@adonisjs/auth 9.0.0-3 → 9.0.0-5

package/build/configure.js

@@ -6,47 +6,20 @@
  * For the full copyright and license information, please view the LICENSE
  * file that was distributed with this source code.
  */
-import { stubsRoot } from './index.js';
-/**
- * Configures the user provider to use for finding
- * users
- */
-async function configureProvider(command) {
-    const provider = await command.prompt.choice('Select the user provider you want to use', [
-        {
-            name: 'lucid',
-            message: 'Lucid models',
-        },
-        {
-            name: 'db',
-            message: 'Database query builder',
-        },
-    ]);
-    /**
-     * Publish config file
-     */
-    await command.publishStub('config.stub', { provider });
-}
-/**
- * Configures the session guard and output its config
- * to the console
- */
-async function configureSessionGuard(command) {
-    const tokens = await command.prompt.confirm('Do you want to use remember me tokens?');
-    const stubs = await command.app.stubs.create();
-    const stub = await stubs.build('guards/session.stub', { source: stubsRoot });
-    const { contents } = await stub.prepare({ tokens });
-    command.logger.log(contents);
-}
 /**
  * Configures the auth package
  */
 export async function configure(command) {
-    if (command.parsedFlags && command.parsedFlags.guard === 'session') {
-        return configureSessionGuard(command);
-    }
-    await configureProvider(command);
     const codemods = await command.createCodemods();
+    /**
+     * Publish middleware to user application
+     */
+    await command.publishStub('middleware/auth_middleware.stub', {
+        entity: command.app.generators.createEntity('auth'),
+    });
+    await command.publishStub('middleware/guest_middleware.stub', {
+        entity: command.app.generators.createEntity('guest'),
+    });
     /**
      * Register provider
      */
@@ -64,7 +37,11 @@ export async function configure(command) {
     await codemods.registerMiddleware('named', [
         {
             name: 'auth',
-            path: '@adonisjs/auth/auth_middleware',
+            path: '#middleware/auth_middleware',
+        },
+        {
+            name: 'guest',
+            path: '#middleware/guest_middleware',
         },
     ]);
 }

package/build/index.d.ts

@@ -1,7 +1,7 @@
 export { configure } from './configure.js';
 export { stubsRoot } from './stubs/main.js';
-export * as errors from './src/auth/errors.js';
 export * as symbols from './src/auth/symbols.js';
 export { AuthManager } from './src/auth/auth_manager.js';
 export { Authenticator } from './src/auth/authenticator.js';
 export { defineConfig, providers } from './src/auth/define_config.js';
+export { AuthenticationException, InvalidCredentialsException } from './src/auth/errors.js';

package/build/index.js

@@ -8,8 +8,8 @@
  */
 export { configure } from './configure.js';
 export { stubsRoot } from './stubs/main.js';
-export * as errors from './src/auth/errors.js';
 export * as symbols from './src/auth/symbols.js';
 export { AuthManager } from './src/auth/auth_manager.js';
 export { Authenticator } from './src/auth/authenticator.js';
 export { defineConfig, providers } from './src/auth/define_config.js';
+export { AuthenticationException, InvalidCredentialsException } from './src/auth/errors.js';

package/build/src/auth/auth_manager.d.ts

@@ -13,7 +13,6 @@ export declare class AuthManager<KnownGuards extends Record<string, GuardFactory
     get defaultGuard(): keyof KnownGuards;
     constructor(config: {
         default: keyof KnownGuards;
-        loginRoute: string;
         guards: KnownGuards;
     });
     /**

package/build/src/auth/authenticator.d.ts

@@ -33,9 +33,15 @@ export declare class Authenticator<KnownGuards extends Record<string, GuardFacto
     get authenticationAttempted(): boolean;
     constructor(ctx: HttpContext, config: {
         default: keyof KnownGuards;
-        loginRoute: string;
         guards: KnownGuards;
     });
+    /**
+     * Returns an instance of the logged-in user or throws an
+     * exception
+     */
+    getUserOrFail(): {
+        [K in keyof KnownGuards]: ReturnType<ReturnType<KnownGuards[K]>['getUserOrFail']>;
+    }[keyof KnownGuards];
     /**
      * Returns an instance of a known guard. Guards instances are
      * cached during the lifecycle of an HTTP request.

