Merge branch 'development'

Author: lmajano

.vscode/settings.json

@@ -1,3 +1,19 @@
 {
-    "cflint.enabled": false
-}
+    "cflint.enabled": false,
+    "sqltools.connections": [
+        {
+            "mysqlOptions": {
+                "authProtocol": "xprotocol"
+            },
+            "previewLimit": 50,
+            "server": "localhost",
+            "port": 33060,
+            "driver": "MySQL",
+            "name": "local-mysql8",
+            "group": "local",
+            "database": "cbsecurity",
+            "username": "root",
+            "connectionTimeout": 1000
+        }
+    ]
+}

box.json

@@ -1,6 +1,6 @@
 {
     "name":"ColdBox Security",
-    "version":"3.0.0",
+    "version":"3.1.0",
     "location":"https://downloads.ortussolutions.com/ortussolutions/coldbox-modules/cbsecurity/@build.version@/[email protected]@.zip",
     "author":"Ortus Solutions.com <[email protected]>",
     "slug":"cbsecurity",
@@ -25,7 +25,7 @@
     "dependencies":{
         "jwt-cfml":"^1.0.0",
         "cbauth":"^6.0.0",
-        "cbcsrf":"^2.0.0"
+        "cbcsrf":"^3.0.0"
     },
     "devDependencies":{
         "commandbox-cfformat":"*",

changelog.md

@@ -7,6 +7,15 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ----
 
+## [3.1.0] => 2023-FEB-17
+
+### Added
+
+* Added a new helper: `createPassword()` on the `CBSecurity` model to generate secure, random passwords with letters, symbols and numbers.
+* `cbcsrf` upgraded to version 3, we missed in the previous release.
+
+----
+
 ## [3.0.0] => 2023-JAN-17
 
 ### Changed / COMPATIBILITY

models/CBSecurity.cfc

@@ -25,6 +25,7 @@ component threadsafe singleton accessors="true" {
 	property name="settings"       inject="coldbox:moduleSettings:cbsecurity";
 	property name="log"            inject="logbox:logger:{this}";
 	property name="wirebox"        inject="wirebox";
+	property name="async"          inject="coldbox:asyncManager";
 	property name="moduleSettings" inject="coldbox:setting:modules";
 	property name="DBLogger"       inject="DBLogger@cbsecurity";
 
@@ -435,7 +436,7 @@ component threadsafe singleton accessors="true" {
 	 * @message The error message to throw in the exception
 	 *
 	 * @throws NoUserLoggedIn
-	 * @throws NotAuthorized 
+	 * @throws NotAuthorized
 	 */
 	CBSecurity function secureSameUser( required user, message = variables.DEFAULT_ERROR_MESSAGE ){
 		if ( !sameUser( arguments.user ) ) {
@@ -470,7 +471,7 @@ component threadsafe singleton accessors="true" {
 	 *
 	 * They receive the currently logged in user and the permissions that where evaluated
 	 *
-	 * @permissions One, a list or an array of permissions
+	 * @permissions One, a list, an array of permissions or boolean evaluation
 	 * @success     The closure/lambda/udf that executes if the context passes
 	 * @fail        The closure/lambda/udf that executes if the context fails
 	 */
@@ -622,6 +623,50 @@ component threadsafe singleton accessors="true" {
 		return headers.keyExists( "host" ) ? headers[ "host" ] : "none";
 	}
 
