inwx / nodejs-client Goto Github PK

After refactoring the logs in development mode show [object object] for incoming response.

Hello,

I have been using this client for a while but in recent month I started failing the log in:
Request (account.login): {"method":"account.login","params":{"user":"???","pass":"???"}} Response (account.login): {"code":2200,"msg":"Authentication error"}

This is the test code I am using:

const { ApiClient, Language } = require('domrobot-client');

const loginUsername = '???';
const loginPassword = '???';
const apiClient = new ApiClient(ApiClient.API_URL_OTE, Language.EN, true);

async function test() {
    const loginResponse = await apiClient.login(loginUsername, loginPassword);
    if (loginResponse.code !== 1000) {
        console.error('Api error: ' + loginResponse.code + ' message: ' + loginResponse.msg);
    } else {
        console.log('Successfully logged in !');
    }
}

test();

Versions:
Package: 3.0.2
OS: windows 10
Node: 14.18.0

I double checked that the same credentials can be used to log into the web-site.
Help would be appreciated.

Best regards,
Lutz

Description:

I've encountered an issue with the API authentication when using a password that is longer than 10 characters.

Details:

• API Client: Domrobot official client for Node.js
• Issue: When I set a password longer than 10 characters, the API returns an authentication error. However, if I use a password with exactly 10 characters, the authentication works fine. I have verified that this issue occurs even when simply appending numbers to a working 10-character password.
• Error Message:

Error: Api login error. Code: 2200 Message: Authentication error

• Steps to Reproduce:
  1. Set up a password with 10 characters (including special characters) and authenticate successfully.
  2. Increase the password length to more than 10 characters by adding numbers or letters.
  3. Attempt to authenticate and receive the authentication error.
• Expected Behavior: The API should accept passwords longer than 10 characters as specified in the documentation.
• Actual Behavior: The API rejects passwords longer than 10 characters with an authentication error.

Request:

Please investigate why the API fails to authenticate with passwords longer than 10 characters and provide a fix or guidance on resolving this issue.

The npm depdency request has known security vulnerabilities and is deprecated for long time now.

> npm audit
request  *
Severity: moderate
Server-Side Request Forgery in Request - https://github.com/advisories/GHSA-p8p7-x288-28g6
No fix available
node_modules/request
  domrobot-client  *
  Depends on vulnerable versions of request
  Depends on vulnerable versions of request-promise-native
  node_modules/domrobot-client
  request-promise-core  *
  Depends on vulnerable versions of request
  node_modules/request-promise-core
    request-promise-native  >=1.0.0
    Depends on vulnerable versions of request
    Depends on vulnerable versions of request-promise-core
    node_modules/request-promise-native

4 moderate severity vulnerabilities

This dependency should be replaced by a modern http client. E.g. with the Node.js native and browser compatible fetch API or something else. request/request#3143

• request/request#3143
• request/request#3142