New Case Study:See how Anthropic automated 95% of dependency reviews with Socket.Learn More →
feathers-authentication
Advanced tools
feathers-authentication - npm Package Compare versions
Comparing version 1.0.0-alpha to 1.0.0-beta
| # Change Log | ||
| ## [v0.7.10](https://github.com/feathersjs/feathers-authentication/tree/v0.7.10) (2016-08-31) | ||
| [Full Changelog](https://github.com/feathersjs/feathers-authentication/compare/v0.7.9...v0.7.10) | ||
| **Fixed bugs:** | ||
| - restrictToOwner should not throw an error on mass deletions [\#175](https://github.com/feathersjs/feathers-authentication/issues/175) | ||
| **Closed issues:** | ||
| - Duplicate Email should be rejected by Default [\#281](https://github.com/feathersjs/feathers-authentication/issues/281) | ||
| - Auth0 & featherjs authorization only [\#277](https://github.com/feathersjs/feathers-authentication/issues/277) | ||
| - Cannot read property 'scope' of undefined [\#273](https://github.com/feathersjs/feathers-authentication/issues/273) | ||
| - Socker.js | Custom successHandler [\#271](https://github.com/feathersjs/feathers-authentication/issues/271) | ||
| - Use feathers-socketio? and rest&socket share session maybe? [\#269](https://github.com/feathersjs/feathers-authentication/issues/269) | ||
| - Ability to invalidate old token/session when user login with another machine. [\#267](https://github.com/feathersjs/feathers-authentication/issues/267) | ||
| - 0.8 authentication before hooks - only ever getting a 401 Unauthorised [\#263](https://github.com/feathersjs/feathers-authentication/issues/263) | ||
| - REST Middleware breaks local auth [\#262](https://github.com/feathersjs/feathers-authentication/issues/262) | ||
| - 0.8: Token Service errors on token auth using client [\#254](https://github.com/feathersjs/feathers-authentication/issues/254) | ||
| - 0.8: Cookies, turning off feathers-session cookie also turns off feathers-jwt cookie. [\#253](https://github.com/feathersjs/feathers-authentication/issues/253) | ||
| - Any example of how to do refresh token? [\#248](https://github.com/feathersjs/feathers-authentication/issues/248) | ||
| - Custom Authentication Hooks [\#236](https://github.com/feathersjs/feathers-authentication/issues/236) | ||
| - Is there an Authenticated Event [\#235](https://github.com/feathersjs/feathers-authentication/issues/235) | ||
| - Error while using /auth/local [\#233](https://github.com/feathersjs/feathers-authentication/issues/233) | ||
| - Providing token to feathers.authentication doesn't work [\#230](https://github.com/feathersjs/feathers-authentication/issues/230) | ||
| - bundled hooks customize errors [\#215](https://github.com/feathersjs/feathers-authentication/issues/215) | ||
| - Hooks should support a callback for conditionally running [\#210](https://github.com/feathersjs/feathers-authentication/issues/210) | ||
| - restrictToRoles hook: More complex determination of "owner". [\#205](https://github.com/feathersjs/feathers-authentication/issues/205) | ||
| - verifyToken hook option to error [\#200](https://github.com/feathersjs/feathers-authentication/issues/200) | ||
| - Allow using restrictToOwner as an after hook [\#123](https://github.com/feathersjs/feathers-authentication/issues/123) | ||
| **Merged pull requests:** | ||
| - Manually supply an endpoint to the Client authenticate\(\) method [\#278](https://github.com/feathersjs/feathers-authentication/pull/278) ([mcnamee](https://github.com/mcnamee)) | ||
| - Update mocha to version 3.0.0 🚀 [\#257](https://github.com/feathersjs/feathers-authentication/pull/257) ([greenkeeperio-bot](https://github.com/greenkeeperio-bot)) | ||
| - Don’t mix options when signing tokens [\#255](https://github.com/feathersjs/feathers-authentication/pull/255) ([marshallswain](https://github.com/marshallswain)) | ||
