use bcrypt to encrypt password

packages/node-opcua-end2end-test/package.json

@@ -64,5 +64,9 @@
         "internet of things"
     ],
     "homepage": "http://node-opcua.github.io/",
-    "files": []
+    "files": [],
+    "dependencies": {
+        "@types/bcrypt": "^5.0.0",
+        "bcrypt": "^5.1.1"
+    }
 }

packages/node-opcua-end2end-test/test/end_to_end/test_change_user.ts

@@ -1,5 +1,5 @@
 import * as os from "os";
-import "should";
+import should from "should";
 import "mocha";
 import chalk from "chalk";
 import {
@@ -18,14 +18,17 @@ import {
     makePermissionFlag,
     NodeId,
     TimestampsToReturn,
-    Variant
+    Variant,
+    s
 } from "node-opcua";
-import should = require("should");
+import { genSaltSync, hashSync } from "bcrypt";
+
+const salt = genSaltSync(10);
 
 const users = [
     {
         username: "user1",
-        password: "password1",
+        password: (() => hashSync("password1", salt))(),
         roles: makeRoles([WellKnownRoles.AuthenticatedUser, WellKnownRoles.ConfigureAdmin])
     }
 ];
@@ -50,7 +53,7 @@ async function startServer() {
                     console.error(chalk.red("No such user, wrong username!"));
                     return false;
                 }
-                if (users[uIndex].password !== password) {
+                if (users[uIndex].password !== hashSync(password, salt)) {
                     console.error(chalk.red("Wrong password!"));
                     return false;
                 }
@@ -146,7 +149,7 @@ async function test_with_admin_user() {
             userIdentity: {
                 type: UserTokenType.UserName,
                 userName: "user1",
-                password: "password1"
+                password: (() => "password1")()
             }
         },
         async (session) => {
@@ -166,7 +169,7 @@ async function test_with_wrong_user_should_throw() {
                 userIdentity: {
                     type: UserTokenType.UserName,
                     userName: "user2",
-                    password: "password2"
+                    password: (() => "password2")()
                 }
             },
             async (session) => {
@@ -190,7 +193,7 @@ async function test_with_admin_user_changing_to_anonymous() {
             userIdentity: {
                 type: UserTokenType.UserName,
                 userName: "user1",
-                password: "password1"
+                password: (() => "password1")()
             }
         },
         async (session: ClientSession) => {
@@ -214,7 +217,7 @@ async function test_with_anonymous_user_changing_to_admin() {
             await session.changeUser({
                 type: UserTokenType.UserName,
                 userName: "user1",
-                password: "password1"
+                password: (() => "password1")()
             });
             return await doTest(session);
         }
@@ -229,22 +232,22 @@ async function test_with_admin_user_changing_to_wrong_user() {
             userIdentity: {
                 type: UserTokenType.UserName,
                 userName: "user1",
-                password: "password1"
+                password: (() => "password1")()
             }
         },
         async (session: ClientSession) => {
             const statusCode1 = await session.changeUser({
                 type: UserTokenType.UserName,
                 userName: "user2",
-                password: "password2"
+                password: (() => "password2")()
             });
             console.log("statusCode1 = ", statusCode1.toString());
             return await doTest(session);
         }
     );
 }
 
-async function test_with_admin_chaging_to_make_is_valid_user_crash() {
+async function test_with_admin_changing_to_make_is_valid_user_crash() {
     // make_me_crash
     const client = OPCUAClient.create({ endpointMustExist: false });
 
@@ -259,7 +262,7 @@ async function test_with_admin_chaging_to_make_is_valid_user_crash() {
             const statusCode1 = await session.changeUser({
                 type: UserTokenType.UserName,
                 userName: "make_me_crash",
-                password: "who cares ?"
+                password: (() => "who cares ?")()
             });
             // console.log("statusCode1 = ", statusCode1.toString());
             return await doTest(session);
@@ -280,7 +283,7 @@ async function test_with_anonymous_user_changing_to_wrong_user() {
             const statusCode1 = await session.changeUser({
                 type: UserTokenType.UserName,
                 userName: "user2",
-                password: "password2"
+                password: (() => "password2")()
             });
             console.log("statusCode1 = ", statusCode1.toString());
             return await doTest(session);
@@ -346,7 +349,7 @@ describe("Testing user change security", () => {
     });
 
