@adonisjs/auth 9.0.0-0 → 9.0.0-1

package/build/configure.js

@@ -38,4 +38,18 @@ export async function configure(command) {
     await codemods.updateRcFile((rcFile) => {
         rcFile.addProvider('@adonisjs/auth/auth_provider');
     });
+    /**
+     * Register middleware
+     */
+    await codemods.registerMiddleware('router', [
+        {
+            path: '@adonisjs/auth/initialize_auth_middleware',
+        },
+    ]);
+    await codemods.registerMiddleware('named', [
+        {
+            name: 'auth',
+            path: '@adonisjs/auth/auth_middleware',
+        },
+    ]);
 }

package/build/src/auth/auth_manager.d.ts

@@ -7,6 +7,10 @@ import { Authenticator } from './authenticator.js';
  */
 export declare class AuthManager<KnownGuards extends Record<string, GuardFactory>> {
     #private;
+    /**
+     * Name of the default guard
+     */
+    get defaultGuard(): keyof KnownGuards;
     constructor(config: {
         default: keyof KnownGuards;
         guards: KnownGuards;

package/build/src/auth/auth_manager.js

@@ -16,6 +16,12 @@ export class AuthManager {
      * Registered guards
      */
     #config;
+    /**
+     * Name of the default guard
+     */
+    get defaultGuard() {
+        return this.#config.default;
+    }
     constructor(config) {
         this.#config = config;
     }

package/build/src/auth/authenticator.d.ts

@@ -6,6 +6,31 @@ import type { GuardFactory } from './types.js';
  */
 export declare class Authenticator<KnownGuards extends Record<string, GuardFactory>> {
     #private;
+    /**
+     * Name of the default guard
+     */
+    get defaultGuard(): keyof KnownGuards;
+    /**
+     * Reference to the guard using which the current
+     * request has been authenticated.
+     */
+    get authenticatedViaGuard(): keyof KnownGuards | undefined;
+    /**
+     * A boolean to know if the current request has
+     * been authenticated
+     */
+    get isAuthenticated(): boolean;
+    /**
+     * Reference to the currently authenticated user
+     */
+    get user(): {
+        [K in keyof KnownGuards]: ReturnType<KnownGuards[K]>['user'];
+    }[keyof KnownGuards];
+    /**
+     * Whether or not the authentication has been attempted
+     * during the current request
+     */
+    get authenticationAttempted(): boolean;
     constructor(ctx: HttpContext, config: {
         default: keyof KnownGuards;
         guards: KnownGuards;
@@ -15,4 +40,17 @@ export declare class Authenticator<KnownGuards extends Record<string, GuardFacto
      * cached during the lifecycle of an HTTP request.
      */
     use<Guard extends keyof KnownGuards>(guard?: Guard): ReturnType<KnownGuards[Guard]>;
+    /**
+     * Authenticate the request using all of the mentioned
+     * guards or the default guard.
+     *
+     * The authentication process will stop after any of the
+     * mentioned guards is able to authenticate the request
+     * successfully.
+     *
+     * Otherwise, "AuthenticationException" will be raised.
+     */
+    authenticateUsing(guards?: (keyof KnownGuards)[], options?: {
+        redirectTo?: string;
+    }): Promise<boolean>;
 }

