fix: Improve error message when authentication strategy is not allowed (

#1600)
feathersjs · Oct 3, 2019 · 317a312 · 317a312
1 parent 9b0ed6c
commit 317a312
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 3 deletions.
diff --git a/packages/authentication/src/core.ts b/packages/authentication/src/core.ts
@@ -211,12 +211,16 @@ export class AuthenticationBase {
   async authenticate (authentication: AuthenticationRequest, params: Params, ...allowed: string[]) {
     const { strategy } = authentication || ({} as AuthenticationRequest);
     const [ authStrategy ] = this.getStrategies(strategy);
+    const strategyAllowed = allowed.includes(strategy);
 
     debug('Running authenticate for strategy', strategy, allowed);
 
-    if (!authentication || !authStrategy || !allowed.includes(strategy)) {
+    if (!authentication || !authStrategy || !strategyAllowed) {
+      const additionalInfo = (!strategy && ' (no `strategy` set)') ||
+        (!strategyAllowed && ' (strategy not allowed in authStrategies)') || '';
+
       // If there are no valid strategies or `authentication` is not an object
-      throw new NotAuthenticated(`Invalid authentication information` + (!strategy ? ' (no `strategy` set)' : ''));
+      throw new NotAuthenticated('Invalid authentication information' + additionalInfo);
     }
 
     return authStrategy.authenticate(authentication, {

diff --git a/packages/authentication/test/core.test.ts b/packages/authentication/test/core.test.ts
@@ -190,7 +190,7 @@ describe('authentication/core', () => {
           assert.fail('Should never get here');
         } catch (error) {
           assert.strictEqual(error.name, 'NotAuthenticated');
-          assert.strictEqual(error.message, 'Invalid authentication information');
+          assert.strictEqual(error.message, 'Invalid authentication information (strategy not allowed in authStrategies)');
         }
       });