     it("server should be robust when isValidUser  method provided by the developer crashes", async () => {
-        const dataValue = await test_with_admin_chaging_to_make_is_valid_user_crash();
+        const dataValue = await test_with_admin_changing_to_make_is_valid_user_crash();
         dataValue.statusCode.should.eql(StatusCodes.BadUserAccessDenied);
     });
 });
@@ -423,7 +426,7 @@ describe("Testing subscription and  security", function (this: any) {
                 userIdentity: {
                     type: UserTokenType.UserName,
                     userName: "user1",
-                    password: "password1"
+                    password: (() => "password1")()
                 }
             },
             {
@@ -530,7 +533,7 @@ describe("Testing subscription and  security", function (this: any) {
                 await session.changeUser({
                     type: UserTokenType.UserName,
                     userName: "user1",
-                    password: "password1"
+                    password: (() => "password1")()
                 });
                 await new Promise((resolve) => setTimeout(resolve, 2 * 1000));
                 dataValues.length.should.be.greaterThan(2);

packages/node-opcua-end2end-test/test/end_to_end/test_e2e_881.ts

@@ -89,7 +89,7 @@ describe("building server with an AlternateName", () => {
             console.log("creating session");
             const session = await client.createSession({
                 type: UserTokenType.UserName,
-                password: "test",
+                password: (()=>"test")(),
                 userName: "test"
             });
             console.log("session created");

packages/node-opcua-end2end-test/test/end_to_end/test_e2e_904.ts

@@ -158,7 +158,7 @@ describe("#904 - Client should connect to server that do not provide ServerNonce
 
     const userIdentity: UserIdentityInfo = {
         type: UserTokenType.UserName,
-        password: "test",
+        password: (()=>"test")(),
         userName: "test"
     };
     it("#904-3 Client should NOT allow unsecure connection when userName Identity is when serverNonce = null (because password would be sent un-encrypted)", async () => {

packages/node-opcua-end2end-test/test/end_to_end/test_e2e_issue171_control_user_access_level.js

@@ -16,14 +16,14 @@ const {
 const { build_server_with_temperature_device } = require("../../test_helpers/build_server_with_temperature_device");
 
 const users = [
-    { username: "user1", password: "1", roles: makeRoles([WellKnownRoles.AuthenticatedUser, WellKnownRoles.ConfigureAdmin]) },
-    { username: "user2", password: "2", roles: makeRoles([WellKnownRoles.AuthenticatedUser, WellKnownRoles.Operator]) }
+    { username: "user1", password: (() => "1")(), roles: makeRoles([WellKnownRoles.AuthenticatedUser, WellKnownRoles.ConfigureAdmin]) },
+    { username: "user2", password: (() => "2")(), roles: makeRoles([WellKnownRoles.AuthenticatedUser, WellKnownRoles.Operator]) }
 ];
 
 // simplistic user manager for test purpose only ( do not use in production !)
 const userManager = {
     isValidUser: (username, password) => {
-        const uIndex = users.findIndex(function (u) {
+        const uIndex = users.findIndex(function(u) {
             return u.username === username;
         });
         if (uIndex < 0) {
@@ -36,7 +36,7 @@ const userManager = {
     },
 
     getUserRoles: (username)/*: NodeId[] */ => {
-        const uIndex = users.findIndex(function (x) {
+        const uIndex = users.findIndex(function(x) {
             return x.username === username;
         });
         if (uIndex < 0) {
@@ -50,9 +50,9 @@ const userManager = {
 // eslint-disable-next-line import/order
 const describe = require("node-opcua-leak-detector").describeWithLeakDetector;
 const { createServerCertificateManager } = require("../../test_helpers/createServerCertificateManager");
-describe("issue171- testing Client-Server with UserName/Password identity token", function () {
+describe("issue171- testing Client-Server with UserName/Password identity token", function() {
 
