cansecurity
Advanced tools
Comparing version 3.2.0 to 3.2.1
{ | ||
"name": "cansecurity", | ||
"description": "cansecurity is your all-in-one security library for user authentication, authorization and management in node expressjs apps", | ||
"version": "3.2.0", | ||
"version": "3.2.1", | ||
"license": "MIT", | ||
@@ -6,0 +6,0 @@ "url": "http://github.com/deitch/cansecurity", |
@@ -214,3 +214,3 @@ # cansecurity | ||
* If authentication is required and succeeds, it will set request["X-CS-Auth"], and request.session["X-CS-Auth"] if sessions are enabled, and then call next() to jump to the next middleware. | ||
* If authentication is required and fails, it will return `401` with the text message `unauthenticated` | ||
* If authentication is required and fails, it will return `401` with the text message `unauthenticated`. You can customize the return code and optional headers on a per-path basis. | ||
* If authentication is **not** required, it will jump to the next middleware | ||
@@ -220,3 +220,13 @@ | ||
#### Custom Unauthenticated Response | ||
If you wish to customize the response code or headers for unauthenticated, add a middleware setting a unique "unauthenticated" object _before_ the restriction that requires the user to be authenticated. For example: | ||
```js | ||
app.get("/secure/loggedin",cansec.restrictToLoggedIn,send200); | ||
app.get("/secure/customloggedin",cansec.setUnauthenticatedCode({code:302,location:"/login"}),cansec.restrictToLoggedIn,send200); | ||
``` | ||
In the above examples, the restrictions are _almost_ identical, except that a user not logged in (or with invalid credentials) attempting to access `/secure/loggedin` will receive a `401` http response code, whereas a user attempting to access `/secure/customloggedin` will receive a `302` http response code and the http header `Location: /login` will be set on the response. | ||
### How Authentication Works | ||
@@ -223,0 +233,0 @@ With each request, the following algorithm is followed: |
222134
969