Minor tweaks. Updated dependencies. Fixed 'cookie' version in lock file.

Author: neonexus

.ncurc

@@ -1,5 +1,5 @@
-// This allows us to "lock" Chai into v4.
+// This allows us to "lock" packages into specific versions (mostly because of ES updates).
 
 {
-    "reject": ["chai", "eslint"]
+    "reject": ["chai", "eslint", "scrypt-kdf"]
 }

README.md

@@ -6,6 +6,10 @@
 [![Bootstrap version](https://img.shields.io/badge/dynamic/json?url=https%3A%2F%2Fraw.githubusercontent.com%2Fneonexus%2Fsails-react-bootstrap-webpack%2Fv6.0.0%2Fpackage.json&query=%24.devDependencies.bootstrap&label=Bootstrap&logo=bootstrap&logoColor=white)](https://getbootstrap.com)
 [![Webpack version](https://img.shields.io/badge/dynamic/json?url=https%3A%2F%2Fraw.githubusercontent.com%2Fneonexus%2Fsails-react-bootstrap-webpack%2Fv6.0.0%2Fpackage.json&query=%24.devDependencies.webpack&label=Webpack&logo=webpack)](https://webpack.js.org)
 
+Latest version only:
+[![FOSSA License Status](https://app.fossa.com/api/projects/git%2Bgithub.com%2Fneonexus%2Fsails-react-bootstrap-webpack.svg?type=shield)](https://app.fossa.com/projects/git%2Bgithub.com%2Fneonexus%2Fsails-react-bootstrap-webpack?ref=badge_shield)
+[![FOSSA Security Status](https://app.fossa.com/api/projects/git%2Bgithub.com%2Fneonexus%2Fsails-react-bootstrap-webpack.svg?type=shield&issueType=security)](https://app.fossa.com/projects/git%2Bgithub.com%2Fneonexus%2Fsails-react-bootstrap-webpack?ref=badge_shield&issueType=security)
+
 [//]: # ([![Codecov](https://img.shields.io/codecov/c/github/neonexus/sails-react-bootstrap-webpack?logo=codecov)](https://codecov.io/gh/neonexus/sails-react-bootstrap-webpack))
 
 [//]: # ([![Discord Server](https://img.shields.io/badge/Discord_server-silver?logo=discord)](http://discord.gg/Y5K73E84Tc))

api/helpers/is-password-valid.js

@@ -51,15 +51,15 @@ module.exports = {
         }
 
         if (inputs.user) {
-            if (inputs.user.email && inputs.password.indexOf(inputs.user.email) >= 0) {
+            if (inputs.user.email && inputs.password.toLowerCase().indexOf(inputs.user.email.toLowerCase()) >= 0) {
                 errors.push('Password can not contain your email address.');
             }
 
-            if (inputs.user.firstName && inputs.password.indexOf(inputs.user.firstName) >= 0) {
+            if (inputs.user.firstName && inputs.password.toLowerCase().indexOf(inputs.user.firstName.toLowerCase()) >= 0) {
                 errors.push('Password can not contain your first name.');
             }
 
-            if (inputs.user.lastName && inputs.password.indexOf(inputs.user.lastName) >= 0) {
+            if (inputs.user.lastName && inputs.password.toLowerCase().indexOf(inputs.user.lastName.toLowerCase()) >= 0) {
                 errors.push('Password can not contain your last name.');
             }
         }

api/models/README.md

@@ -1,3 +1,5 @@
 # Models
 
+Models describe / control the structure of data required for the project.
+
 See: https://sailsjs.com/documentation/concepts/models-and-orm/models

api/policies/isLoggedIn.js

@@ -1,5 +1,9 @@
 const moment = require('moment-timezone');
 
+// Standardize messages; not just for ease of change...
+const invalid = 'Invalid credentials.';
+const notLoggedIn = 'You are not logged in';
+
 module.exports = async function(req, res, next) {
     const sessionId = req.signedCookies[sails.config.session.name] || null; // signed cookies: https://sailsjs.com/documentation/reference/request-req/req-signed-cookies
 
@@ -13,7 +17,7 @@ module.exports = async function(req, res, next) {
 
             await sails.models.session.destroy({id: sessionId});
 
-            return res.forbidden('You are not logged in');
+            return res.forbidden(notLoggedIn);
         }
 