package/build/src/auth/authenticator.js

@@ -7,11 +7,17 @@
  * file that was distributed with this source code.
  */
 import debug from './debug.js';
+import { AuthenticationException } from './errors.js';
 /**
  * Authenticator is an HTTP request specific implementation for using
  * guards to login users and authenticate requests.
  */
 export class Authenticator {
+    /**
+     * Name of the guard using which the request has
+     * been authenticated
+     */
+    #authenticatedViaGuard;
     /**
      * Reference to HTTP context
      */
@@ -24,6 +30,39 @@ export class Authenticator {
      * Cache of guards created during the HTTP request
      */
     #guardsCache = {};
+    /**
+     * Name of the default guard
+     */
+    get defaultGuard() {
+        return this.#config.default;
+    }
+    /**
+     * Reference to the guard using which the current
+     * request has been authenticated.
+     */
+    get authenticatedViaGuard() {
+        return this.#authenticatedViaGuard;
+    }
+    /**
+     * A boolean to know if the current request has
+     * been authenticated
+     */
+    get isAuthenticated() {
+        return this.use(this.#authenticatedViaGuard || this.defaultGuard).isAuthenticated;
+    }
+    /**
+     * Reference to the currently authenticated user
+     */
+    get user() {
+        return this.use(this.#authenticatedViaGuard || this.defaultGuard).user;
+    }
+    /**
+     * Whether or not the authentication has been attempted
+     * during the current request
+     */
+    get authenticationAttempted() {
+        return this.use(this.#authenticatedViaGuard || this.defaultGuard).authenticationAttempted;
+    }
     constructor(ctx, config) {
         this.#ctx = ctx;
         this.#config = config;
@@ -52,4 +91,32 @@ export class Authenticator {
         this.#guardsCache[guardToUse] = guardInstance;
         return guardInstance;
     }
+    /**
+     * Authenticate the request using all of the mentioned
+     * guards or the default guard.
+     *
+     * The authentication process will stop after any of the
+     * mentioned guards is able to authenticate the request
+     * successfully.
+     *
+     * Otherwise, "AuthenticationException" will be raised.
+     */
+    async authenticateUsing(guards, options) {
+        const guardsToUse = guards || [this.defaultGuard];
+        let lastUsedGuardDriver;
+        for (let guardName of guardsToUse) {
+            debug('attempting to authenticate using guard "%s"', guardName);
+            const guard = this.use(guardName);
+            lastUsedGuardDriver = guard.driverName;
+            if (await guard.check()) {
+                this.#authenticatedViaGuard = guardName;
+                return true;
+            }
+        }
+        throw new AuthenticationException('Unauthorized access', {
+            code: 'E_UNAUTHORIZED_ACCESS',
+            guardDriverName: lastUsedGuardDriver,
+            redirectTo: options?.redirectTo,
+        });
+    }
 }

package/build/src/auth/errors.d.ts

@@ -1,8 +1,82 @@
+import { Exception } from '@poppinss/utils';
+import { HttpContext } from '@adonisjs/core/http';
 /**
- * Invalid token provided
+ * Authentication exception is raised when an attempt is
+ * made to authenticate an HTTP request
  */
-export declare const E_INVALID_AUTH_TOKEN: new (args?: any, options?: ErrorOptions | undefined) => import("@poppinss/utils").Exception;
+export declare class AuthenticationException extends Exception {
+    /**
+     * Raises authentication exception when session guard
+     * is unable to authenticate the request
+     */
+    static E_INVALID_AUTH_SESSION(): AuthenticationException;
+    guardDriverName: string;
+    redirectTo?: string;
+    identifier: string;
+    constructor(message: string, options: ErrorOptions & {
+        guardDriverName: string;
+        redirectTo?: string;
+        code?: string;
+        status?: number;
+    });
+    /**
+     * Returns the message to be sent in the HTTP response.
+     * Feel free to override this method and return a custom
+     * response.
+     */
+    getResponseMessage(error: AuthenticationException, ctx: HttpContext): string;
+    /**
+     * A collection of authentication exception
+     * renderers to render the exception to a
+     * response.
+     *
+     * The collection is a key-value pair, where the
+     * key is the guard driver name and value is
+     * a factory function to respond to the
+     * request.
+     */
+    renderers: Record<string, (message: string, error: AuthenticationException, ctx: HttpContext) => Promise<void> | void>;
+    /**
+     * Self handles the auth exception and converts it to an
+     * HTTP response
+     */
+    handle(error: AuthenticationException, ctx: HttpContext): Promise<void>;
+}
 /**
- * The user session is invalid
+ * Invalid credentials exception is raised when unable
+ * to verify user credentials during login
  */
-export declare const E_INVALID_AUTH_SESSION: new (args?: any, options?: ErrorOptions | undefined) => import("@poppinss/utils").Exception;
+export declare class InvalidCredentialsException extends Exception {
+    static message: string;
+    static code: string;
+    static E_INVALID_CREDENTIALS(guardDriverName: string): InvalidCredentialsException;
+    guardDriverName: string;
+    identifier: string;
+    constructor(message: string, options: ErrorOptions & {
+        guardDriverName: string;
+        code?: string;
+        status?: number;
+    });
+    /**
+     * Returns the message to be sent in the HTTP response.
+     * Feel free to override this method and return a custom
+     * response.
+     */
+    getResponseMessage(error: InvalidCredentialsException, ctx: HttpContext): string;
+    /**
+     * A collection of authentication exception
+     * renderers to render the exception to a
+     * response.
+     *
+     * The collection is a key-value pair, where the
+     * key is the guard driver name and value is
+     * a factory function to respond to the
+     * request.
+     */
+    renderers: Record<string, (message: string, error: InvalidCredentialsException, ctx: HttpContext) => Promise<void> | void>;
+    /**
+     * Self handles the auth exception and converts it to an
+     * HTTP response
+     */
+    handle(error: InvalidCredentialsException, ctx: HttpContext): Promise<void>;
+}

