feathers-authentication - npm Package Compare versions

Comparing version 1.0.0-beta-2 to 1.0.0

docs/migrating.md

@@ -5,5 +5,5 @@ # Migrating to 1.0
 
-After usage by ourselves and others we realized that there were some limitations in previous the architecture. These new changes allow for some pretty awesome functionality and flexibility that are outlined in [New 1.0 Features](./new-1.0-features.md).
+After usage by ourselves and others we realized that there were some limitations in the previous architecture. These new changes allow for some pretty awesome functionality and flexibility that are outlined in [New 1.0 Features](./new-1.0-features.md).
 
-We've also decoupled the authentication strategies and permissions from the core authentication. While many apps needs these, not **every** app does. This has also allowed us to better test each piece in isolation.
+We've also decoupled the authentication strategies and permissions from the core authentication. While many apps need these, not **every** app does. This has also allowed us to better test each piece in isolation.
 
@@ -10,0 +10,0 @@ They are now located here:

example/app.js

@@ -0,1 +1,2 @@
+const path = require('path');
 const feathers = require('feathers');
@@ -7,3 +8,2 @@ const rest = require('feathers-rest');
 const bodyParser = require('body-parser');
-const errors = require('feathers-errors');
 const errorHandler = require('feathers-errors/handler');
@@ -24,3 +24,3 @@ const local = require('feathers-authentication-local');
   .use('/users', memory())
-  .use('/', feathers.static(__dirname + '/public'));
+  .use('/', feathers.static(path.resolve(__dirname, '/public')));
 
@@ -27,0 +27,0 @@ app.service('authentication').hooks({

lib/express/set-cookie.js

@@ -39,10 +39,2 @@ 'use strict';
 
-    // NOTE (EK): If we are not dealing with a browser or it was an
-    // XHR request then just skip this. This is primarily for
-    // handling the oauth redirects and for us to securely send the
-    // JWT to the client in a cookie.
-    // if (req.xhr || req.is('json') || !req.accepts('html')) {
-    //   return next();
-    // }
-
     // If cookies are enabled then set it with its options.
@@ -52,8 +44,9 @@ if (options.enabled && options.name) {
 
-      debug('Clearing old \'' + cookie + '\' cookie');
-      res.clearCookie(cookie);
+      // Only set the cookie if this was called after a service method and
+      // we weren't removing the token and we have a JWT access token.
+      if (res.hook && res.hook.method !== 'remove' && res.data && res.data.accessToken) {
+        // Clear out any old cookie since we are creating a new one
+        debug('Clearing old \'' + cookie + '\' cookie');
+        res.clearCookie(cookie);
 
-      // Only set the cookie if we weren't removing the token and we
-      // have a JWT access token.
-      if (!res.hook || res.hook && res.hook.method !== 'remove' && res.data && res.data.accessToken) {
         // Check HTTPS and cookie status in production.
@@ -60,0 +53,0 @@ if (!req.secure && app.get('env') === 'production' && options.secure) {

lib/hooks/authenticate.js

@@ -23,4 +23,2 @@ 'use strict';
 
-  // TODO (EK): Handle chaining multiple strategies
-
   if (!strategy) {
@@ -42,2 +40,3 @@ throw new Error('The \'authenticate\' hook requires one of your registered passport strategies.');
 
+    // NOTE (EK): Bring this in when we decide to make the strategy required by the client
     // if (!hook.app.passport._strategy(strategy)) {
@@ -58,2 +57,4 @@ //   return Promise.reject(new Error(`Your '${strategy}' authentication strategy is not registered with passport.`));
 
+    debug('Attempting to authenticate using ' + strategy + ' strategy with options', options);
+
     return app.authenticate(strategy, options)(request).then(function () {
@@ -60,0 +61,0 @@ var result = arguments.length > 0 && arguments[0] !== undefined ? arguments[0] : {};

lib/passport/authenticate.js

@@ -26,4 +26,2 @@ 'use strict';
 
-  var app = this;
-
   debug('Initializing custom passport authenticate', options);
@@ -30,0 +28,0 @@

lib/socket/handler.js

@@ -85,2 +85,4 @@ 'use strict';
         handleSocketCallback(promise, callback);
+      } else if (typeof callback === 'function') {
+        return callback(null, {});
       }
@@ -87,0 +89,0 @@ };