package/build/src/auth/authenticator.js

@@ -68,6 +68,13 @@ export class Authenticator {
         this.#config = config;
         debug('creating authenticator. config %O', this.#config);
     }
+    /**
+     * Returns an instance of the logged-in user or throws an
+     * exception
+     */
+    getUserOrFail() {
+        return this.use(this.#authenticatedViaGuard || this.defaultGuard).getUserOrFail();
+    }
     /**
      * Returns an instance of a known guard. Guards instances are
      * cached during the lifecycle of an HTTP request.
@@ -116,7 +123,7 @@ export class Authenticator {
         throw new AuthenticationException('Unauthorized access', {
             code: 'E_UNAUTHORIZED_ACCESS',
             guardDriverName: lastUsedGuardDriver,
-            redirectTo: options?.loginRoute || this.#config.loginRoute,
+            redirectTo: options?.loginRoute,
         });
     }
 }

package/build/src/auth/errors.d.ts

@@ -5,6 +5,8 @@ import { HttpContext } from '@adonisjs/core/http';
  * made to authenticate an HTTP request
  */
 export declare class AuthenticationException extends Exception {
+    static status?: number | undefined;
+    static code?: string | undefined;
     /**
      * Raises authentication exception when session guard
      * is unable to authenticate the request
@@ -49,6 +51,7 @@ export declare class AuthenticationException extends Exception {
 export declare class InvalidCredentialsException extends Exception {
     static message: string;
     static code: string;
+    static status?: number | undefined;
     static E_INVALID_CREDENTIALS(guardDriverName: string): InvalidCredentialsException;
     guardDriverName: string;
     identifier: string;

package/build/src/auth/errors.js

@@ -12,6 +12,8 @@ import { Exception } from '@poppinss/utils';
  * made to authenticate an HTTP request
  */
 export class AuthenticationException extends Exception {
+    static status = 401;
+    static code = 'E_UNAUTHORIZED_ACCESS';
     /**
      * Raises authentication exception when session guard
      * is unable to authenticate the request
@@ -103,6 +105,7 @@ export class AuthenticationException extends Exception {
 export class InvalidCredentialsException extends Exception {
     static message = 'Invalid credentials';
     static code = 'E_INVALID_CREDENTIALS';
+    static status = 400;
     static E_INVALID_CREDENTIALS(guardDriverName) {
         return new InvalidCredentialsException(InvalidCredentialsException.message, {
             guardDriverName,

package/build/src/auth/types.d.ts

@@ -10,6 +10,10 @@ export interface GuardContract<User> {
      * Reference to the currently authenticated user
      */
     user?: User;
+    /**
+     * Returns logged-in user or throws an exception
+     */
+    getUserOrFail(): User;
     /**
      * A boolean to know if the current request has
      * been authenticated
@@ -60,6 +64,16 @@ export type InferAuthenticators<Config extends ConfigProvider<{
     default: unknown;
     guards: unknown;
 }>> = Awaited<ReturnType<Config['resolver']>>['guards'];
+/**
+ * Helper to convert union to intersection
+ */
+type UnionToIntersection<U> = (U extends any ? (k: U) => void : never) extends (k: infer I) => void ? I : never;
+/**
+ * Infer events based upon the configure authenticators
+ */
+export type InferAuthEvents<KnownAuthenticators extends Record<string, GuardFactory>> = UnionToIntersection<{
+    [K in keyof KnownAuthenticators]: ReturnType<KnownAuthenticators[K]>[typeof GUARD_KNOWN_EVENTS];
+}[keyof KnownAuthenticators]>;
 /**
  * Auth service is a singleton instance of the AuthManager
  * configured using the config stored within the user
@@ -73,3 +87,4 @@ export interface AuthService extends AuthManager<Authenticators extends Record<s
 export type GuardConfigProvider<Guard extends GuardFactory> = {
     resolver: (name: string, app: ApplicationService) => Promise<Guard>;
 };
+export {};

package/build/src/core/token_providers/database.d.ts

@@ -11,7 +11,7 @@ type DatabaseTokenRow = {
     created_at: Date;
     updated_at: Date;
     expires_at: Date | null;
-};
+} & Record<string, any>;
 /**
  * A generic implementation to read tokens from the database
  */

