sails-generate-auth - npm Package Compare versions

sails-generate-auth

Package Overview

Dependencies

Maintainers

Advanced tools

Install Socket

Detect and block malicious and high-risk dependencies

Install

Comparing version 0.2.0 to 0.3.0

templates/api/policies/bearerAuth.js

templates/api/services/protocols/bearer.js

templates/api/services/protocols/cas.js

lib/index.js

		@@ -35,2 +35,5 @@ /**

		// Bearer Authentication Policy
		'./api/policies/bearerAuth.js': { template: 'api/policies/bearerAuth.js' },

		// Passport wrapper
		@@ -46,2 +49,4 @@ './api/services/passport.js': { template: 'api/services/passport.js' },
		'./api/services/protocols/openid.js': { template: 'api/services/protocols/openid.js' },
		'./api/services/protocols/bearer.js': { template: 'api/services/protocols/bearer.js' },
		'./api/services/protocols/cas.js': { template: 'api/services/protocols/cas.js' },

		@@ -48,0 +53,0 @@ // Passport configuration

LICENSE.md

		## The MIT License (MIT)

		Copyright © 2014 [Kasper Kronborg Isager](https://github.com/kasperisager)
		Copyright © 2014-2015 [Kasper Kronborg Isager](https://github.com/kasperisager)

		@@ -5,0 +5,0 @@ Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the “Software”), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:

package.json

		{
		"name": "sails-generate-auth",
		"version": "0.2.0",
		"version": "0.3.0",
		"description": "Generate a Passport.js authentication layer for your Sails app that will Rock Your Socks™.",
		@@ -5,0 +5,0 @@ "author": "Kasper Isager <kasperisager@gmail.com>",

README.md

		@@ -70,5 +70,5 @@ ![image_squidhome@2x.png](http://i.imgur.com/RIvu9.png)

		The only requirements, besides running the generator and adding some providers in `config/passport.js`, is having a set of routes that exposes the authentication endpoints. You'll also need to load the Passport.js middleware for all your controllers and install the required npm packages. Lastly, you need to add a line to `config/bootstrap.js` to load your Passport providers on startup.
		The only requirements, besides running the generator and adding some providers in `config/passport.js`, is having a set of routes that exposes the authentication endpoints. You'll also need to load the Passport.js middleware for all your controllers and install the required npm packages. Lastly, you need to add a line to `config/bootstrap.js` to load your Passport providers on startup.

		For the routes, this is what you'll need to add to your `config/routes.json` file:
		For the routes, this is what you'll need to add to your `config/routes.js` file:

		@@ -97,3 +97,3 @@ ```javascript
		```javascript
		'*': [ 'passport' ]
		'': [ 'passport', / your auth dependant policies go here */ ]
		```
		@@ -121,2 +121,16 @@

		sails-generate-auth, by default doesn't deny access to controllers if the user is not logged in. For that, you can create another policy (for example: `sessionAuth`) in `api/policies/` and add it to `config/policies` as follows:

		``` javascript
		'*': ['passport', 'sessionAuth'],

		'auth': {
		'*': ['passport']
		}
		```

		This helps to restrict access to all the controller except auth controller actions such as login, logout and register, if the user is not logged in. See this [issue](https://github.com/kasperisager/sails-generate-auth/issues/112) and [stackoverflow answer](http://stackoverflow.com/questions/27168229/passport-authentication-not-working-in-sails-js-application/27182970#27182970) for more details.

		For controller actions which are accessed via APIs, you can add `bearerAuth` (available in `api/policies`). This policy ensures that the API is secure and only requests containing a bearer token can access them.

		### Questions?
		@@ -137,2 +151,2 @@

		Copyright 2014 © [Kasper Kronborg Isager](http://kasperisager.github.io). Licensed under the terms of the [MIT License](LICENSE.md)
		Copyright © 2014-2015 [Kasper Kronborg Isager](https://github.com/kasperisager). Licensed under the terms of the [MIT license](LICENSE.md).

templates/api/controllers/AuthController.js

		@@ -72,2 +72,6 @@ /**
		req.logout();

