Auth views. Closes hapijs#2234

Eran Hammer · Eran Hammer · commit 30df1bc5a373 · 2014-12-03T00:15:34.000-08:00
diff --git a/lib/auth.js b/lib/auth.js
@@ -43,14 +43,20 @@ internals.Auth.prototype.strategy = function (name, scheme /*, mode, options */)
     Hoek.assert(scheme, 'Authentication strategy', name, 'missing scheme');
     Hoek.assert(this._schemes[scheme], 'Authentication strategy', name, 'uses unknown scheme:', scheme);
 
-    var strategy = this._schemes[scheme](this.connection.server._clone([this.connection]), options);
+    var server = this.connection.server._clone([this.connection], '');
+    var strategy = this._schemes[scheme](server, options);
+
     Hoek.assert(strategy.authenticate, 'Invalid scheme:', name, 'missing authenticate() method');
     Hoek.assert(typeof strategy.authenticate === 'function', 'Invalid scheme:', name, 'invalid authenticate() method');
     Hoek.assert(!strategy.payload || typeof strategy.payload === 'function', 'Invalid scheme:', name, 'invalid payload() method');
     Hoek.assert(!strategy.response || typeof strategy.response === 'function', 'Invalid scheme:', name, 'invalid response() method');
     strategy.options = strategy.options || {};
     Hoek.assert(strategy.payload || !strategy.options.payload, 'Cannot require payload validation without a payload method');
-    this._strategies[name] = strategy;
+
+    this._strategies[name] = {
+        methods: strategy,
+        realm: server.realm
+    };
 
     if (mode) {
         this.default({ strategies: [name], mode: mode === true ? 'required' : mode });
@@ -93,8 +99,8 @@ internals.Auth.prototype.test = function (name, request, next) {
         return next(response, data && data.credentials);
     };
 
-    var reply = request.server._replier.interface(request, null, transfer);
-    strategy.authenticate(request, reply);
+    var reply = request.server._replier.interface(request, strategy.realm, transfer);
+    strategy.methods.authenticate(request, reply);
 };
 
 
@@ -131,9 +137,9 @@ internals.Auth.prototype._setupRoute = function (options, path) {
 
         var strategy = self._strategies[name];
         Hoek.assert(strategy, 'Unknown authentication strategy:', name, 'in path:', path);
-        Hoek.assert(strategy.payload || options.payload !== 'required', 'Payload validation can only be required when all strategies support it in path:', path);
-        hasAuthenticatePayload = hasAuthenticatePayload || strategy.payload;
-        Hoek.assert(!strategy.options.payload || options.payload === undefined || options.payload === 'required', 'Cannot set authentication payload to', options.payload, 'when a strategy requires payload validation', path);
+        Hoek.assert(strategy.methods.payload || options.payload !== 'required', 'Payload validation can only be required when all strategies support it in path:', path);
+        hasAuthenticatePayload = hasAuthenticatePayload || strategy.methods.payload;
+        Hoek.assert(!strategy.methods.options.payload || options.payload === undefined || options.payload === 'required', 'Cannot set authentication payload to', options.payload, 'when a strategy requires payload validation', path);
     });
 
     Hoek.assert(!options.payload || hasAuthenticatePayload, 'Payload authentication requires at least one strategy with payload support in path:', path);
@@ -193,24 +199,25 @@ internals.Auth.prototype._authenticate = function (request, next) {
             return next(err);
         }
 
-        var strategy = config.strategies[strategyPos];
+        var name = config.strategies[strategyPos];
         ++strategyPos;
 
-        request._protect.run('auth:request:' + strategy, validate, function (exit) {
+        request._protect.run('auth:request:' + name, validate, function (exit) {
 
             var transfer = function (response, data) {
 
-                exit(response, strategy, data);
+                exit(response, name, data);
             };
 
-            var reply = request.server._replier.interface(request, null, transfer);
-            self._strategies[strategy].authenticate(request, reply);
+            var strategy = self._strategies[name];
+            var reply = request.server._replier.interface(request, strategy.realm, transfer);
+            strategy.methods.authenticate(request, reply);
         });
     };
 
-    var validate = function (err, strategy, result) {           // err can be Boom, Error, or a valid response object
+    var validate = function (err, name, result) {           // err can be Boom, Error, or a valid response object
 
-        if (!strategy) {
+        if (!name) {
             return next(err);
         }
 