package/build/src/guards/session/guard.d.ts

@@ -86,13 +86,13 @@ export declare class SessionGuard<UserProvider extends SessionUserProviderContra
      * Attempt to login a user after verifying their
      * credentials.
      */
-    attempt(uid: string, password: string): Promise<UserProvider[typeof PROVIDER_REAL_USER]>;
+    attempt(uid: string, password: string, remember?: boolean): Promise<UserProvider[typeof PROVIDER_REAL_USER]>;
     /**
      * Attempt to login a user using the user id. The
      * user will be first fetched from the db before
      * marking them as logged-in
      */
-    loginViaId(id: string | number): Promise<UserProvider[typeof PROVIDER_REAL_USER]>;
+    loginViaId(id: string | number, remember?: boolean): Promise<UserProvider[typeof PROVIDER_REAL_USER]>;
     /**
      * Login a user using the user object.
      */
@@ -109,4 +109,8 @@ export declare class SessionGuard<UserProvider extends SessionUserProviderContra
      * succeeded or failed.
      */
     check(): Promise<boolean>;
+    /**
+     * Logout user and revoke remember me token (if any)
+     */
+    logout(): Promise<void>;
 }

package/build/src/guards/session/guard.js

@@ -125,6 +125,7 @@ export class SessionGuard {
     #authenticationFailed(error, sessionId) {
         if (this.#emitter) {
             this.#emitter.emit('session_auth:authentication_failed', {
+                guardName: this.#name,
                 error,
                 sessionId: sessionId,
             });
@@ -137,6 +138,7 @@ export class SessionGuard {
     #loginFailed(error, user) {
         if (this.#emitter) {
             this.#emitter.emit('session_auth:login_failed', {
+                guardName: this.#name,
                 error,
                 user,
             });
@@ -202,6 +204,7 @@ export class SessionGuard {
          */
         if (this.#emitter) {
             this.#emitter.emit('session_auth:credentials_verified', {
+                guardName: this.#name,
                 uid,
                 user,
             });
@@ -212,29 +215,29 @@ export class SessionGuard {
      * Attempt to login a user after verifying their
      * credentials.
      */
-    async attempt(uid, password) {
+    async attempt(uid, password, remember) {
         const user = await this.verifyCredentials(uid, password);
-        return this.login(user);
+        return this.login(user, remember);
     }
     /**
      * Attempt to login a user using the user id. The
      * user will be first fetched from the db before
      * marking them as logged-in
      */
-    async loginViaId(id) {
+    async loginViaId(id, remember) {
         debug('session_guard: attempting to login user via id "%s"', id);
         const providerUser = await this.#userProvider.findById(id);
         if (!providerUser) {
             this.#loginFailed(InvalidCredentialsException.E_INVALID_CREDENTIALS(this.driverName), null);
         }
-        return this.login(providerUser.getOriginal());
+        return this.login(providerUser.getOriginal(), remember);
     }
     /**
      * Login a user using the user object.
      */
     async login(user, remember = false) {
         if (this.#emitter) {
-            this.#emitter.emit('session_auth:login_attempted', { user });
+            this.#emitter.emit('session_auth:login_attempted', { user, guardName: this.#name });
         }
         const providerUser = await this.#userProvider.createUserForGuard(user);
         const session = this.#getSession();
@@ -281,6 +284,7 @@ export class SessionGuard {
          */
         if (this.#emitter) {
             this.#emitter.emit('session_auth:login_succeeded', {
+                guardName: this.#name,
                 user,
                 sessionId: session.sessionId,
                 rememberMeToken: token,
@@ -303,6 +307,7 @@ export class SessionGuard {
          */
         if (this.#emitter) {
             this.#emitter.emit('session_auth:authentication_attempted', {
+                guardName: this.#name,
                 sessionId: session.sessionId,
             });
         }
@@ -331,6 +336,7 @@ export class SessionGuard {
              */
             if (this.#emitter) {
                 this.#emitter.emit('session_auth:authentication_succeeded', {
+                    guardName: this.#name,
                     sessionId: session.sessionId,
                     user: this.user,
                 });
@@ -393,6 +399,7 @@ export class SessionGuard {
          */
         if (this.#emitter) {
             this.#emitter.emit('session_auth:authentication_succeeded', {
+                guardName: this.#name,
                 sessionId: session.sessionId,
                 user: this.user,
                 rememberMeToken: token,
@@ -451,4 +458,37 @@ export class SessionGuard {
             throw error;
         }
     }
+    /**
+     * Logout user and revoke remember me token (if any)
+     */
+    async logout() {
+        debug('session_auth: logging out');
+        const session = this.#getSession();
+        /**
+         * Clear client side state
+         */
+        session.forget(this.sessionKeyName);
+        this.#ctx.response.clearCookie(this.rememberMeKeyName);
+        /**
+         * Notify the user has been logged out
+         */
+        if (this.#emitter) {
+            this.#emitter.emit('session_auth:logged_out', {
+                guardName: this.#name,
+                user: this.user || null,
+                sessionId: session.sessionId,
+            });
+        }
+        const rememberMeCookie = this.#ctx.request.encryptedCookie(this.rememberMeKeyName);
+        if (!rememberMeCookie || !this.#rememberMeTokenProvider) {
+            return;
+        }
+        debug('session_auth: decoding remember me token');
+        const decodedToken = RememberMeToken.decode(rememberMeCookie);
+        if (!decodedToken) {
+            return;
+        }
+        debug('session_auth: deleting remember me token');
+        await this.#rememberMeTokenProvider.deleteTokenBySeries(decodedToken.series);
+    }
 }