		// mark the user as logged out for auth purposes
		req.session.authenticated = false;

		res.redirect('/');
		@@ -155,5 +159,5 @@ },

		passport.callback(req, res, function (err, user) {
		if (err) {
		return tryAgain();
		passport.callback(req, res, function (err, user, challenges, statuses) {
		if (err \|\| !user) {
		return tryAgain(challenges);
		}
		@@ -163,7 +167,10 @@
		if (err) {
		return tryAgain();
		return tryAgain(err);
		}


		// Mark the session as authenticated to work with default Sails sessionAuth.js policy
		req.session.authenticated = true

		// Upon successful login, send the user to the homepage were req.user
		// will available.
		// will be available.
		res.redirect('/');
		@@ -170,0 +177,0 @@ });

templates/api/models/Passport.js

		@@ -44,7 +44,11 @@ var bcrypt = require('bcryptjs');

		// Local field: Password
		// Local fields: Password, Access Token
		//
		// When the local strategy is employed, a password will be used as the
		// means of authentication along with either a username or an email.
		password: { type: 'string', minLength: 8 },
		//
		// accessToken is used to authenticate API requests. it is generated when a
		// passport (with protocol 'local') is created for a user.
		password : { type: 'string', minLength: 8 },
		accessToken : { type: 'string' },

		@@ -51,0 +55,0 @@ // Provider fields: Provider, identifer and tokens

templates/api/services/passport.js

		@@ -0,1 +1,2 @@

		var path = require('path')
		@@ -38,7 +39,7 @@ , url = require('url')
		*
		* 1. Given a provider and an identifier, find a mathcing Passport.
		* 1. Given a provider and an identifier, find a matching Passport.
		* 2. From here, the logic branches into two paths.
		*
		* - A user is not currently logged in:
		* 1. If a Passport wassn't found, create a new user as well as a new
		* 1. If a Passport wasn't found, create a new user as well as a new
		* Passport that will be assigned to the user.
		@@ -290,2 +291,5 @@ * 2. If a Passport was found, get the user associated with the passport.

		//Let users override the username and passwordField from the options
		_.extend(options, strategies[key].options \|\| {});

		// Only load the local strategy if it's enabled in the config
		@@ -297,2 +301,9 @@ if (strategies.local) {
		}
		} else if (key === 'bearer') {

		if (strategies.bearer) {
		Strategy = strategies[key].strategy;
		self.use(new Strategy(self.protocols.bearer.authorize));
		}

		} else {
		@@ -303,3 +314,3 @@ var protocol = strategies[key].protocol
		if (!callback) {
		callback = path.join('auth', key, 'callback');
		callback = 'auth/' + key + '/callback';
		}
		@@ -306,0 +317,0 @@

templates/api/services/protocols/index.js

		@@ -19,2 +19,4 @@ /**
		, openid : require('./openid')
		, bearer : require('./bearer')
		, cas : require('./cas')
		};

templates/api/services/protocols/local.js

		var validator = require('validator');
		var crypto = require('crypto');

		@@ -61,6 +62,10 @@ /**

		// Generating accessToken for API authentication
		var token = crypto.randomBytes(48).toString('base64');

		Passport.create({
		protocol : 'local'
		, password : password
		, user : user.id
		protocol : 'local'
		, password : password
		, user : user.id
		, accessToken : token
		}, function (err, passport) {
		@@ -67,0 +72,0 @@ if (err) {

templates/config/passport.js

		/**
		* Passport configuration
		*
		* This if the configuration for your Passport.js setup and it where you'd
		* This is the configuration for your Passport.js setup and where you
		* define the authentication strategies you want your application to employ.
		@@ -22,2 +22,6 @@ *

		bearer: {
		strategy: require('passport-http-bearer').Strategy
		},

		twitter: {
		@@ -49,3 +53,4 @@ name: 'Twitter',
		clientID: 'your-client-id',
		clientSecret: 'your-client-secret'
		clientSecret: 'your-client-secret',
		scope: ['email'] /* email is necessary for login behavior */
		}
		@@ -62,3 +67,14 @@ },
		}
		},

		cas: {
		name: 'CAS',
		protocol: 'cas',
		strategy: require('passport-cas').Strategy,
		options: {
		ssoBaseURL: 'http://your-cas-url',
		serverBaseURL: 'http://localhost:1337',
		serviceURL: 'http://localhost:1337/auth/cas/callback'
		}
		}
		};

templates/views/auth/login.ejs

Sorry, the diff of this file is not supported yet

Improved metrics