package/build/src/auth/errors.js

@@ -6,12 +6,176 @@
  * For the full copyright and license information, please view the LICENSE
  * file that was distributed with this source code.
  */
-import { createError } from '@poppinss/utils';
+import { Exception } from '@poppinss/utils';
 /**
- * Invalid token provided
+ * Authentication exception is raised when an attempt is
+ * made to authenticate an HTTP request
  */
-export const E_INVALID_AUTH_TOKEN = createError('Invalid or expired token value', 'E_INVALID_AUTH_TOKEN', 401);
+export class AuthenticationException extends Exception {
+    /**
+     * Raises authentication exception when session guard
+     * is unable to authenticate the request
+     */
+    static E_INVALID_AUTH_SESSION() {
+        return new AuthenticationException('Invalid or expired authentication session', {
+            code: 'E_INVALID_AUTH_SESSION',
+            status: 401,
+            guardDriverName: 'session',
+        });
+    }
+    guardDriverName;
+    redirectTo;
+    identifier = 'auth.authenticate';
+    constructor(message, options) {
+        super(message, options);
+        this.guardDriverName = options.guardDriverName;
+        this.redirectTo = options.redirectTo;
+    }
+    /**
+     * Returns the message to be sent in the HTTP response.
+     * Feel free to override this method and return a custom
+     * response.
+     */
+    getResponseMessage(error, ctx) {
+        if ('i18n' in ctx) {
+            return ctx.i18n.t(error.identifier, {}, error.message);
+        }
+        return error.message;
+    }
+    /**
+     * A collection of authentication exception
+     * renderers to render the exception to a
+     * response.
+     *
+     * The collection is a key-value pair, where the
+     * key is the guard driver name and value is
+     * a factory function to respond to the
+     * request.
+     */
+    renderers = {
+        session: (message, error, ctx) => {
+            switch (ctx.request.accepts(['html', 'application/vnd.api+json', 'json'])) {
+                case 'html':
+                case null:
+                    ctx.session.flashExcept(['_csrf']);
+                    ctx.session.flash({ errors: { [error.identifier]: [message] } });
+                    ctx.response.redirect(error.redirectTo || '/', true);
+                    break;
+                case 'json':
+                    ctx.response.status(error.status).send({
+                        errors: [
+                            {
+                                message,
+                            },
+                        ],
+                    });
+                    break;
+                case 'application/vnd.api+json':
+                    ctx.response.status(error.status).send({
+                        errors: [
+                            {
+                                code: error.identifier,
+                                title: message,
+                            },
+                        ],
+                    });
+                    break;
+            }
+        },
+    };
+    /**
+     * Self handles the auth exception and converts it to an
+     * HTTP response
+     */
+    async handle(error, ctx) {
+        const renderer = this.renderers[this.guardDriverName];
+        const message = error.getResponseMessage(error, ctx);
+        if (!renderer) {
+            return ctx.response.status(error.status).send(message);
+        }
+        return renderer(message, error, ctx);
+    }
+}
 /**
- * The user session is invalid
+ * Invalid credentials exception is raised when unable
+ * to verify user credentials during login
  */
