Skip to content

Commit

Permalink
Adjust #1103
Browse files Browse the repository at this point in the history
  • Loading branch information
Eran Hammer committed Oct 28, 2013
1 parent 1c30cba commit e2bc8f2
Show file tree
Hide file tree
Showing 3 changed files with 42 additions and 37 deletions.
5 changes: 2 additions & 3 deletions docs/Reference.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -526,9 +526,8 @@ The following options are available when adding a route:
`hash` attribute in Hawk).
- `tos` - minimum terms-of-service version required (uses the [semver](https://npmjs.org/package/semver) module). If defined, the
authentication credentials object must include a `tos` key which satisfies this requirement. Defaults to `false` which means no validation.
- `scope` - required application scope. A string which must be included in the authentication credentials object in `scope` which is
a string array. Can also be specified as an array of strings, in which case at least one of the strings must exist in the authentication
credentials object `scope` property. Defaults to no scope required.
- `scope` - the application scope required to access the route. Value can be a scope string or an array of scope strings. The authenticated
credentials object `scope` property must contain at least one of the scopes defined to access the route. Defaults to no scope required.
- `entity` - the required authenticated entity type. If set, must match the `entity` value of the authentication credentials. Available
values:
- `any` - the authentication can be on behalf of a user or application. This is the default value.
Expand Down
15 changes: 4 additions & 11 deletions lib/auth/index.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -257,18 +257,11 @@ internals.Auth.prototype.authenticate = function (request, next) {
// Check scope

if (config.scope) {
if (!credentials || // Missing credentials
!credentials.scope || // Credentials missing scope
(typeof config.scope === 'string' && credentials.scope.indexOf(config.scope) === -1) || // String scope isn't in credentials
!Utils.intersect(config.scope, credentials.scope).length) { // Array scope doesn't intersect credentials

var failed = (!credentials || !credentials.scope);

if (!failed) {
if (Array.isArray(config.scope)) {
failed = Utils.intersect(config.scope, credentials.scope).length === 0;
} else {
failed = credentials.scope.indexOf(config.scope) === -1;
}
}

if (failed) {
request.log(['hapi', 'auth', 'scope', 'error'], { got: credentials && credentials.scope, need: config.scope });
return next(Boom.forbidden('Insufficient scope - ' + config.scope + ' expected'));
}
Expand Down
59 changes: 36 additions & 23 deletions test/integration/auth.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -48,7 +48,7 @@ describe('Auth', function () {
if (username === 'john') {
return callback(null, password === '12345', {
user: 'john',
scope: [],
scope: ['a'],
tos: '1.0.0'
});
}
Expand Down Expand Up @@ -92,6 +92,7 @@ describe('Auth', function () {
{ method: 'POST', path: '/basicOptional', handler: basicHandler, config: { auth: { mode: 'optional' } } },
{ method: 'POST', path: '/basicScope', handler: basicHandler, config: { auth: { scope: 'x' } } },
{ method: 'POST', path: '/basicArrayScope', handler: basicHandler, config: { auth: { scope: ['x', 'y'] } } },
{ method: 'POST', path: '/basicArrayScopeA', handler: basicHandler, config: { auth: { scope: ['x', 'y', 'a'] } } },
{ method: 'POST', path: '/basicTos', handler: basicHandler, config: { auth: { tos: '1.1.x' } } },
{ method: 'POST', path: '/double', handler: doubleHandler }
]);
Expand Down Expand Up @@ -137,7 +138,7 @@ describe('Auth', function () {

server.inject(request, function (res) {

expect(res.result.code).to.equal(401);
expect(res.statusCode).to.equal(401);
done();
});
});
Expand All @@ -149,7 +150,7 @@ describe('Auth', function () {
server.inject(request, function (res) {

expect(res.result).to.exist;
expect(res.result.code).to.equal(400);
expect(res.statusCode).to.equal(400);
expect(res.result.isMissing).to.equal(undefined);
done();
});
Expand All @@ -162,7 +163,7 @@ describe('Auth', function () {
server.inject(request, function (res) {

expect(res.result).to.exist;
expect(res.result.code).to.equal(400);
expect(res.statusCode).to.equal(400);
expect(res.result.isMissing).to.equal(undefined);
done();
});
Expand All @@ -175,7 +176,7 @@ describe('Auth', function () {
server.inject(request, function (res) {

expect(res.result).to.exist;
expect(res.result.code).to.equal(400);
expect(res.statusCode).to.equal(400);
expect(res.result.isMissing).to.equal(undefined);
done();
});
Expand All @@ -188,7 +189,7 @@ describe('Auth', function () {
server.inject(request, function (res) {

expect(res.result).to.exist;
expect(res.result.code).to.equal(400);
expect(res.statusCode).to.equal(400);
done();
});
});
Expand All @@ -200,7 +201,7 @@ describe('Auth', function () {
server.inject(request, function (res) {