package.json

 {
   "name": "feathers-authentication",
   "description": "Add Authentication to your FeathersJS app.",
-  "version": "1.0.0-beta-2",
+  "version": "1.0.0",
   "homepage": "https://github.com/feathersjs/feathers-authentication",
@@ -38,7 +38,13 @@ "main": "lib/",
     "watch": "babel --watch -d lib/ src/",
-    "jshint": "jshint src/. test/. --config",
+    "lint": "semistandard --fix",
     "mocha": "mocha --opts mocha.opts",
-    "test": "npm run compile && npm run jshint && npm run coverage && nsp check",
+    "test": "npm run compile && npm run lint && npm run coverage && nsp check",
     "coverage": "istanbul cover node_modules/mocha/bin/_mocha -- --opts mocha.opts"
   },
+  "semistandard": {
+    "sourceType": "module",
+    "env": [
+      "mocha"
+    ]
+  },
   "directories": {
@@ -64,3 +70,2 @@ "lib": "lib"
     "babel-preset-es2015": "^6.14.0",
-    "bcryptjs": "^2.3.0",
     "body-parser": "^1.15.2",
@@ -74,3 +79,3 @@ "chai": "^3.5.0",
     "feathers-memory": "^1.0.0",
-    "feathers-primus": "^1.3.2",
+    "feathers-primus": "^2.0.0",
     "feathers-rest": "^1.5.0",
@@ -88,2 +93,3 @@ "feathers-socketio": "^1.3.2",
     "sinon-chai": "^2.8.0",
+    "semistandard": "^9.1.0",
     "socket.io-client": "^1.4.8",
@@ -90,0 +96,0 @@ "superagent": "^3.0.0",

README.md

@@ -12,3 +12,3 @@ # feathers-authentication
 
-`feathers-authentication` adds shared [PassportJS](http://passportjs.org/) authentication for Feathers HTTP REST and WebSockets transports using [JSON Web Tokens](http://jwt.io/).
+`feathers-authentication` adds shared [PassportJS](http://passportjs.org/) authentication for Feathers HTTP REST and WebSocket transports using [JSON Web Tokens](http://jwt.io/).
 
@@ -31,12 +31,14 @@
 1. The main entry function
-2. An `authenticate` hook
+2. A single `authenticate` hook
 3. The authentication `service`
 4. Socket listeners
 5. Express middleware
-6. A [Passport](http://passportjs.org/) adapter 
+6. A [Passport](http://passportjs.org/) adapter for Feathers
 
 ### Hooks
 
-There is just 1 hook now called `authenticate`. This can be used to authenticate a service method with a given strategy.
+`feathers-authentication` only includes a single hook. This bundled `authenticate` hook is used to register an array of one or more authentication strategies on a service method.
 
+> **Note:** Most of the time you should be registering this on your `/authentication` service. Without it you can hit the `authentication` service and generate a JWT `accessToken` without authentication (ie. anonymous authentication).
+
 ```js
@@ -56,6 +58,8 @@ app.service('authentication').hooks({
 
+The hooks that were once bundled with this module are now located at [feathers-legacy-authentication-hooks](https://github.com/feathersjs/feathers-legacy-authentication-hooks). They are completely compatible but are deprecated and will not be supported by the core team going forward.
 
+
 ### Express Middleware
 
-Just like hooks there is an `authenticate` middleware. It is used the exact same way you would the regular passport express middleware.
+Just like hooks there is an `authenticate` middleware. It is used the exact same way you would the regular Passport express middleware.
 
@@ -66,3 +70,3 @@ ```js
 
-The other middleware are included but typically you don't need to worry about them.
+These other middleware are included and exposed but typically you don't need to worry about them:
 
@@ -78,3 +82,3 @@ - `emitEvents` - emit `login` and `logout` events
 
-The following default options will be mixed in with your global `auth` object from your config file. It will set the mixed options back to to the app so that they are available at any time by `app.get('auth')`. They can all be overridden and are depended upon by some of the authentication plugins.
+The following default options will be mixed in with your global `auth` object from your config file. It will set the mixed options back on to the app so that they are available at any time by calling `app.get('auth')`. They can all be overridden and are depended upon by some of the authentication plugins.
 
@@ -117,7 +121,7 @@ ```js
 
-## Migrating to 1.0
+## Migrating to 1.x
 Refer to [the migration guide](./docs/migrating.md).
 
 ## Complete Example
-Here's an example of a Feathers server that uses `feathers-authentication` for local auth.
+Here's an example of a Feathers server that uses `feathers-authentication` for local auth. You can try it out on your own machine by running the [example](./example/).
 
@@ -177,3 +181,4 @@ **Note:** This does NOT implement any authorization. Use [feathers-permissions](https://github.com/feathersjs/feathers-permissions) for that.
 
-let server = app.listen(3030);
+const port = 3030;
+let server = app.listen(port);
 server.on('listening', function() {
@@ -180,0 +185,0 @@ console.log(`Feathers application started on localhost:${port}`);

New alerts

Deprecated

Maintenance

The maintainer of the package marked it as deprecated. This could indicate that a single version should not be used, or that the package is no longer maintained and any new vulnerabilities will not be fixed.

Found 1 instance in 1 package

Fixed alerts

No v1

Quality

Package is not semver >=1. This means it is not stable and does not support ^ ranges.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

270421

increased by8.19%

Number of package files

36

increased by2.86%

Number of low quality alerts

0

decreased by-100%

Number of lines in readme file

216

increased by2.37%

Worsened metrics

Lines of code

1058

decreased by-0.38%

Number of medium maintenance alerts

1

increased byInfinity%

No dependency changes