Fix outdated dependencies and NPM audit warnings (#334)

- deps update
- package lock update
- minor code changes to align with updated libraries

/cc @daxeh

Fixes #333

package.json

@@ -41,7 +41,7 @@
         "express-session": "1.17.1",
         "express-validator": "6.9.2",
         "fbgraph": "1.4.4",
-        "lodash": "4.17.20",
+        "lodash": "^4.17.21",
         "lusca": "1.6.1",
         "mongoose": "5.11.15",
         "nodemailer": "6.4.17",
@@ -64,9 +64,9 @@
         "@types/express": "4.17.11",
         "@types/express-flash": "0.0.2",
         "@types/express-session": "1.17.3",
-        "@types/jest": "26.0.22",
+        "@types/jest": "^26.0.23",
         "@types/jquery": "3.5.5",
-        "@types/lodash": "4.14.168",
+        "@types/lodash": "^4.14.170",
         "@types/lusca": "1.6.2",
         "@types/node": "14.14.25",
         "@types/nodemailer": "6.4.0",
@@ -84,12 +84,12 @@
         "chai": "4.3.0",
         "concurrently": "6.0.2",
         "eslint": "7.19.0",
-        "jest": "26.6.3",
-        "nodemon": "2.0.7",
+        "jest": "^27.0.6",
+        "nodemon": "^2.0.7",
         "sass": "1.32.6",
         "shelljs": "0.8.4",
         "supertest": "6.1.3",
-        "ts-jest": "26.5.0",
+        "ts-jest": "^27.0.3",
         "ts-node": "9.1.1",
         "typescript": "4.1.3"
     }

src/config/passport.ts

@@ -1,7 +1,7 @@
 import passport from "passport";
 import passportLocal from "passport-local";
 import passportFacebook from "passport-facebook";
-import _ from "lodash";
+import { find } from "lodash";
 
 // import { User, UserType } from '../models/User';
 import { User, UserDocument } from "../models/User";
@@ -133,7 +133,7 @@ export const isAuthorized = (req: Request, res: Response, next: NextFunction) =>
     const provider = req.path.split("/").slice(-1)[0];
 
     const user = req.user as UserDocument;
-    if (_.find(user.tokens, { kind: provider })) {
+    if (find(user.tokens, { kind: provider })) {
         next();
     } else {
         res.redirect(`/auth/${provider}`);

src/controllers/user.ts

@@ -6,7 +6,7 @@ import { User, UserDocument, AuthToken } from "../models/User";
 import { Request, Response, NextFunction } from "express";
 import { IVerifyOptions } from "passport-local";
 import { WriteError } from "mongodb";
-import { check, sanitize, validationResult } from "express-validator";
+import { body, check, validationResult } from "express-validator";
 import "../config/passport";
 import { CallbackError, NativeError } from "mongoose";
 
@@ -30,7 +30,7 @@ export const getLogin = (req: Request, res: Response): void => {
 export const postLogin = async (req: Request, res: Response, next: NextFunction): Promise<void> => {
     await check("email", "Email is not valid").isEmail().run(req);
     await check("password", "Password cannot be blank").isLength({min: 1}).run(req);
-    await sanitize("email").normalizeEmail({ gmail_remove_dots: false }).run(req);
+    await body("email").normalizeEmail({ gmail_remove_dots: false }).run(req);
 
     const errors = validationResult(req);
 
@@ -83,7 +83,7 @@ export const postSignup = async (req: Request, res: Response, next: NextFunction
     await check("email", "Email is not valid").isEmail().run(req);
     await check("password", "Password must be at least 4 characters long").isLength({ min: 4 }).run(req);
     await check("confirmPassword", "Passwords do not match").equals(req.body.password).run(req);
-    await sanitize("email").normalizeEmail({ gmail_remove_dots: false }).run(req);
+    await body("email").normalizeEmail({ gmail_remove_dots: false }).run(req);
 
     const errors = validationResult(req);
 
@@ -131,7 +131,7 @@ export const getAccount = (req: Request, res: Response): void => {
  */
 export const postUpdateProfile = async (req: Request, res: Response, next: NextFunction): Promise<void> => {
     await check("email", "Please enter a valid email address.").isEmail().run(req);
-    await sanitize("email").normalizeEmail({ gmail_remove_dots: false }).run(req);
+    await body("email").normalizeEmail({ gmail_remove_dots: false }).run(req);
 
     const errors = validationResult(req);
 
@@ -326,7 +326,7 @@ export const getForgot = (req: Request, res: Response): void => {
  */
 export const postForgot = async (req: Request, res: Response, next: NextFunction): Promise<void> => {
     await check("email", "Please enter a valid email address.").isEmail().run(req);
-    await sanitize("email").normalizeEmail({ gmail_remove_dots: false }).run(req);
+    await body("email").normalizeEmail({ gmail_remove_dots: false }).run(req);
 
     const errors = validationResult(req);
 

test/user.test.ts

@@ -18,26 +18,27 @@ describe("GET /forgot", () => {
 });
 
 describe("GET /signup", () => {
-    it("should return 200 OK", () => {
-        return request(app).get("/signup")
-            .expect(200);
+    it("should return 200 OK", (done) => {
+        request(app).get("/signup")
+            .expect(200)
+            .end(() => done());
     });
 });
 
 describe("GET /reset", () => {
-    it("should return 302 Found for redirection", () => {
-        return request(app).get("/reset/1")
-            .expect(302);
+    it("should return 302 Found for redirection", (done) => {
+        request(app).get("/reset/1")
+            .expect(302).end(() => done());
     });
 });
 
 describe("POST /login", () => {
     it("should return some defined error message with valid parameters", (done) => {
-        return request(app).post("/login")
+        request(app).post("/login")
             .field("email", "john@me.com")
             .field("password", "Hunter2")
             .expect(302)
-            .end(function(err, res) {
+            .end((err, res) => {
                 expect(res.error).not.to.be.undefined;
                 done();
             });