Update dependency @tryghost/security to v0.3.0 (#14718)

- Swapped instances of createSecret for security.secret.create

Co-authored-by: Renovate Bot <bot@renovateapp.com>
Co-authored-by: Hannah Wolfe <github.erisds@gmail.com>

core/server/data/migrations/versions/4.0/22-solve-orphaned-webhooks.js

@@ -1,13 +1,7 @@
 const {createIrreversibleMigration} = require('../../utils');
 const logging = require('@tryghost/logging');
 const ObjectID = require('bson-objectid');
-const crypto = require('crypto');
-
-// createSecret is copied from core/server/models/api-key.js
-const createSecret = (type) => {
-    const bytes = type === 'content' ? 13 : 32;
-    return crypto.randomBytes(bytes).toString('hex');
-};
+const security = require('@tryghost/security');
 
 module.exports = createIrreversibleMigration(
     async function up(knex) {
@@ -54,7 +48,7 @@ module.exports = createIrreversibleMigration(
         const contentKey = {
             id: ObjectID().toHexString(),
             type: 'content',
-            secret: createSecret('content'),
+            secret: security.secret.create('content'),
             role_id: null,
             integration_id: integration.id,
             created_at: now,
@@ -67,7 +61,7 @@ module.exports = createIrreversibleMigration(
         const adminKey = {
             id: ObjectID().toHexString(),
             type: 'admin',
-            secret: createSecret('admin'),
+            secret: security.secret.create('admin'),
             role_id: role.id,
             integration_id: integration.id,
             created_at: now,

core/server/models/api-key.js

@@ -1,36 +1,13 @@
 const omit = require('lodash/omit');
-const crypto = require('crypto');
+const security = require('@tryghost/security');
 const ghostBookshelf = require('./base');
 const {Role} = require('./role');
 
-/*
- * Uses birthday problem estimation to calculate chance of collision
- * d = 16^26        // 26 char hex string
- * n = 10,000,000   // 10 million
- *
- *       (-n x (n-1)) / 2d
- * 1 - e^
- *
- *
- *           17
- * ~= 4 x 10^
- *
- * ref: https://medium.freecodecamp.org/how-long-should-i-make-my-api-key-833ebf2dc26f
- * ref: https://en.wikipedia.org/wiki/Birthday_problem#Approximations
- *
- * 26 char hex string = 13 bytes
- * 64 char hex string JWT secret = 32 bytes
- */
-const createSecret = (type) => {
-    const bytes = type === 'content' ? 13 : 32;
-    return crypto.randomBytes(bytes).toString('hex');
-};
-
 const ApiKey = ghostBookshelf.Model.extend({
     tableName: 'api_keys',
 
     defaults() {
-        const secret = createSecret(this.get('type'));
+        const secret = security.secret.create(this.get('type'));
 
         return {
             secret
@@ -97,7 +74,7 @@ const ApiKey = ghostBookshelf.Model.extend({
     }
 }, {
     refreshSecret(data, options) {
-        const secret = createSecret(data.type);
+        const secret = security.secret.create(data.type);
         return this.edit(Object.assign({}, data, {secret}), options);
     }
 });

package.json

@@ -102,7 +102,7 @@
     "@tryghost/promise": "0.1.17",
     "@tryghost/request": "0.1.26",
     "@tryghost/root-utils": "0.3.14",
-    "@tryghost/security": "0.2.17",
+    "@tryghost/security": "0.3.0",
     "@tryghost/session-service": "0.1.41",
     "@tryghost/settings-path-manager": "0.1.6",
     "@tryghost/social-urls": "0.1.30",

yarn.lock

@@ -2414,10 +2414,10 @@
     caller "^1.0.1"
     find-root "^1.1.0"
 
-"@tryghost/security@0.2.17":
-  version "0.2.17"
-  resolved "https://registry.yarnpkg.com/@tryghost/security/-/security-0.2.17.tgz#6370b5937b7953c8801227d837d0061f2ece3f0e"
-  integrity sha512-3ZJ6aqnvWnkwgieDKTy7MnUnUwCQTJ7itBl2Z9FNObDN+1YwVwZPk50ovlI+OmhXpTmTnZsP1KSDOPQCGMzBOA==
+"@tryghost/security@0.3.0":
+  version "0.3.0"
+  resolved "https://registry.yarnpkg.com/@tryghost/security/-/security-0.3.0.tgz#cb561f6b5167eb4d9c7dc86f03b62cba4688f9ce"
+  integrity sha512-jx/glZSw+Ch3b3q7omhEjqxpfaUOxiM/zOqV/CB/AzKZdSFd8X8l2EYlsAXbGsyZVn9ecXjrPFBO4H3lWzpZFw==
   dependencies:
     "@tryghost/string" "^0.1.17"
     bcryptjs "^2.4.3"