontent.com/jaredhanson/passport/master/sponsors/workos.png"></a><br/>
   <a href="https://workos.com/?utm_campaign=github_repo&utm_medium=referral&utm_content=passport_js&utm_source=github"><b>Your app, enterprise-ready.</b><br/>Start selling to enterprise customers with just a few lines of code. Add Single Sign-On (and more) in minutes instead of months.</a>
+  <br>
+  <br>
+  <a href="https://www.descope.com/?utm_source=PassportJS&utm_medium=referral&utm_campaign=oss-sponsorship">
+    <picture>
+      <source media="(prefers-color-scheme: dark)" srcset="https://raw.githubusercontent.com/jaredhanson/passport/master/sponsors/descope-dark.svg">
+      <source media="(prefers-color-scheme: light)" srcset="https://raw.githubusercontent.com/jaredhanson/passport/master/sponsors/descope.svg">
+      <img src="https://raw.githubusercontent.com/jaredhanson/passport/master/sponsors/descope.svg" width="275">
+    </picture>
+  </a><br/>
+  <a href="https://www.descope.com/?utm_source=PassportJS&utm_medium=referral&utm_campaign=oss-sponsorship"><b>Drag and drop your auth</b><br/>Add authentication and user management to your consumer and business apps with a few lines of code.</a>
+  <br>
+  <br>
+  <a href="https://fusionauth.io/?utm_source=passportjs&utm_medium=referral&utm_campaign=sponsorship"><img src="https://raw.githubusercontent.com/jaredhanson/passport/master/sponsors/fusionauth.png" width="275"></a><br/>
+  <a href="https://fusionauth.io/?utm_source=passportjs&utm_medium=referral&utm_campaign=sponsorship"><b>Auth. Built for Devs, by Devs</b><br/>Add login, registration, SSO, MFA, and a bazillion other features to your app in minutes. Integrates with any codebase and installs on any server, anywhere in the world.</a>
 </p>
 
 ---
@@ -171,4 +182,4 @@ that build upon or integrate with Passport.
 
 [The MIT License](http://opensource.org/licenses/MIT)
 
-Copyright (c) 2011-2019 Jared Hanson <[http://jaredhanson.net/](http://jaredhanson.net/)>
+Copyright (c) 2011-2021 Jared Hanson <[https://www.jaredhanson.me/](https://www.jaredhanson.me/)>

SPONSORS.md

@@ -1,11 +1,17 @@
 ## Gold Sponsors
 
-[![LoginRadius](https://raw.githubusercontent.com/jaredhanson/passport/master/sponsors/loginradius.png)](https://www.loginradius.com/)
-<br><br>
 [![WorkOS](https://raw.githubusercontent.com/jaredhanson/passport/master/sponsors/workos.png)](https://workos.com/)
+<br>
+[![Snyk](https://raw.githubusercontent.com/jaredhanson/passport/master/sponsors/snyk.png)](https://snyk.io/)
 
 ## Sponsors
 
 - [CodePilot.ai](https://codepilot.ai/)
+- [Jeremy Combs](https://github.com/jmcombs)
+- [Gadget](https://gadget.dev/)
 - Kelly Burke
 - [Matt Miller](https://mmiller.me/)
+
+## Past Sponsors
+
+- [LoginRadius](https://www.loginradius.com/)

etc/jsdoc.json

@@ -0,0 +1,3 @@
+{
+  "plugins": ["plugins/markdown"]
+}