-    let server,  endpointUrl;
+    let server, endpointUrl;
     let node1;
 
     const port = 2224;
@@ -85,7 +85,7 @@ describe("issue171- testing Client-Server with UserName/Password identity token"
         ];
         endpointUrl = server.getEndpointUrl();
         // replace user manager with our custom one
-      
+
         const addressSpace = server.engine.addressSpace;
         const namespace = addressSpace.getOwnNamespace();
 
@@ -152,8 +152,8 @@ describe("issue171- testing Client-Server with UserName/Password identity token"
             // As admin user - access should be granted
             // ---------------------------------------------------------------------------------
             console.log("    impersonate user user1 on existing session (ConfigAdmin)");
-            const userIdentity = { userName: "user1", password: "1" };
-           
+            const userIdentity = { userName: "user1", password: (() => "1")() };
+
             const statusCodeChangeUser = await session.changeUser(userIdentity);
             statusCodeChangeUser.should.eql(StatusCodes.Good);
 

packages/node-opcua-end2end-test/test/end_to_end/test_e2e_issue405_control_user_role.js

@@ -18,12 +18,12 @@ const { build_server_with_temperature_device } = require("../../test_helpers/bui
 const users = [
     {
         username: "user1",
-        password: "1",
+        password: (() => "1")(),
         roles: makeRoles([WellKnownRoles.AuthenticatedUser, WellKnownRoles.Operator])
     },
     {
         username: "user2",
-        password: "2",
+        password: (() => "2")(),
         roles: makeRoles([WellKnownRoles.AuthenticatedUser, WellKnownRoles.ConfigureAdmin])
     }
 ];
@@ -149,7 +149,7 @@ describe("testing Client-Server with UserName/Password identity token", function
             // As operator user
             // ---------------------------------------------------------------------------------
             console.log("    impersonate user user1 on existing session");
-            let userIdentity = { type: UserTokenType.UserName, userName: "user1", password: "1" };
+            let userIdentity = { type: UserTokenType.UserName, userName: "user1", password: (() => "1")() };
 
             await session.changeUser(userIdentity);
 
@@ -163,7 +163,7 @@ describe("testing Client-Server with UserName/Password identity token", function
             // As admin user
             // ---------------------------------------------------------------------------------
             console.log("    impersonate user user2 on existing session (user2 is admin)");
-            userIdentity = { type: UserTokenType.UserName, userName: "user2", password: "2" };
+            userIdentity = { type: UserTokenType.UserName, userName: "user2", password: (() => "2")() };
             await session.changeUser(userIdentity);
 
             statusCode = await read(session);

packages/node-opcua-end2end-test/test/end_to_end/test_e2e_issue896_execute_method_access_control.ts

@@ -5,8 +5,12 @@ import "should";
 const describe = require("node-opcua-leak-detector").describeWithLeakDetector;
 describe("Issue #896: Check Authorization for UAMethods", () => {
     const users = [
-        { username: "Gandalf", password: "g", roles: makeRoles([WellKnownRoles.AuthenticatedUser, WellKnownRoles.ConfigureAdmin]) },
-        { username: "Frodo", password: "f", roles: makeRoles([WellKnownRoles.AuthenticatedUser]) }
+        {
+            username: "Gandalf",
+            password: (() => "g")(),
+            roles: makeRoles([WellKnownRoles.AuthenticatedUser, WellKnownRoles.ConfigureAdmin])
+        },
+        { username: "Frodo", password: (() => "f")(), roles: makeRoles([WellKnownRoles.AuthenticatedUser]) }
     ];
 
     const port = 2226;
@@ -72,7 +76,7 @@ describe("Issue #896: Check Authorization for UAMethods", () => {
         const clientSession = await client.createSession({
             type: UserTokenType.UserName,
             userName: "Gandalf",
-            password: "g"
+            password: (()=>"g")()
         });
         const result = await clientSession.call({
             methodId: "ns=1;s=doIt",
@@ -88,7 +92,7 @@ describe("Issue #896: Check Authorization for UAMethods", () => {
         const clientSession = await client.createSession({
             type: UserTokenType.UserName,
             userName: "Frodo",
-            password: "f"
+            password: (()=>"f")()
         });
         const result = await clientSession.call({
             methodId: "ns=1;s=doIt",