-export const E_INVALID_AUTH_SESSION = createError('Invalid or expired authentication session', 'E_INVALID_AUTH_SESSION', 401);
+export class InvalidCredentialsException extends Exception {
+    static message = 'Invalid credentials';
+    static code = 'E_INVALID_CREDENTIALS';
+    static E_INVALID_CREDENTIALS(guardDriverName) {
+        return new InvalidCredentialsException(InvalidCredentialsException.message, {
+            guardDriverName,
+        });
+    }
+    guardDriverName;
+    identifier = 'auth.login';
+    constructor(message, options) {
+        super(message, options);
+        this.guardDriverName = options.guardDriverName;
+    }
+    /**
+     * Returns the message to be sent in the HTTP response.
+     * Feel free to override this method and return a custom
+     * response.
+     */
+    getResponseMessage(error, ctx) {
+        if ('i18n' in ctx) {
+            return ctx.i18n.t(this.identifier, {}, error.message);
+        }
+        return error.message;
+    }
+    /**
+     * A collection of authentication exception
+     * renderers to render the exception to a
+     * response.
+     *
+     * The collection is a key-value pair, where the
+     * key is the guard driver name and value is
+     * a factory function to respond to the
+     * request.
+     */
+    renderers = {
+        session: (message, error, ctx) => {
+            switch (ctx.request.accepts(['html', 'application/vnd.api+json', 'json'])) {
+                case 'html':
+                case null:
+                    ctx.session.flashExcept(['_csrf']);
+                    ctx.session.flash({ errors: { [this.identifier]: [message] } });
+                    ctx.response.redirect().withQs().back();
+                    break;
+                case 'json':
+                    ctx.response.status(error.status).send({
+                        errors: [
+                            {
+                                message: message,
+                            },
+                        ],
+                    });
+                    break;
+                case 'application/vnd.api+json':
+                    ctx.response.status(error.status).send({
+                        errors: [
+                            {
+                                code: this.identifier,
+                                title: message,
+                            },
+                        ],
+                    });
+                    break;
+            }
+        },
+    };
+    /**
+     * Self handles the auth exception and converts it to an
+     * HTTP response
+     */
+    async handle(error, ctx) {
+        const renderer = this.renderers[this.guardDriverName];
+        const message = this.getResponseMessage(error, ctx);
+        if (!renderer) {
+            return ctx.response.status(error.status).send(message);
+        }
+        return renderer(message, error, ctx);
+    }
+}

package/build/src/auth/middleware/auth_middleware.d.ts

@@ -0,0 +1,13 @@
+import type { HttpContext } from '@adonisjs/core/http';
+import type { NextFn } from '@adonisjs/core/types/http';
+import type { Authenticators } from '@adonisjs/auth/types';
+/**
+ * Options accepted by the middleware options
+ */
+export type AuthMiddlewareOptions = {
+    guards?: (keyof Authenticators)[];
+    redirectTo?: string;
+};
+export default class AuthMiddleware {
+    handle(ctx: HttpContext, next: NextFn, options?: AuthMiddlewareOptions): Promise<any>;
+}

package/build/src/auth/middleware/auth_middleware.js

@@ -0,0 +1,6 @@
+export default class AuthMiddleware {
+    async handle(ctx, next, options = {}) {
+        await ctx.auth.authenticateUsing(options.guards, options);
+        return next();
+    }
+}