@@ -226,27 +233,27 @@ internals.Auth.prototype._authenticate = function (request, next) {
 
         if (err) {
             if (err instanceof Error === false) {
-                request._log(['auth', 'unauthenticated', 'response', strategy], err.statusCode);
+                request._log(['auth', 'unauthenticated', 'response', name], err.statusCode);
                 return next(err);
             }
 
-            request._log(['auth', 'unauthenticated', 'error', strategy], err);
+            request._log(['auth', 'unauthenticated', 'error', name], err);
 
             if (err.isMissing) {
 
-                // Try next strategy
+                // Try next name
 
                 authErrors.push(err.output.headers['WWW-Authenticate']);
                 return authenticate();
             }
 
             if (config.mode === 'try') {
                 request.auth.isAuthenticated = false;
-                request.auth.strategy = strategy;
+                request.auth.strategy = name;
                 request.auth.credentials = result.credentials;
                 request.auth.artifacts = result.artifacts;
                 request.auth.error = err;
-                request._log(['auth', 'unauthenticated', 'try', strategy], err);
+                request._log(['auth', 'unauthenticated', 'try', name], err);
                 return next();
             }
 
@@ -256,7 +263,7 @@ internals.Auth.prototype._authenticate = function (request, next) {
         // Authenticated
 
         var credentials = result.credentials;
-        request.auth.strategy = strategy;
+        request.auth.strategy = name;
         request.auth.credentials = credentials;
         request.auth.artifacts = result.artifacts;
 
@@ -268,7 +275,7 @@ internals.Auth.prototype._authenticate = function (request, next) {
                     (typeof credentials.scope === 'string' ? config.scope !== credentials.scope : credentials.scope.indexOf(config.scope) === -1) :
                     (typeof credentials.scope === 'string' ? config.scope.indexOf(credentials.scope) === -1 : !Hoek.intersect(config.scope, credentials.scope).length))) {
 
-                request._log(['auth', 'scope', 'error', strategy], { got: credentials.scope, need: config.scope });
+                request._log(['auth', 'scope', 'error', name], { got: credentials.scope, need: config.scope });
                 return next(Boom.forbidden('Insufficient scope, expected any of: ' + config.scope));
             }
         }
@@ -280,7 +287,7 @@ internals.Auth.prototype._authenticate = function (request, next) {
         // Entity: 'any'
 
         if (entity === 'any') {
-            request._log(['auth', strategy]);
+            request._log(['auth', name]);
             request.auth.isAuthenticated = true;
             return next();
         }
@@ -289,23 +296,23 @@ internals.Auth.prototype._authenticate = function (request, next) {
 
         if (entity === 'user') {
             if (!credentials.user) {
-                request._log(['auth', 'entity', 'user', 'error', strategy]);
+                request._log(['auth', 'entity', 'user', 'error', name]);
                 return next(Boom.forbidden('Application credentials cannot be used on a user endpoint'));
             }
 
-            request._log(['auth', strategy]);
+            request._log(['auth', name]);
             request.auth.isAuthenticated = true;
             return next();
         }
 
         // Entity: 'app'
 
         if (credentials.user) {
-            request._log(['auth', 'entity', 'app', 'error', strategy]);
+            request._log(['auth', 'entity', 'app', 'error', name]);
             return next(Boom.forbidden('User credentials cannot be used on an application endpoint'));
         }
 
-        request._log(['auth', strategy]);
+        request._log(['auth', name]);
         request.auth.isAuthenticated = true;
         return next();
     };
@@ -333,12 +340,12 @@ internals.Auth.payload = function (request, next) {
     var auth = request.connection.auth;
     var strategy = auth._strategies[request.auth.strategy];
 
-    if (!strategy.payload) {
+    if (!strategy.methods.payload) {
         return next();
     }
 
     var config = auth._routeConfig(request);
-    var setting = config.payload || (strategy.options.payload ? 'required' : false);
+    var setting = config.payload || (strategy.methods.options.payload ? 'required' : false);
     if (!setting) {
         return next();
     }
@@ -357,8 +364,8 @@ internals.Auth.payload = function (request, next) {
 
     request._protect.run('auth:payload:' + request.auth.strategy, finalize, function (exit) {
 
-        var reply = request.server._replier.interface(request, null, exit);
-        strategy.payload(request, reply);
+        var reply = request.server._replier.interface(request, strategy.realm, exit);
+        strategy.methods.payload(request, reply);
     });
 };
 