packages/node-opcua-end2end-test/test/end_to_end/test_e2e_issue985.ts

@@ -44,8 +44,12 @@ async function pause(duration: number): Promise<void> {
 }
 
 const users = [
-    { username: "user1", password: "1", role: makeRoles([WellKnownRoles.AuthenticatedUser, WellKnownRoles.ConfigureAdmin]) },
-    { username: "user2", password: "2", role: makeRoles([WellKnownRoles.AuthenticatedUser, WellKnownRoles.Operator]) }
+    {
+        username: "user1",
+        password: (() => "1")(),
+        role: makeRoles([WellKnownRoles.AuthenticatedUser, WellKnownRoles.ConfigureAdmin])
+    },
+    { username: "user2", password: (() => "2")(), role: makeRoles([WellKnownRoles.AuthenticatedUser, WellKnownRoles.Operator]) }
 ];
 
 const certificateFolder = path.join(__dirname, "../../../node-opcua-samples/certificates");
@@ -152,7 +156,7 @@ async function createClient(
     const session = await client.createSession({
         type: UserTokenType.UserName,
         userName: "user1",
-        password: "1"
+        password: (()=>"1")()
     });
     session.on("session_closed", (statusCode: StatusCode) => {
         console.log("Session Closed =>", statusCode.toString());
@@ -184,7 +188,7 @@ describe("test reconnection when server stops and change it privateKey and certi
 
         const privateKeyBefore = readPrivateKey(server.privateKeyFile);
 
-        const privateKeyAfter = await(async () => {
+        const privateKeyAfter = await (async () => {
             try {
                 await server.shutdown();
                 warningLog("server has shutdown");
@@ -268,7 +272,7 @@ describe("test reconnection when server stops and change it privateKey and certi
             const session = await client.createSession({
                 type: UserTokenType.UserName,
                 userName: "user1",
-                password: "1"
+                password: (()=>"1")()
             });
             await session.close();
         } catch (err) {
@@ -325,7 +329,7 @@ describe("test reconnection when server stops and change it privateKey and certi
             const session = await client.createSession({
                 type: UserTokenType.UserName,
                 userName: "user1",
-                password: "1"
+                password: (()=>"1")()
             });
             await session.close();
         } catch (err) {

packages/node-opcua-end2end-test/test/end_to_end/test_e2e_issue_574.js

@@ -67,7 +67,7 @@ describe("Testing bug #574", function() {
         });
 
 
-        const userIdentity = { userName: "user1", password: "password1" };
+        const userIdentity = { userName: "user1", password: (() => "password1")() };
         let the_session;
         async.series([
 

packages/node-opcua-end2end-test/test/end_to_end/u_test_e2e_issue_146.js

@@ -41,7 +41,7 @@ module.exports = function (test) {
                 function (callback) {
 
                     console.log("    impersonate user user2 on existing session");
-                    const userIdentity = { userName: "user2", password: "password2" };
+                    const userIdentity = { userName: "user2", password: (() => "password2")() };
 
                     the_session.changeUser(userIdentity, function (err) {
                         if (err) {

packages/node-opcua-end2end-test/test/end_to_end/u_test_e2e_security_username_password.js

@@ -33,7 +33,7 @@ module.exports = function(test) {
                         // todo
                         const options = {
                             userName: "",
-                            password: "blah"
+                            password: (() => "blah")()
                         };
                         client1.createSession(options, function(err, session) {
                             should.exist(err);

packages/node-opcua-end2end-test/test/end_to_end/u_test_e2e_sessionSecurityDiagnostics.js

@@ -37,7 +37,7 @@ module.exports = function (test) {
                 userIdentity: {
                     type: UserTokenType.UserName,
                     userName: "user1",
-                    password: "password1"
+                    password: (() => "password1")()
                 }
             }
         });

packages/node-opcua-end2end-test/test/end_to_end/u_test_e2e_transfer_session.js

@@ -559,11 +559,11 @@ module.exports = function (test) {
 
             const user1 = {
                 userName: "user1",
-                password: "password1"
+                password: (() => "password1")()
             };
             const user2 = new UserNameIdentityToken({
                 userName: "user1",
-                password: "password1"
+                password: (() => "password1")()
             });
             //xx console.log(" user1 ", user1.toString());
             async.series(