package/build/src/auth/middleware/initialize_auth_middleware.d.ts

@@ -0,0 +1,18 @@
+import auth from '@adonisjs/auth/services/main';
+import type { HttpContext } from '@adonisjs/core/http';
+import type { NextFn } from '@adonisjs/core/types/http';
+/**
+ * The "InitializeAuthMiddleware" is used to create a request
+ * specific authenticator instance for every HTTP request.
+ *
+ * This middleware does not protect routes from unauthenticated
+ * users. Please use the "auth" middleware for that.
+ */
+export default class InitializeAuthMiddleware {
+    handle(ctx: HttpContext, next: NextFn): Promise<any>;
+}
+declare module '@adonisjs/core/http' {
+    interface HttpContext {
+        auth: ReturnType<(typeof auth)['createAuthenticator']>;
+    }
+}

package/build/src/auth/middleware/initialize_auth_middleware.js

@@ -0,0 +1,25 @@
+/// <reference types="@adonisjs/core/providers/edge_provider" />
+import auth from '@adonisjs/auth/services/main';
+/**
+ * The "InitializeAuthMiddleware" is used to create a request
+ * specific authenticator instance for every HTTP request.
+ *
+ * This middleware does not protect routes from unauthenticated
+ * users. Please use the "auth" middleware for that.
+ */
+export default class InitializeAuthMiddleware {
+    async handle(ctx, next) {
+        /**
+         * Initialize the authenticator for the current HTTP
+         * request
+         */
+        ctx.auth = auth.createAuthenticator(ctx);
+        /**
+         * Sharing authenticator with templates
+         */
+        if ('view' in ctx) {
+            ctx.view.share({ auth: ctx.auth });
+        }
+        return next();
+    }
+}

package/build/src/auth/types.d.ts

@@ -1,4 +1,3 @@
-import type { Emitter } from '@adonisjs/core/events';
 import type { HttpContext } from '@adonisjs/core/http';
 import type { ApplicationService, ConfigProvider } from '@adonisjs/core/types';
 import type { AuthManager } from './auth_manager.js';
@@ -8,18 +7,39 @@ import type { GUARD_KNOWN_EVENTS } from './symbols.js';
  */
 export interface GuardContract<User> {
     /**
-     * Reference to the user type
+     * Reference to the currently authenticated user
      */
     user?: User;
+    /**
+     * A boolean to know if the current request has
+     * been authenticated
+     */
+    isAuthenticated: boolean;
+    /**
+     * Whether or not the authentication has been attempted
+     * during the current request
+     */
+    authenticationAttempted: boolean;
+    /**
+     * Check if the current request has been
+     * authenticated without throwing an
+     * exception
+     */
+    check(): Promise<boolean>;
+    /**
+     * Authenticates the current request and throws
+     * an exception if the request is not authenticated.
+     */
+    authenticate(): Promise<User>;
+    /**
+     * A unique name for the guard driver
+     */
+    driverName: string;
     /**
      * Aymbol for infer the events emitted by a specific
      * guard
      */
     [GUARD_KNOWN_EVENTS]: unknown;
-    /**
-     * Accept an instance of the emitter to emit events
-     */
-    withEmitter(emitter: Emitter<any>): this;
 }
 /**
  * The authenticator guard factory method is called by the
@@ -36,13 +56,16 @@ export interface Authenticators {
 /**
  * Infer authenticators from the auth config
  */
-export type InferAuthenticators<Config extends ConfigProvider<unknown>> = Awaited<ReturnType<Config['resolver']>>;
+export type InferAuthenticators<Config extends ConfigProvider<{
+    default: unknown;
+    guards: unknown;
+}>> = Awaited<ReturnType<Config['resolver']>>['guards'];
 /**
  * Auth service is a singleton instance of the AuthManager
  * configured using the config stored within the user
  * app.
  */
-export interface AuthService extends AuthManager<Authenticators extends GuardFactory ? Authenticators : never> {
+export interface AuthService extends AuthManager<Authenticators extends Record<string, GuardFactory> ? Authenticators : never> {
 }
 /**
  * Config provider for exporting guard