expect(res.result).to.exist;
expect(res.result.code).to.equal(401);
expect(res.statusCode).to.equal(401);
done();
});
});
Expand All @@ -212,7 +213,7 @@ describe('Auth', function () {
server.inject(request, function (res) {

expect(res.result).to.exist;
expect(res.result.code).to.equal(500);
expect(res.statusCode).to.equal(500);
done();
});
});
Expand All @@ -224,7 +225,7 @@ describe('Auth', function () {
server.inject(request, function (res) {

expect(res.result).to.exist;
expect(res.result.code).to.equal(500);
expect(res.statusCode).to.equal(500);
done();
});
});
Expand All @@ -236,7 +237,7 @@ describe('Auth', function () {
server.inject(request, function (res) {

expect(res.result).to.exist;
expect(res.result.code).to.equal(403);
expect(res.statusCode).to.equal(403);
done();
});
});
Expand All @@ -248,7 +249,7 @@ describe('Auth', function () {
server.inject(request, function (res) {

expect(res.result).to.exist;
expect(res.result.code).to.equal(403);
expect(res.statusCode).to.equal(403);
done();
});
});
Expand All @@ -260,7 +261,19 @@ describe('Auth', function () {
server.inject(request, function (res) {

expect(res.result).to.exist;
expect(res.result.code).to.equal(403);
expect(res.statusCode).to.equal(403);
done();
});
});

it('authenticates scope specified as an array', function (done) {

var request = { method: 'POST', url: '/basicArrayScopeA', headers: { authorization: basicHeader('john', '12345') } };

server.inject(request, function (res) {

expect(res.result).to.exist;
expect(res.statusCode).to.equal(200);
done();
});
});
Expand Down Expand Up @@ -620,7 +633,7 @@ describe('Auth', function () {
server.inject(request, function (res) {

expect(res.result).to.exist;
expect(res.result.code).to.equal(401);
expect(res.statusCode).to.equal(401);
done();
});
});
Expand All @@ -632,7 +645,7 @@ describe('Auth', function () {
server.inject(request, function (res) {

expect(res.result).to.exist;
expect(res.result.code).to.equal(401);
expect(res.statusCode).to.equal(401);
done();
});
});
Expand All @@ -644,7 +657,7 @@ describe('Auth', function () {
server.inject(request, function (res) {

expect(res.result).to.exist;
expect(res.result.code).to.equal(401);
expect(res.statusCode).to.equal(401);
done();
});
});
Expand All @@ -655,7 +668,7 @@ describe('Auth', function () {

server.inject(request, function (res) {

expect(res.result.code).to.equal(403);
expect(res.statusCode).to.equal(403);
done();
});
});
Expand All @@ -666,7 +679,7 @@ describe('Auth', function () {

server.inject(request, function (res) {

expect(res.result.code).to.equal(403);
expect(res.statusCode).to.equal(403);
done();
});
});
Expand Down Expand Up @@ -936,7 +949,7 @@ describe('Auth', function () {
var bewit = getBewit('john', '/abc');
server.inject('http://example.com:8080/bewitOptional?bewit=' + bewit, function (res) {

expect(res.result.code).to.equal(401);
expect(res.statusCode).to.equal(401);
done();
});
});
Expand All @@ -946,7 +959,7 @@ describe('Auth', function () {
var bewit = getBewit('john', '/abc');
server.inject('http://example.com:8080/bewit?bewit=' + bewit, function (res) {

expect(res.result.code).to.equal(401);
expect(res.statusCode).to.equal(401);
done();
});
});
Expand All @@ -955,7 +968,7 @@ describe('Auth', function () {

server.inject('http://example.com:8080/bewit?bewit=junk', function (res) {

expect(res.result.code).to.equal(400);
expect(res.statusCode).to.equal(400);
done();
});
});
Expand All @@ -965,7 +978,7 @@ describe('Auth', function () {
var bewit = getBewit('john', '/bewitTos');
server.inject('http://example.com:8080/bewitTos?bewit=' + bewit, function (res) {

expect(res.result.code).to.equal(403);
expect(res.statusCode).to.equal(403);
done();
});
});
Expand All @@ -975,7 +988,7 @@ describe('Auth', function () {
var bewit = getBewit('john', '/bewitScope');
server.inject('http://example.com:8080/bewitScope?bewit=' + bewit, function (res) {

expect(res.result.code).to.equal(403);
expect(res.statusCode).to.equal(403);
done();
});
});
Expand Down Expand Up @@ -1238,7 +1251,7 @@ describe('Auth', function () {

server.inject(request, function (res) {

expect(res.result.code).to.equal(401);
expect(res.statusCode).to.equal(401);
expect(res.result.message).to.equal('Bad mac');
done();
});
Expand Down

0 comments on commit e2bc8f2

Please sign in to comment.