| - Attempt to get token right away. [\#252](https://github.com/feathersjs/feathers-authentication/pull/252) ([marshallswain](https://github.com/marshallswain)) | ||
| - Update async to version 2.0.0 🚀 [\#240](https://github.com/feathersjs/feathers-authentication/pull/240) ([greenkeeperio-bot](https://github.com/greenkeeperio-bot)) | ||
| - Creates better way or returning data in a familiar format [\#234](https://github.com/feathersjs/feathers-authentication/pull/234) ([codingfriend1](https://github.com/codingfriend1)) | ||
| - Throws an error if restriction methods are used outside of a find or get hook [\#232](https://github.com/feathersjs/feathers-authentication/pull/232) ([codingfriend1](https://github.com/codingfriend1)) | ||
| - RestrictToOwner now takes an array [\#231](https://github.com/feathersjs/feathers-authentication/pull/231) ([sscaff1](https://github.com/sscaff1)) | ||
| - Adds ability to limit queries unless authenticated and authorized [\#229](https://github.com/feathersjs/feathers-authentication/pull/229) ([codingfriend1](https://github.com/codingfriend1)) | ||
| ## [v0.7.9](https://github.com/feathersjs/feathers-authentication/tree/v0.7.9) (2016-06-20) | ||
| [Full Changelog](https://github.com/feathersjs/feathers-authentication/compare/v0.7.8...v0.7.9) | ||
| **Fixed bugs:** | ||
| - Calling logout should revoke/blacklist a JWT [\#133](https://github.com/feathersjs/feathers-authentication/issues/133) | ||
| **Closed issues:** | ||
| - Query email rather than oauth provider id on /auth/\<provider\> [\#223](https://github.com/feathersjs/feathers-authentication/issues/223) | ||
| - Cannot read property \'service\' of undefined [\#222](https://github.com/feathersjs/feathers-authentication/issues/222) | ||
| **Merged pull requests:** | ||
| - added support for hashing passwords when hook.data is an array [\#225](https://github.com/feathersjs/feathers-authentication/pull/225) ([eblin](https://github.com/eblin)) | ||
| - jwt ssl warning [\#214](https://github.com/feathersjs/feathers-authentication/pull/214) ([aboutlo](https://github.com/aboutlo)) | ||
| ## [v0.7.8](https://github.com/feathersjs/feathers-authentication/tree/v0.7.8) (2016-06-09) | ||
@@ -4,0 +63,0 @@ [Full Changelog](https://github.com/feathersjs/feathers-authentication/compare/v0.7.7...v0.7.8) |
@@ -138,6 +138,15 @@ # Migrating to 1.0 | ||
| The JWT is only parsed from the header by default now. It is no longer pulled from the body or query string. | ||
| The JWT is only parsed from the header and body by default now. It is no longer pulled from the query string. | ||
| You can customize the header by passing the `app.configure(authentication({header: 'custom'})`. If you want to customize things further you can refer to the [`feathers-authentication-jwt`](https://github.com/feathersjs/feathers-authentication-jwt) module or implement your own custom passport JWT strategy. | ||
| You can customize the header and body keys like so: | ||
| ```js | ||
| app.configure(authentication({ | ||
| header: 'custom', | ||
| bodyKey: 'custom' | ||
| })); | ||
| ``` | ||
| If you want to customize things further you can refer to the [`feathers-authentication-jwt`](https://github.com/feathersjs/feathers-authentication-jwt) module or implement your own custom passport JWT strategy. | ||
| ## Hook Changes | ||
@@ -144,0 +153,0 @@ |
@@ -170,3 +170,3 @@ 'use strict'; | ||
| debug('Clearing old timeout.'); | ||
| logoutTimer.clearTimeout(); | ||
| clearTimeout(logoutTimer); | ||
| } | ||
@@ -173,0 +173,0 @@ |
| { | ||
| "name": "feathers-authentication", | ||
| "description": "Add Authentication to your FeathersJS app.", | ||
| "version": "1.0.0-alpha", | ||
| "version": "1.0.0-beta", | ||
| "homepage": "https://github.com/feathersjs/feathers-authentication", | ||
@@ -26,3 +26,3 @@ "main": "lib/", | ||
| "engines": { | ||
| "node": ">= 0.12.0" | ||
| "node": ">= 4" | ||
| }, | ||
@@ -37,8 +37,8 @@ "scripts": { | ||