         // If the session was found...
@@ -45,15 +49,15 @@ module.exports = async function(req, res, next) {
             }
 
             if (!token.includes(':')) {
-                return res.forbidden('Invalid credentials.');
+                return res.forbidden(invalid);
             }
 
             token = token.split(':');
 
             const foundToken = await sails.models.apitoken.findOne({id: token[0]}).decrypt().populate('user');
 
             if (!foundToken || token[1] !== foundToken.token) {
-                return res.forbidden('Invalid credentials.');
+                return res.forbidden(invalid);
             }
 
             if (foundToken) {
@@ -66,5 +70,5 @@ module.exports = async function(req, res, next) {
         }
     }
 
-    return res.forbidden('You are not logged in');
+    return res.forbidden(notLoggedIn);
 };

package-lock.json

@@ -1,6 +1,6 @@
 {
     "name": "sails-react-bootstrap-webpack",
-    "version": "6.0.0-rc2",
+    "version": "6.0.0",
     "description": "A glass-box starter framework that grows with you. Built on proven and reliable tech like Sails, React, Bootstrap & Webpack.",
     "keywords": [
         "sails",
@@ -18,22 +18,21 @@
         "csrf": "3.1.0",
         "json-stringify-safe": "5.0.1",
         "lodash": "4.17.21",
-        "moment-timezone": "0.5.45",
+        "moment-timezone": "0.5.46",
         "otplib": "12.0.1",
         "qrcode": "1.5.4",
         "sails": "1.5.12",
         "sails-hook-orm": "4.0.3",
         "sails-hook-sockets": "3.0.1",
         "sails-mysql": "3.0.1",
         "scrypt-kdf": "2.0.1",
-        "superagent": "10.1.0"
+        "superagent": "10.1.1"
     },
     "devDependencies": {
-        "@babel/core": "7.25.7",
-        "@babel/eslint-parser": "7.25.7",
-        "@babel/preset-env": "7.25.7",
-        "@babel/preset-react": "7.25.7",
-        "@ngrok/ngrok": "^1.4.1",
+        "@babel/core": "7.26.0",
+        "@babel/eslint-parser": "7.25.9",
+        "@babel/preset-env": "7.26.0",
+        "@babel/preset-react": "7.25.9",
         "@popperjs/core": "2.11.8",
         "babel-loader": "9.2.1",
         "bootstrap": "5.3.3",
@@ -43,31 +42,31 @@
         "chai-uuid": "1.0.6",
         "codecov": "3.8.3",
         "copy-webpack-plugin": "12.0.2",
-        "core-js": "3.38.1",
+        "core-js": "3.39.0",
         "css-loader": "7.1.2",
         "eslint": "8.56.0",
-        "eslint-plugin-react": "7.37.1",
+        "eslint-plugin-react": "7.37.2",
         "favicons": "7.2.0",
         "favicons-webpack-plugin": "6.0.1",
         "file-loader": "6.2.0",
         "fixted": "4.2.6",
-        "html-webpack-plugin": "5.6.0",
-        "mini-css-extract-plugin": "2.9.1",
-        "mocha": "10.7.3",
+        "html-webpack-plugin": "5.6.3",
+        "mini-css-extract-plugin": "2.9.2",
+        "mocha": "10.8.2",
         "npm-run-all": "4.1.5",
         "nyc": "17.1.0",
         "prompts": "2.4.2",
         "prop-types": "15.8.1",
         "react": "18.3.1",
         "react-bootstrap": "2.10.5",
         "react-dom": "18.3.1",
-        "react-router-dom": "6.26.2",
+        "react-router-dom": "6.27.0",
         "readline-sync": "1.4.10",
-        "sass": "1.79.4",
-        "sass-loader": "16.0.2",
+        "sass": "1.80.6",
+        "sass-loader": "16.0.3",
         "style-loader": "4.0.0",
         "supertest": "7.0.0",
-        "webpack": "5.95.0",
+        "webpack": "5.96.1",
         "webpack-cli": "5.1.4",
         "webpack-dev-server": "5.1.0",
         "webpack-merge": "6.0.1"

package.json

@@ -40,7 +40,7 @@ if (fs.existsSync(configPath)) {
         const answer = await prompts({
             type: 'confirm',
             name: 'moveOn',
-            message: 'A `local.js` config file already exists. Continuing will completely rewrite this file. Are you sure you want to continue?',
+            message: 'A `local.js` config file already exists. Continuing will completely rewrite this file (using the values from this config file as defaults). Are you sure you want to continue?',
             initial: false
         });
 
