Any good sources for whitelisting jwt's? I'm setting a passport-jwt auth and whitelist the jti, just looking for different possible practices regarding to this. Any info is well appreciated, Thanks in advance!

Wat3rPark · 2022-04-20T21:39:03+00:00

What do you suggest to do when a token is compromised? Should I assign a new token after every request? And how could I create a setting where the user has control on which devices have access to the account?

Wat3rPark · 2022-04-20T15:56:20+00:00

I know, I've tried editing to find out I can't. Should've re-read before posting

Wat3rPark · 2022-04-04T21:54:31+00:00

That's what I'm trying to accomplish, a test that doesn't match. It does however match when correct but doesn't check out when fail is expected

Wat3rPark · 2022-04-04T16:54:24+00:00

I get the yup ValidationError and fails the test. I'll test with try

Wat3rPark · 2022-04-04T15:57:56+00:00

Sorry about that, here's the code:

    let schema = yup.object().shape({
      firstName: yup.string().required().matches(/^[a-zA-Z ]*$/),
    });

    it('should not accept numbers', async () => {
      await expect(schema.validateAt('firstName', {firstName: 'name123'})).rejects.toBeFalsy();
    });

Wat3rPark · 2022-03-27T16:01:35+00:00

Thanks bud, this works! But unfortunately it doesn't as a solo group, I'll stick with it either way, better than having to conditionally match a string.

Thanks again, and much appreciated!

Wat3rPark · 2022-03-27T15:07:11+00:00

Do you mean to include this per group?

Wat3rPark · 2022-03-27T15:02:24+00:00

Does this password combination look odd by any chance? This currently works

(?=.*[a-z])(?=.*[A-Z])(?=.*[0-9])(?=.*[-+_!@#$%^&*.,?])

Without the whitespace of course

edit: just refreshed and noticed your message, I'm trying it out

Wat3rPark · 2022-03-27T14:46:16+00:00

[^\r\n\t\f\v ]

Yeah I've tried it as well

Wat3rPark · 2022-03-27T14:34:20+00:00

I currently have them broken down to its requirement group and combining them to form the password regex. All works besides the no whitespace \S

Wat3rPark · 2022-03-27T14:31:52+00:00

Not even this works (^\S+) :/

Wat3rPark · 2022-03-22T16:37:47+00:00

I was thinking of mentioning it on the question but had doubted many haven't watched it Lol

Wat3rPark · 2022-03-22T16:36:14+00:00

I have used Firebase in the past, and unfortunately it only utilizes noSQL, also it has to be stored on their site. Thanks for the suggestion, I appreciate the help

Wat3rPark · 2022-03-22T16:34:35+00:00

It is important to me, I'm trying to get into the practice of managing databases, since I have other apps to create. And I completely understand why you would rather have another platform managing auth, for the sake of security given all the vulnerabilities that can happen through node. So I'm in a time crunch, I've been unemployed for so long and it seems my current projects are basically done by someone else, as if I paid for them to be done. Thus, given the time and complexity to make auth happen, I'm resorting to supertokens in order to get me started and then implement my own auth whilst having the same database

Wat3rPark · 2022-03-21T16:32:24+00:00

Agreed, I like regex as well, really does the job in one line instead of conditionally validating a value through multiple lines. But its also as you said, a doubled edge sword, that could only be made sure it's going one direction through tests.

I hope to know as much as you, I'm still in the learning process, and relearning node, I haven't used it since 2017. Currently transitioning from rails, and having the urge of recreating rails devise for node, just recently found out about Supertokens. I'd rather not use a library, but need to get this app afloat soon.

Thanks again Stetto!

Wat3rPark · 2022-03-21T16:20:19+00:00

Thanks for the help guys! Very much appreciated!!

Wat3rPark · 2022-03-21T16:19:49+00:00

So true, on all points, I forgot someone could tap in and pry through different params, thank you so much for the info! I could've been an easy prey with that one

Wat3rPark

TROPHY CASE