package/build/src/core/token.d.ts

@@ -78,8 +78,11 @@ export declare abstract class Token implements TokenContract {
     /**
      * Decodes a publicly shared token and return the series
      * and the token value from it.
+     *
+     * Returns null when unable to decode the token because of
+     * invalid format or encoding.
      */
-    static decode(value: string): {
+    static decode(value: string): null | {
         series: string;
         value: string;
     };

package/build/src/core/token.js

@@ -9,7 +9,6 @@
 import { createHash } from 'node:crypto';
 import string from '@adonisjs/core/helpers/string';
 import { base64, safeEqual } from '@adonisjs/core/helpers';
-import * as errors from '../auth/errors.js';
 /**
  * A token represents an opaque token issued to a client
  * to perform a specific task.
@@ -93,16 +92,19 @@ export class Token {
     /**
      * Decodes a publicly shared token and return the series
      * and the token value from it.
+     *
+     * Returns null when unable to decode the token because of
+     * invalid format or encoding.
      */
     static decode(value) {
         const [series, ...tokenValue] = value.split('.');
         if (!series || tokenValue.length === 0) {
-            throw new errors.E_INVALID_AUTH_TOKEN();
+            return null;
         }
         const decodedSeries = base64.urlDecode(series);
         const decodedValue = base64.urlDecode(tokenValue.join('.'));
         if (!decodedSeries || !decodedValue) {
-            throw new errors.E_INVALID_AUTH_TOKEN();
+            return null;
         }
         return {
             series: decodedSeries,

package/build/src/guards/session/guard.d.ts

@@ -10,6 +10,10 @@ import type { SessionGuardEvents, SessionGuardConfig, RememberMeProviderContract
 export declare class SessionGuard<UserProvider extends SessionUserProviderContract<unknown>> implements GuardContract<UserProvider[typeof PROVIDER_REAL_USER]> {
     #private;
     [GUARD_KNOWN_EVENTS]: SessionGuardEvents<UserProvider[typeof PROVIDER_REAL_USER]>;
+    /**
+     * Driver name of the guard
+     */
+    driverName: 'session';
     /**
      * Whether or not the authentication has been attempted
      * during the current request
@@ -73,6 +77,22 @@ export declare class SessionGuard<UserProvider extends SessionUserProviderContra
      * an exception if the request is not authenticated.
      */
     getUserOrFail(): UserProvider[typeof PROVIDER_REAL_USER];
+    /**
+     * Verifies user credentials and returns an instance of
+     * the user or throws "E_INVALID_CREDENTIALS" exception.
+     */
+    verifyCredentials(uid: string, password: string): Promise<UserProvider[typeof PROVIDER_REAL_USER]>;
+    /**
+     * Attempt to login a user after verifying their
+     * credentials.
+     */
+    attempt(uid: string, password: string): Promise<UserProvider[typeof PROVIDER_REAL_USER]>;
+    /**
+     * Attempt to login a user using the user id. The
+     * user will be first fetched from the db before
+     * marking them as logged-in
+     */
+    loginViaId(id: string | number): Promise<UserProvider[typeof PROVIDER_REAL_USER]>;
     /**
      * Login a user using the user object.
      */

