@adonisjs/auth 9.0.0-5 → 9.0.0-7

package/build/factories/basic_auth_guard_factory.d.ts

@@ -0,0 +1,12 @@
+import type { HttpContext } from '@adonisjs/core/http';
+import { FactoryUser, TestLucidUserProvider } from './lucid_user_provider.js';
+import { BasicAuthGuard } from '../src/guards/basic_auth/guard.js';
+import type { UserProviderContract } from '../src/core/types.js';
+/**
+ * Exposes the API to create a basic auth guard for testing. Under
+ * the hood configures Lucid models for looking up users
+ */
+export declare class BasicAuthGuardFactory {
+    merge(): this;
+    create<UserProvider extends UserProviderContract<unknown> = TestLucidUserProvider<typeof FactoryUser>>(ctx: HttpContext, provider?: UserProvider): BasicAuthGuard<TestLucidUserProvider<typeof FactoryUser> | UserProvider>;
+}

package/build/factories/basic_auth_guard_factory.js

@@ -0,0 +1,22 @@
+/*
+ * @adonisjs/auth
+ *
+ * (c) AdonisJS
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+import { LucidUserProviderFactory, } from './lucid_user_provider.js';
+import { BasicAuthGuard } from '../src/guards/basic_auth/guard.js';
+/**
+ * Exposes the API to create a basic auth guard for testing. Under
+ * the hood configures Lucid models for looking up users
+ */
+export class BasicAuthGuardFactory {
+    merge() {
+        return this;
+    }
+    create(ctx, provider) {
+        return new BasicAuthGuard('basic', ctx, provider || new LucidUserProviderFactory().create());
+    }
+}

package/build/src/auth/auth_manager.d.ts

@@ -1,6 +1,7 @@
 import type { HttpContext } from '@adonisjs/core/http';
 import type { GuardFactory } from './types.js';
 import { Authenticator } from './authenticator.js';
+import { AuthenticatorClient } from './authenticator_client.js';
 /**
  * Auth manager exposes the API to register and manage authentication
  * guards from the config
@@ -19,4 +20,8 @@ export declare class AuthManager<KnownGuards extends Record<string, GuardFactory
      * Create an authenticator for a given HTTP request
      */
     createAuthenticator(ctx: HttpContext): Authenticator<KnownGuards>;
+    /**
+     * Creates an instance of the authenticator client
+     */
+    createAuthenticatorClient(): AuthenticatorClient<KnownGuards>;
 }

package/build/src/auth/auth_manager.js

@@ -7,6 +7,7 @@
  * file that was distributed with this source code.
  */
 import { Authenticator } from './authenticator.js';
+import { AuthenticatorClient } from './authenticator_client.js';
 /**
  * Auth manager exposes the API to register and manage authentication
  * guards from the config
@@ -31,4 +32,10 @@ export class AuthManager {
     createAuthenticator(ctx) {
         return new Authenticator(ctx, this.#config);
     }
+    /**
+     * Creates an instance of the authenticator client
+     */
+    createAuthenticatorClient() {
+        return new AuthenticatorClient(this.#config);
+    }
 }

package/build/src/auth/authenticator_client.d.ts

@@ -0,0 +1,23 @@
+import type { GuardFactory } from './types.js';
+/**
+ * Authenticator client is used to create guard instances for
+ * testing. It passes a fake HTTPContext to the guards, so
+ * make sure to not call server side APIs that might be
+ * relying on a real HTTPContext instance
+ */
+export declare class AuthenticatorClient<KnownGuards extends Record<string, GuardFactory>> {
+    #private;
+    /**
+     * Name of the default guard
+     */
+    get defaultGuard(): keyof KnownGuards;
+    constructor(config: {
+        default: keyof KnownGuards;
+        guards: KnownGuards;
+    });
+    /**
+     * Returns an instance of a known guard. Guards instances are
+     * cached during the lifecycle of an HTTP request.
+     */
+    use<Guard extends keyof KnownGuards>(guard?: Guard): ReturnType<KnownGuards[Guard]>;
+}

