@adonisjs/auth - npm Package Compare versions

Comparing version 2.0.4 to 2.0.5

CHANGELOG.md

@@ -0,1 +1,6 @@
+<a name="2.0.5"></a>
+## [2.0.5](https://github.com/adonisjs/adonis-auth/compare/v2.0.4...v2.0.5) (2017-08-22)
+
+
+
 <a name="2.0.4"></a>
@@ -2,0 +7,0 @@ ## [2.0.4](https://github.com/adonisjs/adonis-auth/compare/v2.0.3...v2.0.4) (2017-08-22)

package.json

 {
   "name": "@adonisjs/auth",
-  "version": "2.0.4",
+  "version": "2.0.5",
   "description": "Offical authentication provider for Adonis framework",
@@ -5,0 +5,0 @@ "main": "index.js",

providers/AuthProvider.js

@@ -98,6 +98,3 @@ 'use strict'
     const Config = this.app.use('Adonis/Src/Config')
-    const Exception = this.app.use('Adonis/Src/Exception')
 
-    require('../src/ExceptionHandler')(Exception)
-
     Context.getter('auth', function () {
@@ -104,0 +101,0 @@ return new Auth({ request: this.request, response: this.response, session: this.session }, Config)

src/Exceptions/index.js

@@ -25,2 +25,57 @@ 'use strict'
   }
+
+  /**
+   * Handle user not found exception, this method does a
+   * lot of work to find the correct way to handle the
+   * exception. Try reading the code to understand
+   * it.
+   *
+   * @method handle
+   *
+   * @param  {Number} options.status
+   * @param  {Object} options.request
+   * @param  {Object} options.response
+   * @param  {Object} options.session
+   * @param  {Object} options.auth
+   *
+   * @return {void}
+   */
+  async handle ({ status }, { request, response, session, auth }) {
+    const isJSON = request.accepts(['html', 'json']) === 'json'
+    const errorMessages = [{ field: auth.uidField, message: `Cannot find user with provided ${auth.uidField}` }]
+
+    /**
+     * If request is json then return a json response
+     */
+    if (isJSON) {
+      response.status(status).send(errorMessages)
+      return
+    }
+
+    /**
+     * If auth scheme is session, then flash the data
+     * back to the form
+     */
+    if (auth.scheme === 'session') {
+      session.withErrors(errorMessages).flashExcept([auth.passwordField])
+      await session.commit()
+      response.redirect('back')
+      return
+    }
+
+    /**
+     * If using basic auth, then prompt user with a native
+     * browser dialog
+     */
+    if (auth.scheme === 'basic') {
+      response.header('WWW-Authenticate', 'Basic realm="example"')
+      response.status(status).send('Access denied')
+      return
+    }
+
+    /**
+     * Fallback to json response
+     */
+    response.status(status).send(errorMessages)
+  }
 }
@@ -38,32 +93,99 @@
   }
+
+  /**
+   * Handle password mis-match exception, this method does a
+   * lot of work to find the correct way to handle the
+   * exception. Try reading the code to understand
+   * it.
+   *
+   * @method handle
+   *
+   * @param  {Number} options.status
+   * @param  {Object} options.request
+   * @param  {Object} options.response
+   * @param  {Object} options.session
+   * @param  {Object} options.auth
+   *
+   * @return {void}
+   */
+  async handle ({ status }, { request, response, session, auth }) {
+    const isJSON = request.accepts(['html', 'json']) === 'json'
+    const errorMessages = [{ field: auth.passwordField, message: 'Invalid user password' }]
+
+    /**
+     * If request is json then return a json response
+     */
+    if (isJSON) {
+      response.status(status).send(errorMessages)
+      return
+    }
+
+    /**
+     * If auth scheme is session, then flash the data
+     * back to the form
+     */
+    if (auth.scheme === 'session') {
+      session.withErrors(errorMessages).flashExcept([auth.passwordField])
+      await session.commit()
+      response.redirect('back')
+      return
+    }
+
+    /**
+     * If using basic auth, then prompt user with a native
+     * browser dialog
+     */
+    if (auth.scheme === 'basic') {
+      response.header('WWW-Authenticate', 'Basic realm="example"')
+      response.status(status).send('Access denied')
+      return
+    }
+
+    /**
+     * Fallback to json response
+     */
+    response.status(status).send(errorMessages)
+  }
 }
 