@@ -416,7 +416,7 @@ function generateDEK(){
 
 function installNgrok() {
     return new Promise((resolve, reject) => {
-        const ngrokInstall = spawn('npm', ['install', '@ngrok/ngrok@v0.9.1', '--save-dev', '--save-exact'], {cwd: __dirname, stdio: 'inherit'});
+        const ngrokInstall = spawn('npm', ['install', '@ngrok/ngrok@v1.4.1', '--save-dev', '--save-exact'], {cwd: __dirname, stdio: 'inherit'});
 
         ngrokInstall.on('error', (err) => {
             return reject(err);

setup.js

@@ -81,40 +81,76 @@ describe('isPasswordValid Helper', function() {
             lastName: 'McUser'
         };
 
-        it('should not allow email in password', async function() {
-            const isValid = await sails.helpers.isPasswordValid.with({
-                password: '0987' + user.email + '1234A',
+        it('should not allow email in different cases in password', async function() {
+            const tests = [];
+
+            tests[0] = await sails.helpers.isPasswordValid.with({
+                password: '0987' + user.email.toUpperCase() + '1234a',
                 user,
                 skipPwned: true
             });
 
-            isValid.should.be.an('array');
-            isValid.length.should.equal(1);
-            isValid[0].should.equal('Password can not contain your email address.');
+            tests[0].should.be.an('array');
+            tests[0].length.should.equal(1);
+            tests[0][0].should.equal('Password can not contain your email address.');
+
+            tests[1] = await sails.helpers.isPasswordValid.with({
+                password: '0987' + user.email.toLowerCase() + '1234A',
+                user,
+                skipPwned: true
+            });
+
+            tests[1].should.be.an('array');
+            tests[1].length.should.equal(1);
+            tests[1][0].should.equal('Password can not contain your email address.');
         });
 
-        it('should not allow first name in password', async function() {
-            const isValid = await sails.helpers.isPasswordValid.with({
-                password: 'I am the best Tester ever!',
+        it('should not allow first name in different cases in password', async function() {
+            const tests = [];
+
+            tests[0] = await sails.helpers.isPasswordValid.with({
+                password: 'I am the best TESTER ever!', // Tester is the first name
+                user,
+                skipPwned: true
+            });
+
+            tests[0].should.be.an('array');
+            tests[0].length.should.equal(1);
+            tests[0][0].should.equal('Password can not contain your first name.');
+
+            tests[1] = await sails.helpers.isPasswordValid.with({
+                password: 'I am the best tester ever!', // Tester is the first name
                 user,
                 skipPwned: true
             });
 
-            isValid.should.be.an('array');
-            isValid.length.should.equal(1);
-            isValid[0].should.equal('Password can not contain your first name.');
+            tests[1].should.be.an('array');
+            tests[1].length.should.equal(1);
+            tests[1][0].should.equal('Password can not contain your first name.');
         });
 
-        it('should not allow last name in password', async function() {
-            const isValid = await sails.helpers.isPasswordValid.with({
-                password: 'Hurray for the great, McUser!',
+        it('should not allow last name in different cases in password', async function() {
+            const tests = [];
+
+            tests[0] = await sails.helpers.isPasswordValid.with({
+                password: 'Hurray for the great, mcuser!', // McUser is last name
+                user,
+                skipPwned: true
+            });
+
+            tests[0].should.be.an('array');
+            tests[0].length.should.equal(1);
+            tests[0][0].should.equal('Password can not contain your last name.');
+
+            tests[1] = await sails.helpers.isPasswordValid.with({
+                password: 'Hurray for the great, MCUSER!', // McUser is last name
                 user,
                 skipPwned: true
             });
 
-            isValid.should.be.an('array');
-            isValid.length.should.equal(1);
-            isValid[0].should.equal('Password can not contain your last name.');
+            tests[1].should.be.an('array');
+            tests[1].length.should.equal(1);
+            tests[1][0].should.equal('Password can not contain your last name.');
         });
     });