| "release:pre": "npm publish --tag next", | ||
| "compile": "rm -rf lib/ && babel -d lib/ src/", | ||
| "compile": "rimraf -rf lib/ && babel -d lib/ src/", | ||
| "watch": "babel --watch -d lib/ src/", | ||
| "jshint": "jshint src/. test/. --config", | ||
| "mocha": "mocha --opts mocha.opts", | ||
| "coverage": "istanbul cover _mocha -- --opts mocha.opts", | ||
| "test": "npm run compile && npm run jshint && npm run coverage && nsp check" | ||
| "test": "npm run compile && npm run jshint && npm run coverage && nsp check", | ||
| "coverage": "istanbul cover node_modules/mocha/bin/_mocha -- --opts mocha.opts" | ||
| }, | ||
@@ -62,3 +62,3 @@ "directories": { | ||
| "babel-cli": "^6.14.0", | ||
| "babel-core": "^6.14.0", | ||
| "babel-core": "^6.18.2", | ||
| "babel-plugin-add-module-exports": "^0.2.0", | ||
@@ -70,4 +70,4 @@ "babel-preset-es2015": "^6.14.0", | ||
| "feathers": "^2.0.2", | ||
| "feathers-authentication-jwt": "feathersjs/feathers-authentication-jwt", | ||
| "feathers-authentication-local": "feathersjs/feathers-authentication-local", | ||
| "feathers-authentication-jwt": "^0.1.0", | ||
| "feathers-authentication-local": "^0.2.0", | ||
| "feathers-configuration": "^0.4.1", | ||
@@ -86,2 +86,3 @@ "feathers-hooks": "^1.6.0", | ||
| "primus": "^6.0.5", | ||
| "rimraf": "^2.5.4", | ||
| "sinon": "^1.17.6", | ||
@@ -88,0 +89,0 @@ "sinon-chai": "^2.8.0", |
178
README.md
| # feathers-authentication | ||
| [](https://travis-ci.org/feathersjs/feathers-authentication) | ||
| [](https://codeclimate.com/github/feathersjs/feathers-authentication) | ||
| [](https://codeclimate.com/github/feathersjs/feathers-authentication/coverage) | ||
| [](https://david-dm.org/feathersjs/feathers-authentication) | ||
| [](https://www.npmjs.com/package/feathers-authentication) | ||
| [](http://slack.feathersjs.com) | ||
| > Add Authentication to your FeathersJS app. | ||
| `feathers-authentication` adds shared [PassportJS](http://passportjs.org/) authentication for Feathers HTTP REST and WebSockets services using [JSON Web Tokens](http://jwt.io/). | ||
| `feathers-authentication` adds shared [PassportJS](http://passportjs.org/) authentication for Feathers HTTP REST and WebSockets transports using [JSON Web Tokens](http://jwt.io/). | ||
@@ -18,51 +23,152 @@ | ||
| Please refer to the [Authentication documentation](http://docs.feathersjs.com/authentication/readme.html) for more details: | ||
| <!-- Please refer to the [Authentication documentation](http://docs.feathersjs.com/authentication/readme.html) for more details. --> | ||
| - [Local Auth Tutorial](http://docs.feathersjs.com/authentication/local.html) - How to implement a username and password-based authentication. | ||
| - [Use Hooks for Authorization](http://docs.feathersjs.com/authorization/readme.html) - Learn about the bundled hooks. | ||
| ## API | ||
| This module contains: | ||
| ## Complete Example | ||
| 1. The main entry function | ||
| 2. An `authenticate` hook | ||
| 3. The authentication `service` | ||
| 4. Socket listeners | ||
| 5. Express middleware | ||
| 6. A [Passport](http://passportjs.org/) adapter | ||
| Here's an example of a Feathers server that uses `feathers-authentication` for local auth. It includes a `users` service that uses `feathers-mongoose`. *Note that it does NOT implement any authorization.* | ||
| ### Hooks | ||
| There is just 1 hook now called `authenticate`. This can be used to authenticate a service method with a given strategy. | ||
| ```js | ||
| import feathers from 'feathers'; | ||
| import hooks from 'feathers-hooks'; | ||
| import bodyParser from 'body-parser'; | ||
| import authentication from 'feathers-authentication'; | ||
| import { hooks as authHooks } from 'feathers-authentication'; | ||
| import mongoose from 'mongoose'; | ||
| import service from 'feathers-mongoose'; | ||
| const port = 3030; | ||
| const Schema = mongoose.Schema; | ||