package/build/src/guards/session/types.d.ts

@@ -1,4 +1,4 @@
-import { Exception } from '@poppinss/utils';
+import type { Exception } from '@poppinss/utils';
 import type { RememberMeToken } from './token.js';
 import type { UserProviderContract, TokenProviderContract, DatabaseTokenProviderOptions } from '../../core/types.js';
 /**
@@ -32,6 +32,7 @@ export type SessionGuardEvents<User> = {
      * have been verified successfully.
      */
     'session_auth:credentials_verified': {
+        guardName: string;
         uid: string;
         user: User;
     };
@@ -40,6 +41,7 @@ export type SessionGuardEvents<User> = {
      * user.
      */
     'session_auth:login_failed': {
+        guardName: string;
         error: Exception;
         user: User | null;
     };
@@ -48,6 +50,7 @@ export type SessionGuardEvents<User> = {
      * a given user.
      */
     'session_auth:login_attempted': {
+        guardName: string;
         user: User;
     };
     /**
@@ -55,6 +58,7 @@ export type SessionGuardEvents<User> = {
      * successfully
      */
     'session_auth:login_succeeded': {
+        guardName: string;
         user: User;
         sessionId: string;
         rememberMeToken?: RememberMeToken;
@@ -63,12 +67,14 @@ export type SessionGuardEvents<User> = {
      * Attempting to authenticate the user
      */
     'session_auth:authentication_attempted': {
+        guardName: string;
         sessionId: string;
     };
     /**
      * Authentication was successful
      */
     'session_auth:authentication_succeeded': {
+        guardName: string;
         user: User;
         sessionId: string;
         rememberMeToken?: RememberMeToken;
@@ -77,6 +83,7 @@ export type SessionGuardEvents<User> = {
      * Authentication failed
      */
     'session_auth:authentication_failed': {
+        guardName: string;
         error: Exception;
         sessionId: string;
     };
@@ -85,7 +92,8 @@ export type SessionGuardEvents<User> = {
      * sucessfully
      */
     'session_auth:logged_out': {
-        user: User;
+        guardName: string;
+        user: User | null;
         sessionId: string;
     };
 };

package/build/stubs/middleware/auth_middleware.stub

@@ -0,0 +1,30 @@
+{{#var middlewareName = generators.middlewareName(entity.name)}}
+{{#var middlewareFileName = generators.middlewareFileName(entity.name)}}
+{{{
+  exports({ to: app.middlewarePath(entity.path, middlewareFileName) })
+}}}
+import type { HttpContext } from '@adonisjs/core/http'
+import type { NextFn } from '@adonisjs/core/types/http'
+import type { Authenticators } from '@adonisjs/auth/types'
+
+/**
+ * Auth middleware is used authenticate HTTP requests and deny
+ * access to unauthenticated users.
+ */
+export default class {{ middlewareName }} {
+  /**
+   * The URL to redirect to, when authentication fails
+   */
+  redirectTo = '/login'
+
+  async handle(
+    ctx: HttpContext,
+    next: NextFn,
+    options: {
+      guards?: (keyof Authenticators)[]
+    } = {}
+  ) {
+    await ctx.auth.authenticateUsing(options.guards, { loginRoute: this.redirectTo })
+    return next()
+  }
+}