 /**
- * Invalid login exception is raised when unable to
- * login a user.
+ * This exception is raised when basic auth credentials are
+ * missing.
  *
- * @class InvalidLoginException
+ * @class InvalidBasicAuthException
  */
-class InvalidLoginException extends GE.LogicalException {
+class InvalidBasicAuthException extends GE.LogicalException {
   /**
-   * User session is invalid but trying to use secure
-   * resource
+   * The basic auth header/credentials are missing
    *
-   * @method invalidSession
+   * @method invoke
    *
    * @return {Object}
    */
-  static invalidSession () {
-    return new this('Invalid session', 401, 'E_INVALID_SESSION')
+  static invoke () {
+    return new this('Cannot parse or read Basic auth header', 401, 'E_MISSING_AUTH_HEADER')
   }
 
   /**
-   * The basic auth header/credentials are misssing
+   * Handle the exception itself
    *
-   * @method missingBasicAuthCredentials
+   * @method handle
    *
-   * @return {Object}
+   * @param  {Number} options.status
+   * @param  {Object} options.response
+   * @param  {Object} options.request
+   *
+   * @return {void}
    */
-  static missingBasicAuthCredentials () {
-    return new this('Cannot parse or read Basic auth header', 401, 'E_MISSING_AUTH_HEADER')
+  handle ({ status }, { request, response }) {
+    const isJSON = request.accepts(['html', 'json']) === 'json'
+
+    if (!isJSON) {
+      response.header('WWW-Authenticate', 'Basic realm="example"')
+      response.status(status).send('Access denied')
+      return
+    }
+
+    const error = [{ field: null, message: 'Basic auth header is missing' }]
+    response.status(status).send(error)
   }
@@ -73,2 +195,14 @@ }
 /**
+ * This exception is raised when user session is invalid
+ *
+ * @class InvalidSessionException
+ * @constructor
+ */
+class InvalidSessionException extends GE.LogicalException {
+  static invoke () {
+    return new this('Invalid session', 401, 'E_INVALID_SESSION')
+  }
+}
+
+/**
  * This exception is raised when jwt token is invalid or
@@ -79,3 +213,3 @@ * unable to find user for JWT token.
  */
-class InvalidJwtToken extends InvalidLoginException {
+class InvalidJwtToken extends GE.LogicalException {
   static invoke (message) {
@@ -92,3 +226,3 @@ return new this(message || 'The Jwt token is invalid', 401, 'E_INVALID_JWT_TOKEN')
  */
-class InvalidRefreshToken extends InvalidLoginException {
+class InvalidRefreshToken extends GE.LogicalException {
   static invoke (refreshToken) {
@@ -104,3 +238,3 @@ return new this(`Invalid refresh token ${refreshToken}`, 401, 'E_INVALID_JWT_REFRESH_TOKEN')
  */
-class ExpiredJwtToken extends InvalidLoginException {
+class ExpiredJwtToken extends GE.LogicalException {
   static invoke () {
@@ -116,3 +250,3 @@ return new this('The jwt token has been expired. Generate a new one to continue', 401, 'E_JWT_TOKEN_EXPIRED')
  */
-class InvalidApiToken extends InvalidLoginException {
+class InvalidApiToken extends GE.LogicalException {
   static invoke () {
@@ -129,4 +263,5 @@ return new this('The api token is missing or invalid', 401, 'E_INVALID_API_TOKEN')
   ExpiredJwtToken,
-  InvalidLoginException,
-  InvalidApiToken
+  InvalidBasicAuthException,
+  InvalidApiToken,
+  InvalidSessionException
 }

src/Schemes/BasicAuth.js

@@ -60,3 +60,3 @@ 'use strict'
     if (!credentials) {
-      throw CE.InvalidLoginException.missingBasicAuthCredentials()
+      throw CE.InvalidBasicAuthException.invoke()
     }
@@ -63,0 +63,0 @@

src/Schemes/Session.js

@@ -275,3 +275,3 @@ 'use strict'
 
-    throw CE.InvalidLoginException.invalidSession()
+    throw CE.InvalidSessionException.invoke()
   }
@@ -278,0 +278,0 @@

No alert changes

Worsened metrics

Total package byte prevSize

80812

decreased by-3.17%

Number of package files

31

decreased by-8.82%

Lines of code

2463

decreased by-3.15%

No dependency changes