package/build/src/guards/session/guard.js

@@ -9,8 +9,8 @@
 import { RuntimeException } from '@poppinss/utils';
 import debug from '../../auth/debug.js';
 import { RememberMeToken } from './token.js';
-import * as errors from '../../auth/errors.js';
 import { GUARD_KNOWN_EVENTS } from '../../auth/symbols.js';
+import { AuthenticationException, InvalidCredentialsException } from '../../auth/errors.js';
 /**
  * Session guard uses sessions and cookies to login and authenticate
  * users.
@@ -42,6 +42,10 @@ export class SessionGuard {
      * Emitter to emit events
      */
     #emitter;
+    /**
+     * Driver name of the guard
+     */
+    driverName = 'session';
     /**
      * Whether or not the authentication has been attempted
      * during the current request
@@ -116,7 +120,7 @@ export class SessionGuard {
         return this.#ctx.session;
     }
     /**
-     * Notifies about authenticatin failure and throws the exception
+     * Notifies about authentication failure and throws the exception
      */
     #authenticationFailed(error, sessionId) {
         if (this.#emitter) {
@@ -127,6 +131,18 @@ export class SessionGuard {
         }
         throw error;
     }
+    /**
+     * Notifies about login failure and throws the exception
+     */
+    #loginFailed(error, user) {
+        if (this.#emitter) {
+            this.#emitter.emit('session_auth:login_failed', {
+                error,
+                user,
+            });
+        }
+        throw error;
+    }
     /**
      * Register the remember me tokens provider to create
      * remember me tokens during user login.
@@ -153,10 +169,66 @@ export class SessionGuard {
      */
     getUserOrFail() {
         if (!this.user) {
-            throw new errors.E_INVALID_AUTH_SESSION();
+            throw AuthenticationException.E_INVALID_AUTH_SESSION();
         }
         return this.user;
     }
+    /**
+     * Verifies user credentials and returns an instance of
+     * the user or throws "E_INVALID_CREDENTIALS" exception.
+     */
+    async verifyCredentials(uid, password) {
+        debug('session_guard: attempting to verify credentials for uid "%s"', uid);
+        /**
+         * Attempt to find a user by the uid and raise
+         * error when unable to find one
+         */
+        const providerUser = await this.#userProvider.findByUid(uid);
+        if (!providerUser) {
+            this.#loginFailed(InvalidCredentialsException.E_INVALID_CREDENTIALS(this.driverName), null);
+        }
+        /**
+         * Raise error when unable to verify password
+         */
+        const user = providerUser.getOriginal();
+        /**
+         * Raise error when unable to verify password
+         */
+        if (!(await providerUser.verifyPassword(password))) {
+            this.#loginFailed(InvalidCredentialsException.E_INVALID_CREDENTIALS(this.driverName), user);
+        }
+        /**
+         * Notify credentials have been verified
+         */
+        if (this.#emitter) {
+            this.#emitter.emit('session_auth:credentials_verified', {
+                uid,
+                user,
+            });
+        }
+        return user;
+    }
+    /**
+     * Attempt to login a user after verifying their
+     * credentials.
+     */
+    async attempt(uid, password) {
+        const user = await this.verifyCredentials(uid, password);
+        return this.login(user);
+    }
+    /**
+     * Attempt to login a user using the user id. The
+     * user will be first fetched from the db before
+     * marking them as logged-in
+     */
+    async loginViaId(id) {
+        debug('session_guard: attempting to login user via id "%s"', id);
+        const providerUser = await this.#userProvider.findById(id);
+        if (!providerUser) {
+            this.#loginFailed(InvalidCredentialsException.E_INVALID_CREDENTIALS(this.driverName), null);
+        }
+        return this.login(providerUser.getOriginal());
+    }
     /**
      * Login a user using the user object.
      */
@@ -248,7 +320,7 @@ export class SessionGuard {
              * storage
              */
             if (!providerUser) {
-                this.#authenticationFailed(new errors.E_INVALID_AUTH_SESSION(), session.sessionId);
+                this.#authenticationFailed(AuthenticationException.E_INVALID_AUTH_SESSION(), session.sessionId);
             }
             this.user = providerUser.getOriginal();
             this.isAuthenticated = true;
@@ -280,7 +352,7 @@ export class SessionGuard {
          */
         const rememberMeCookie = this.#ctx.request.encryptedCookie(this.rememberMeKeyName);
         if (!rememberMeCookie || !this.#rememberMeTokenProvider) {
-            this.#authenticationFailed(new errors.E_INVALID_AUTH_SESSION(), session.sessionId);
+            this.#authenticationFailed(AuthenticationException.E_INVALID_AUTH_SESSION(), session.sessionId);
         }
         debug('session_guard: authenticating user from remember me cookie');
         /**
@@ -289,9 +361,12 @@ export class SessionGuard {
          * is missing or invalid
          */
         const decodedToken = RememberMeToken.decode(rememberMeCookie);
+        if (!decodedToken) {
+            this.#authenticationFailed(AuthenticationException.E_INVALID_AUTH_SESSION(), session.sessionId);
+        }
         const token = await this.#rememberMeTokenProvider.getTokenBySeries(decodedToken.series);
         if (!token || !token.verify(decodedToken.value)) {
-            this.#authenticationFailed(new errors.E_INVALID_AUTH_SESSION(), session.sessionId);
+            this.#authenticationFailed(AuthenticationException.E_INVALID_AUTH_SESSION(), session.sessionId);
         }
         debug('session_guard: found valid remember me token');
         /**
@@ -300,7 +375,7 @@ export class SessionGuard {
          */
         const providerUser = await this.#userProvider.findById(token.userId);
         if (!providerUser) {
-            this.#authenticationFailed(new errors.E_INVALID_AUTH_SESSION(), session.sessionId);
+            this.#authenticationFailed(AuthenticationException.E_INVALID_AUTH_SESSION(), session.sessionId);
         }
         /**
          * Finally, login the user from the remember me token
@@ -370,8 +445,7 @@ export class SessionGuard {
             return true;
         }
         catch (error) {
-            if (error instanceof errors.E_INVALID_AUTH_SESSION ||
-                error instanceof errors.E_INVALID_AUTH_TOKEN) {
+            if (error instanceof AuthenticationException) {
                 return false;
             }
             throw error;