| const UserSchema = new Schema({ | ||
| email: {type: String, required: true, unique: true}, | ||
| password: {type: String, required: true }, | ||
| createdAt: {type: Date, 'default': Date.now}, | ||
| updatedAt: {type: Date, 'default': Date.now} | ||
| app.service('authentication').hooks({ | ||
| before: { | ||
| create: [ | ||
| // You can chain multiple strategies | ||
| auth.hooks.authenticate(['jwt', 'local']), | ||
| ], | ||
| remove: [ | ||
| auth.hooks.authenticate('jwt') | ||
| ] | ||
| } | ||
| }); | ||
| let UserModel = mongoose.model('User', UserSchema); | ||
| ``` | ||
| mongoose.Promise = global.Promise; | ||
| mongoose.connect('mongodb://localhost:27017/feathers'); | ||
| let app = feathers() | ||
| .configure(feathers.rest()) | ||
| .configure(feathers.socketio()) | ||
| ### Express Middleware | ||
| Just like hooks there is an `authenticate` middleware. It is used the exact same way you would the regular passport express middleware. | ||
| ```js | ||
| app.post('/login', auth.express.authenticate('local', { successRedirect: '/app', failureRedirect: '/login' })); | ||
| ``` | ||
| The other middleware are included but typically you don't need to worry about them. | ||
| - `emitEvents` - emit `login` and `logout` events | ||
| - `exposeCookies` - expose cookies to Feathers so they are available to hooks and services | ||
| - `exposeHeaders` - expose headers to Feathers so they are available to hooks and services | ||
| - `failureRedirect` - support redirecting on auth failure. Only triggered if `hook.redirect` is set. | ||
| - `successRedirect` - support redirecting on auth success. Only triggered if `hook.redirect` is set. | ||
| - `setCookie` - support setting the JWT access token in a cookie. Only enabled if cookies are enabled. | ||
| ### Default Options | ||
| The following default options will be mixed in with your global `auth` object from your config file. It will set the mixed options back to to the app so that they are available at any time by `app.get('auth')`. They can all be overridden and are depended upon by some of the authentication plugins. | ||
| ```js | ||
| { | ||
| path: '/authentication', // the authentication service path | ||
| header: 'Authorization', // the header to use when using JWT auth | ||
| entity: 'user', // the entity that will be added to the request, socket, and hook.params. (ie. req.user, socket.user, hook.params.user) | ||
| service: 'users', // the service to look up the entity | ||
| passReqToCallback: true, // whether the request object should be passed to the strategies `verify` function | ||
| session: false, // whether to use sessions | ||
| cookie: { | ||
| enabled: false, // whether the cookie should be enabled | ||
| name: 'feathers-jwt', // the cookie name | ||
| httpOnly: false, // whether the cookie should not be available to client side JavaScript | ||
| secure: true // whether cookies should only be available over HTTPS | ||
| }, | ||
| jwt: { | ||
| header: { typ: 'access' }, // by default is an access token but can be any type | ||
| audience: 'https://yourdomain.com', // The resource server where the token is processed | ||
| subject: 'anonymous', // Typically the entity id associated with the JWT | ||
| issuer: 'feathers', // The issuing server, application or resource | ||
| algorithm: 'HS256', // the algorithm to use | ||
| expiresIn: '1d' // the access token expiry | ||
| } | ||
| } | ||
| ``` | ||
| ## Complementary Plugins | ||
| The following plugins are complementary but entirely optional: | ||
| - [feathers-authentication-client](https://github.com/feathersjs/feathers-authentication-client) | ||
| - [feathers-authentication-local](https://github.com/feathersjs/feathers-authentication-local) | ||
| - [feathers-authentication-jwt](https://github.com/feathersjs/feathers-authentication-jwt) | ||