package/build/stubs/middleware/guest_middleware.stub

@@ -0,0 +1,36 @@
+{{#var middlewareName = generators.middlewareName(entity.name)}}
+{{#var middlewareFileName = generators.middlewareFileName(entity.name)}}
+{{{
+  exports({ to: app.middlewarePath(entity.path, middlewareFileName) })
+}}}
+import type { HttpContext } from '@adonisjs/core/http'
+import type { NextFn } from '@adonisjs/core/types/http'
+import type { Authenticators } from '@adonisjs/auth/types'
+
+/**
+ * Guest middleware is used to deny access to routes that should
+ * be accessed by unauthenticated users.
+ *
+ * For example, the login page should not be accessible if the user
+ * is already logged-in
+ */
+export default class {{ middlewareName }} {
+  /**
+   * The URL to redirect to when user is logged-in
+   */
+  redirectTo = '/'
+
+  async handle(
+    ctx: HttpContext,
+    next: NextFn,
+    options: { guards?: (keyof Authenticators)[] } = {}
+  ) {
+    for (let guard of options.guards || [ctx.auth.defaultGuard]) {
+      if (await ctx.auth.use(guard).check()) {
+        return ctx.response.redirect(this.redirectTo, true)
+      }
+    }
+
+    return next()
+  }
+}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@adonisjs/auth",
-  "version": "9.0.0-3",
+  "version": "9.0.0-5",
   "description": "Official authentication provider for Adonis framework",
   "type": "module",
   "main": "build/index.js",
@@ -30,7 +30,6 @@
     "./types/core": "./build/src/core/types.js",
     "./session": "./build/src/guards/session/main.js",
     "./initialize_auth_middleware": "./build/src/auth/middleware/initialize_auth_middleware.js",
-    "./auth_middleware": "./build/src/auth/middleware/auth_middleware.js",
     "./types/session": "./build/src/guards/session/types.js"
   },
   "scripts": {

package/build/src/auth/middleware/auth_middleware.d.ts

@@ -1,13 +0,0 @@
-import type { HttpContext } from '@adonisjs/core/http';
-import type { NextFn } from '@adonisjs/core/types/http';
-import type { Authenticators } from '@adonisjs/auth/types';
-/**
- * Options accepted by the middleware options
- */
-export type AuthMiddlewareOptions = {
-    guards?: (keyof Authenticators)[];
-    loginRoute?: string;
-};
-export default class AuthMiddleware {
-    handle(ctx: HttpContext, next: NextFn, options?: AuthMiddlewareOptions): Promise<any>;
-}

package/build/src/auth/middleware/auth_middleware.js

@@ -1,6 +0,0 @@
-export default class AuthMiddleware {
-    async handle(ctx, next, options = {}) {
-        await ctx.auth.authenticateUsing(options.guards, options);
-        return next();
-    }
-}

package/build/stubs/config.stub

@@ -1,39 +0,0 @@
-{{{
-  exports({ to: app.configPath('auth.ts') })
-}}}
-import { defineConfig, providers } from '@adonisjs/auth'
-{{#if provider === 'lucid'}}
-/**
- * Using the "models/user" model to find users during
- * login and authentication
- */
-const userProvider = providers.lucid({
-  model: () => import('#models/user'),
-  uids: ['email'],
-})
-{{/if}}
-{{#if provider === 'db'}}
-/**
- * Using Lucid query builder to directly query the database
- * to find users during login and authentication.
- */
-const userProvider = providers.db({
-  table: 'users',
-  passwordColumnName: 'password',
-  id: 'id',
-  uids: ['email'],
-})
-{{/if}}
-
-const authConfig = defineConfig({
-  default: 'web',
-  loginRoute: '/login',
-  guards: {
-    web: {} // to be configured
-  }
-})
-
-export default authConfig
-declare module '@adonisjs/auth/types' {
-  interface Authenticators extends InferAuthenticators<typeof authConfig> {}
-}

package/build/stubs/guards/session.stub

@@ -1,21 +0,0 @@
-{{{
-  exports({
-    to: app.makePath('config/auth.ts')
-  })
-}}}
-{{#if tokens}}
-import { sessionGuard, tokensProvider } from '@adonisjs/auth/session'
-{{#else}}
-import { sessionGuard } from '@adonisjs/auth/session'
-{{/if}}
-
-{
-  web: sessionGuard({
-    provider: userProvider,
-    {{#if tokens}}
-    tokens: tokensProvider.db({
-      table: 'remember_me_tokens'
-    })
-    {{/if}}
-  })
-}