Skip to content

Commit 75a8e6d

Browse files
annevelinganneveling
committed
Pass on artifacts in injected auth filter bypassing too
1 parent b6b51f1 commit 75a8e6d

File tree

2 files changed

+34
-1
lines changed

2 files changed

+34
-1
lines changed

lib/auth.js

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -320,7 +320,7 @@ internals.Auth.prototype._authenticate = function (request, next) {
320320
// Injection bypass
321321

322322
if (request.auth.credentials) {
323-
return validate(null, 'bypass', { credentials: request.auth.credentials });
323+
return validate(null, 'bypass', { credentials: request.auth.credentials, artifacts: request.auth.artifacts });
324324
}
325325

326326
// Authenticate

test/auth.js

Lines changed: 33 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -881,6 +881,39 @@ describe('authentication', function () {
881881
done();
882882
});
883883
});
884+
885+
it('passes the options.artifacts object, even with an auth filter', function (done) {
886+
887+
var server = new Hapi.Server();
888+
server.connection();
889+
server.auth.scheme('custom', internals.implementation);
890+
server.auth.strategy('default', 'custom', true, { users: { steve: {} } });
891+
server.route({
892+
method: 'GET',
893+
path: '/',
894+
config: {
895+
handler: function (request, reply) { return reply(request.auth.artifacts); },
896+
auth: 'default'
897+
}
898+
});
899+
900+
var options = {
901+
url: '/',
902+
headers: { authorization: 'Custom steve' },
903+
credentials: { foo: 'bar' },
904+
artifacts: { bar: 'baz' }
905+
};
906+
907+
server.inject(options, function (res) {
908+
expect(res.statusCode).to.equal(200);
909+
expect(res.result.bar).to.equal('baz');
910+
done();
911+
});
912+
913+
914+
915+
});
916+
884917
});
885918

886919
describe('payload()', function () {

0 commit comments

Comments
 (0)