First round of node-module updates (#311)

* Bump dependencies (non-dev) with audit fix --force * Use default JSDOC template * Downgrade raml2html to fit docs version * Make eslint happy TODO: Fix the warnings and reset to error at some point * Fix jwt breaking change by exposing allowInsecureKeySizes * Fix failing test * Add missing jwt settings in tests * Fix error handling in SWM test --------- Co-authored-by: Patrik Meijer <[email protected]>
webgme · Aug 21, 2023 · e4f2082 · e4f2082
1 parent 7677c9d
commit e4f2082
Show file tree

Hide file tree

Showing 18 changed files with 6,081 additions and 15,182 deletions.
diff --git a/.eslintrc.json b/.eslintrc.json
@@ -10,6 +10,8 @@
  "rules": {
  "no-bitwise": 2,
  "camelcase": 2,
+ "no-prototype-builtins": "warn",
+ "no-redeclare": "warn",
  "curly": [
  2,
  "all"

diff --git a/config/README.md b/config/README.md
@@ -95,6 +95,8 @@ Modification of arrays is not support, but non-existing config sub-group (object
 - `config.authentication.jwt.publicKey = './src/server/middleware/auth/EXAMPLE_PRIVATE_KEY'`
  - Public RSA256 key used when evaluating tokens.
 - `config.authentication.jwt.algorithm = 'RS256'`
+ - Allow RSA keys to be smaller than 2048-bits. This should be set to false to avoid warning message at config load.
+- `config.authentication.jwt.allowInsecureKeySizes = true`
  - The algorithm used for encryption (should not be edited w/o changing keys appropriately).
 - `config.authentication.jwt.tokenGenerator = './src/server/middleware/auth/localtokengenerator.js'`
  - Replaceable module for generating tokens in case webgme should not generated new tokens by itself.

diff --git a/config/config.default.js b/config/config.default.js
@@ -43,6 +43,7 @@ var path = require('path'),
  publicKey: path.join(__dirname, '../src/server/middleware/auth/EXAMPLE_PUBLIC_KEY'),
  tokenGenerator: path.join(__dirname, '../src/server/middleware/auth/localtokengenerator.js'),
  algorithm: 'RS256',
+ allowInsecureKeySizes: true,
  // The private key is only needed if using the localtokengenerator
  privateKey: path.join(__dirname, '../src/server/middleware/auth/EXAMPLE_PRIVATE_KEY'),
  logOutUrlField: null,

diff --git a/config/validator.js b/config/validator.js
@@ -141,6 +141,12 @@ function validateConfig(configOrFileName) {
  assertNumber('config.authentication.jwt.expiresIn', config.authentication.jwt.expiresIn);
  assertString('config.authentication.jwt.privateKey', config.authentication.jwt.privateKey);
  assertString('config.authentication.jwt.publicKey', config.authentication.jwt.publicKey);
+ if (config.authentication.enable && config.authentication.jwt.allowInsecureKeySizes) {
+ console.warn('WARNING! config.authentication.jwt.allowInsecureKeySizes is true by default to avoid breaking ' +
+ 'changes due to: https://github.com/auth0/node-jsonwebtoken/wiki/Migration-Notes:-v8-to-v9.');
+ console.warn('If you know your RSA key size is 2048 bits or greater you can avoid this warning by setting ' + 
+ 'allowInsecureKeySizes to false.');
+ }
  assertString('config.authentication.jwt.logOutUrlField', config.authentication.jwt.logOutUrlField, true);
  assertArray('config.authentication.publicOrganizations', config.authentication.publicOrganizations);
  config.authentication.publicOrganizations.forEach(function (publicOrg, idx) {

diff --git a/jsdoc_conf.json b/jsdoc_conf.json
@@ -34,7 +34,6 @@
  },
  "opts": {
  "encoding": "utf8",
- "template": "./node_modules/ink-docstrap/template",
  "destination": "./docs/source",
  "recurse": true,
  "readme": "src/docs/main.md"