@@ -375,13 +382,13 @@ internals.Auth.response = function (request, next) {
     }
 
     var strategy = auth._strategies[request.auth.strategy];
-    if (!strategy.response) {
+    if (!strategy.methods.response) {
         return next();
     }
 
     request._protect.run('auth:response:' + request.auth.strategy, next, function (exit) {
 
-        var reply = request.server._replier.interface(request, null, exit);
-        strategy.response(request, reply);
+        var reply = request.server._replier.interface(request, strategy.realm, exit);
+        strategy.methods.response(request, reply);
     });
 };
diff --git a/lib/plugin.js b/lib/plugin.js
@@ -132,13 +132,15 @@ internals.Plugin.prototype._select = function (labels, plugin, options) {
         }
     }
 
-    return new internals.Plugin(this.root, connections, plugin || this.realm, options);
+    var env = (plugin !== undefined ? plugin : this.realm);                     // Allow empty string
+    return new internals.Plugin(this.root, connections, env, options);
 };
 
 
-internals.Plugin.prototype._clone = function (connections) {
+internals.Plugin.prototype._clone = function (connections, plugin) {
 
-    return new internals.Plugin(this.root, connections, this.realm);
+    var env = (plugin !== undefined ? plugin : this.realm);                     // Allow empty string
+    return new internals.Plugin(this.root, connections, env);
 };
 
 
diff --git a/test/auth.js b/test/auth.js
@@ -1,7 +1,9 @@
 // Load modules
 
+var Path = require('path');
 var Boom = require('boom');
 var Code = require('code');
+var Handlebars = require('handlebars');
 var Hapi = require('..');
 var Hoek = require('hoek');
 var Lab = require('lab');
@@ -104,6 +106,56 @@ describe('authentication', function () {
                 });
             });
         });
+
+        it('uses views', function (done) {
+
+            var implementation = function (server, options) {
+
+                server.views({
+                    engines: { 'html': Handlebars },
+                    relativeTo: Path.join(__dirname, '/templates/plugin')
+                });
+
+                var handler = function (request, reply) {
+
+                    return reply.view('test', { message: 'steve' });
+                };
+
+                server.route({ method: 'GET', path: '/view', handler: handler, config: { auth: false } });
+
+                return {
+                    authenticate: function (request, reply) {
+
+                        return reply.view('test', { message: 'xyz' });
+                    }
+                };
+            };
+
+            var server = new Hapi.Server();
+            server.connection();
+
+            server.views({
+                engines: { 'html': Handlebars },
+                relativeTo: Path.join(__dirname, '/no/such/directory')
+            });
+
+            server.auth.scheme('custom', implementation);
+            server.auth.strategy('default', 'custom', true);
+
+            server.route({ method: 'GET', path: '/', handler: function (request, reply) { return reply(); } });
+
+            server.inject('/view', function (res) {
+
+                expect(res.result).to.equal('<h1>steve</h1>');
+
+                server.inject('/', function (res) {
+
+                    expect(res.statusCode).to.equal(200);
+                    expect(res.result).to.equal('<h1>xyz</h1>');
+                    done();
+                });
+            });
+        });
     });
 
     describe('default()', function () {
@@ -677,7 +729,7 @@ describe('authentication', function () {
             var server = new Hapi.Server();
             server.connection();
             server.auth.scheme('custom', internals.implementation);
-            server.auth.strategy('default', 'custom', { users: { steve: { } } });
+            server.auth.strategy('default', 'custom', { users: { steve: {} } });
             server.auth.default({
                 strategy: 'default',
                 scope: 'one'

Original file line number	Diff line number	Diff line change
`@@ -132,13 +132,15 @@ internals.Plugin.prototype._select = function (labels, plugin, options) {`
`132`	`132`	`}`
`133`	`133`	`}`
`134`	`134`
`135`		`- return new internals.Plugin(this.root, connections, plugin \|\| this.realm, options);`
	`135`	`+ var env = (plugin !== undefined ? plugin : this.realm); // Allow empty string`
	`136`	`+ return new internals.Plugin(this.root, connections, env, options);`
`136`	`137`	`};`
`137`	`138`
`138`	`139`
`139`		`-internals.Plugin.prototype._clone = function (connections) {`
	`140`	`+internals.Plugin.prototype._clone = function (connections, plugin) {`
`140`	`141`
`141`		`- return new internals.Plugin(this.root, connections, this.realm);`
	`142`	`+ var env = (plugin !== undefined ? plugin : this.realm); // Allow empty string`
	`143`	`+ return new internals.Plugin(this.root, connections, env);`
`142`	`144`	`};`
`143`	`145`
`144`	`146`