package/build/src/guards/session/types.d.ts

@@ -34,7 +34,6 @@ export type SessionGuardEvents<User> = {
     'session_auth:credentials_verified': {
         uid: string;
         user: User;
-        password: string;
     };
     /**
      * The event is emitted when unable to login the

package/build/stubs/config.stub

@@ -21,7 +21,7 @@ const userProvider = providers.db({
   table: 'users',
   passwordColumnName: 'password',
   id: 'id',
-  uids: ['email']
+  uids: ['email'],
 })
 {{/if}}
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@adonisjs/auth",
-  "version": "9.0.0-0",
+  "version": "9.0.0-1",
   "description": "Official authentication provider for Adonis framework",
   "type": "module",
   "main": "build/index.js",
@@ -20,7 +20,7 @@
   },
   "exports": {
     ".": "./build/index.js",
-    "./types": "./build/src/types/main.js",
+    "./types": "./build/src/auth/types.js",
     "./auth_provider": "./build/providers/auth_provider.js",
     "./services/main": "./build/services/auth.js",
     "./core/token": "./build/src/core/token.js",
@@ -29,6 +29,8 @@
     "./core/token_providers/*": "./build/src/core/token_providers/*.js",
     "./types/core": "./build/src/core/types.js",
     "./session": "./build/src/guards/session/main.js",
+    "./initialize_auth_middleware": "./build/src/auth/middleware/initialize_auth_middleware.js",
+    "./auth_middleware": "./build/src/auth/middleware/auth_middleware.js",
     "./types/session": "./build/src/guards/session/types.js"
   },
   "scripts": {
@@ -66,6 +68,7 @@
     "@adonisjs/assembler": "^6.1.3-25",
     "@adonisjs/core": "^6.1.5-30",
     "@adonisjs/eslint-config": "^1.1.8",
+    "@adonisjs/i18n": "^2.0.0-6",
     "@adonisjs/lucid": "^19.0.0-3",
     "@adonisjs/prettier-config": "^1.1.8",
     "@adonisjs/session": "^7.0.0-13",

package/build/stubs/config/auth_middleware.stub

@@ -1,12 +0,0 @@
-import { HttpContext } from '@adonisjs/core/http'
-import { NextFn } from '@adonisjs/core/http/types'
-
-type AuthMiddlewareOptions = {
-  guards?: (keyof Authenticators)[]
-}
-
-export default class AuthMiddleware {
-  async handle({ auth }: HttpContext, next: NextFn, options?: AuthMiddlewareOptions) {
-    return next()
-  }
-}