When a user has a valid token and tries to login with other credentials the endpoint returns 201.
The reason was if another user logged previously and had a valid token stored in the terminal. We must authenticate any user that tries to log in even if the token stored is valid.
We must check credentials again and return a new token, if the credentials are wrong we reject the login. Furthermore, the new token will update the list of groups.
* feat: add support for profile cli command #392
- it allows to update password npm profile set password
- display current profile npm profile get
https://docs.npmjs.com/cli/profile
* chore: update @verdaccio/types@4.0.0
* feat: add min password length
on npm by defaul is min 7 characters, this might be configurable in the future.
* chore: update verdaccio-htpasswd@1.0.1
* refactor: update unit test
* refactor: provide friendly error for tfa request
* test: api profile unit test
* chore: fix eslint comment
* test: update profile test
* chore: set mim as 3 characters
* feat: add support for jwt on api
* test: add unit test for sign token with jwt
add multiple scenarios with configuration file
* chore: add JWT verification on middleware
* chore: restore headless
* chore: restore middleware header validation
* refactor: fix login whether user exists
* refactor: JWT is signed asynchronously
* refactor: better structure and new naming convention
* test: add unit test for token signature
* test: add unit test for creating user with JWT enabled
#168
* docs: add security section jwt
* refactor: renable web auth middleware
* test(auth): add legacy disabled scenario
* chore: update gitignore
* chore: add some es6 sugar
* feat: enable JWT token signature for new installations
* chore: add yaml files to git
I forgot add this before 😷
* chore: trace log on auth
in case we want more output