| - [feathers-authentication-oauth1](https://github.com/feathersjs/feathers-authentication-oauth1) | ||
| - [feathers-authentication-oauth2](https://github.com/feathersjs/feathers-authentication-oauth2) | ||
| - [feathers-permissions](https://github.com/feathersjs/feathers-permissions) | ||
| ## Migrating to 1.0 | ||
| Refer to [the migration guide](./docs/migrating.md). | ||
| ## Complete Example | ||
| Here's an example of a Feathers server that uses `feathers-authentication` for local auth. | ||
| **Note:** This does NOT implement any authorization. Use [feathers-permissions](https://github.com/feathersjs/feathers-permissions) for that. | ||
| ```js | ||
| const feathers = require('feathers'); | ||
| const rest = require('feathers-rest'); | ||
| const socketio = require('feathers-socketio'); | ||
| const hooks = require('feathers-hooks'); | ||
| const memory = require('feathers-memory'); | ||
| const bodyParser = require('body-parser'); | ||
| const errors = require('feathers-errors'); | ||
| const errorHandler = require('feathers-errors/handler'); | ||
| const local = require('feathers-authentication-local'); | ||
| const jwt = require('feathers-authentication-jwt'); | ||
| const auth = require('feathers-authentication'); | ||
| const app = feathers(); | ||
| app.configure(rest()) | ||
| .configure(socketio()) | ||
| .configure(hooks()) | ||
| .use(bodyParser.json()) | ||
| .use(bodyParser.urlencoded({ extended: true })) | ||
| // Configure feathers-authentication | ||
| .configure(authentication()); | ||
| .configure(auth({ secret: 'supersecret' })) | ||
| .configure(local()) | ||
| .configure(jwt()) | ||
| .use('/users', memory()) | ||
| .use('/', feathers.static(__dirname + '/public')) | ||
| .use(errorHandler()); | ||
| app.use('/users', new service('user', {Model: UserModel})) | ||
| app.service('authentication').hooks({ | ||
| before: { | ||
| create: [ | ||
| // You can chain multiple strategies | ||
| auth.hooks.authenticate(['jwt', 'local']), | ||
| customizeJWTPayload() | ||
| ], | ||
| remove: [ | ||
| auth.hooks.authenticate('jwt') | ||
| ] | ||
| } | ||
| }); | ||
| let userService = app.service('users'); | ||
| userService.before({ | ||
| create: [authHooks.hashPassword('password')] | ||
| // Add a hook to the user service that automatically replaces | ||
| // the password with a hash of the password before saving it. | ||
| app.service('users').hooks({ | ||
| before: { | ||
| find: [ | ||
| auth.hooks.authenticate('jwt') | ||
| ], | ||
| create: [ | ||
| local.hooks.hashPassword({ passwordField: 'password' }) | ||
| ] | ||
| } | ||
| }); | ||
| let server = app.listen(port); | ||
| let server = app.listen(3030); | ||
| server.on('listening', function() { | ||
@@ -83,3 +189,3 @@ console.log(`Feathers application started on localhost:${port}`); | ||
| import localstorage from 'feathers-localstorage'; | ||
| import authentication from 'feathers-authentication/client'; | ||
| import authentication from 'feathers-authentication-client'; | ||
@@ -93,3 +199,3 @@ const socket = io('http://localhost:3030/'); | ||
| app.authenticate({ | ||
| type: 'local', | ||
| strategy: 'local', | ||
| 'email': 'admin@feathersjs.com', | ||
@@ -96,0 +202,0 @@ 'password': 'admin' |
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Fixed alerts
Major refactor
Supply chain riskPackage has recently undergone a major refactor. It may be unstable or indicate significant internal changes. Use caution when updating to versions that include significant changes.
Found 1 instance in 1 package
Improved metrics
- Number of lines in readme file
- increased by100%
212
- Number of medium supply chain risk alerts
- decreased by-100%
0
Worsened metrics
- Total package byte prevSize
- decreased by-86.21%
244685
- Dev dependency count
- increased by3.57%
29
- Number of package files
- decreased by-86%
35
- Lines of code
- decreased by-48.59%
1058
No dependency changes