+
+	/**
+	 * Generate a random, secure password using several options
+	 *
+	 * @length  The length of the password. Defaults to 32 characters
+	 * @letters Use letters
+	 * @numbers Use numbers
+	 * @symbols Use symbols
+	 *
+	 * @return A secure random password
+	 */
+	function createPassword(
+		numeric length  = 32,
+		boolean letters = true,
+		boolean numbers = true,
+		boolean symbols = true
+	){
+		var characters = [];
+
+		// cfformat-ignore-start
+		_when( arguments.letters, () => characters.append( [
+            'a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'i', 'j', 'k',
+            'l', 'm', 'n', 'o', 'p', 'q', 'r', 's', 't', 'u', 'v',
+            'w', 'x', 'y', 'z', 'A', 'B', 'C', 'D', 'E', 'F', 'G',
+            'H', 'I', 'J', 'K', 'L', 'M', 'N', 'O', 'P', 'Q', 'R',
+            'S', 'T', 'U', 'V', 'W', 'X', 'Y', 'Z'
+        ], true ) )
+		._when( arguments.numbers, () => characters.append( [
+            '0', '1', '2', '3', '4', '5', '6', '7', '8', '9'
+        ], true ) )
+		._when( arguments.symbols, () => characters.append( [
+            '~', '!', '##', '$', '%', '^', '&', '*', '(', ')', '-',
+            '_', '.', ',', '<', '>', '?', '/', '\', '{', '}', '[',
+            ']', '|', ':', ';'
+        ], true ) );
+		// cfformat-ignore-end
+
+		return repeatString( "1", arguments.length )
+			.listToArray( "" )
+			.map( () => characters[ randRange( 1, characters.len() ) ] )
+			.toList( "" );
+	}
+
+
 	/***************************************************************/
 	/* Private Methods
 	/***************************************************************/
@@ -635,4 +680,28 @@ component threadsafe singleton accessors="true" {
 		return isArray( arguments.items ) ? items : listToArray( items );
 	}
 
+	/**
+	 * TODO: Migrate from FlowHelpers once ColdBox 7 goes gold.
+	 * This function evaluates the target boolean expression and if `true` it will execute the `success` closure
+	 * else, if the `failure` closure is passed, it will execute it.
+	 *
+	 * @target  The boolean evaluator, this can be a boolean value
+	 * @success The closure/lambda to execute if the boolean value is true
+	 * @failure The closure/lambda to execute if the boolean value is false
+	 *
+	 * @return Returns itself
+	 */
+	private function _when(
+		required boolean target,
+		required success,
+		failure
+	){
+		if ( arguments.target ) {
+			arguments.success();
+		} else if ( !isNull( arguments.failure ) ) {
+			arguments.failure();
+		}
+		return variables;
+	}
+
 }

test-harness/box.json

@@ -6,13 +6,13 @@
     "description":"",
     "dependencies":{
         "coldbox":"^6.0.0",
-        "cbauth":"^5.0.0",
+        "cbauth":"^6.0.0",
         "BCrypt":"^2.0.0",
         "jwt-cfml":"^1.0.0",
-        "cbcsrf":"^2.0.0+21",
-        "cbdebugger":"^3.5.0+64"
+        "cbcsrf":"^3.0.0"
     },
     "devDependencies":{
+		"cbdebugger":"^3.5.0+64",
         "testbox":"*",
         "route-visualizer":"*"
     },

test-harness/tests/specs/unit/CBSecurityTest.cfc

@@ -18,6 +18,7 @@ component extends="coldbox.system.testing.BaseModelTest" model="cbsecurity.model
 		describe( "CBSecurity Model", function(){
 			beforeEach( function( currentSpec ){
 				cbsecurity = model.init();
+				model.setAsync( new coldbox.system.async.AsyncManager() );
 
 				mockAuthService = createStub();
 				mockUser        = createMock( "root.models.User" ).init();
@@ -31,6 +32,14 @@ component extends="coldbox.system.testing.BaseModelTest" model="cbsecurity.model
 				expect( cbsecurity ).toBeComponent();
 			} );
 
+			it( "can create random passwords", function(){
+				expect( cbsecurity.createPassword() ).toHaveLength( 32 );
+				expect( cbsecurity.createPassword( 2 ) ).toHaveLength( 2 );
+				expect( cbsecurity.createPassword( numbers: false ) ).notToMatch( "([0-9])+" );
+				expect( cbsecurity.createPassword( letters: false ) ).notToMatch( "([a-zA-Z])+" );
+				expect( cbsecurity.createPassword( symbols: false, numbers: false ) ).toMatch( "([a-zA-Z])+" );
+			} );
+
 			describe( "verification via has()", function(){
 				it( "can verify true if the user has one permission", function(){
 					mockUser.$( "hasPermission", true );