package/build/src/auth/authenticator_client.js

@@ -0,0 +1,59 @@
+/*
+ * @adonisjs/auth
+ *
+ * (c) AdonisJS
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+import debug from './debug.js';
+import { HttpContextFactory } from '@adonisjs/core/factories/http';
+/**
+ * Authenticator client is used to create guard instances for
+ * testing. It passes a fake HTTPContext to the guards, so
+ * make sure to not call server side APIs that might be
+ * relying on a real HTTPContext instance
+ */
+export class AuthenticatorClient {
+    /**
+     * Registered guards
+     */
+    #config;
+    /**
+     * Cache of guards
+     */
+    #guardsCache = {};
+    /**
+     * Name of the default guard
+     */
+    get defaultGuard() {
+        return this.#config.default;
+    }
+    constructor(config) {
+        this.#config = config;
+        debug('creating authenticator client. config %O', this.#config);
+    }
+    /**
+     * Returns an instance of a known guard. Guards instances are
+     * cached during the lifecycle of an HTTP request.
+     */
+    use(guard) {
+        const guardToUse = guard || this.#config.default;
+        /**
+         * Use cached copy if exists
+         */
+        const cachedGuard = this.#guardsCache[guardToUse];
+        if (cachedGuard) {
+            debug('using guard from cache. name: "%s"', guardToUse);
+            return cachedGuard;
+        }
+        const guardFactory = this.#config.guards[guardToUse];
+        /**
+         * Construct guard and cache it
+         */
+        debug('creating guard. name: "%s"', guardToUse);
+        const guardInstance = guardFactory(new HttpContextFactory().create());
+        this.#guardsCache[guardToUse] = guardInstance;
+        return guardInstance;
+    }
+}

package/build/src/auth/errors.d.ts

@@ -12,6 +12,11 @@ export declare class AuthenticationException extends Exception {
      * is unable to authenticate the request
      */
     static E_INVALID_AUTH_SESSION(): AuthenticationException;
+    /**
+     * Raises authentication exception when session guard
+     * is unable to authenticate the request
+     */
+    static E_INVALID_BASIC_AUTH_CREDENTIALS(): AuthenticationException;
     guardDriverName: string;
     redirectTo?: string;
     identifier: string;

package/build/src/auth/errors.js

@@ -25,6 +25,17 @@ export class AuthenticationException extends Exception {
             guardDriverName: 'session',
         });
     }
+    /**
+     * Raises authentication exception when session guard
+     * is unable to authenticate the request
+     */
+    static E_INVALID_BASIC_AUTH_CREDENTIALS() {
+        return new AuthenticationException('Invalid basic auth credentials', {
+            code: 'E_INVALID_BASIC_AUTH_CREDENTIALS',
+            status: 401,
+            guardDriverName: 'basic_auth',
+        });
+    }
     guardDriverName;
     redirectTo;
     identifier = 'auth.authenticate';
@@ -84,6 +95,12 @@ export class AuthenticationException extends Exception {
                     break;
             }
         },
+        basic_auth: (message, _, ctx) => {
+            ctx.response
+                .status(this.status)
+                .header('WWW-Authenticate', `Basic realm="Authenticate", charset="UTF-8"`)
+                .send(message);
+        },
     };
     /**
      * Self handles the auth exception and converts it to an

package/build/src/auth/plugins/japa/api_client.d.ts

@@ -0,0 +1,32 @@
+import type { PluginFn } from '@japa/runner/types';
+import type { ApplicationService } from '@adonisjs/core/types';
+import type { Authenticators, GuardContract, GuardFactory } from '../../types.js';
+declare module '@japa/api-client' {
+    interface ApiRequest {
+        authData: {
+            guard: string;
+            user: unknown;
+        };
+        /**
+         * Login a user using the default authentication
+         * guard when making an API call
+         */
+        loginAs(user: {
+            [K in keyof Authenticators]: Authenticators[K] extends GuardFactory ? ReturnType<Authenticators[K]> extends GuardContract<infer A> ? A : never : never;
+        }): this;
+        /**
+         * Define the authentication guard for login
+         */
+        withGuard<K extends keyof Authenticators, Self extends ApiRequest>(this: Self, guard: K): {
+            /**
+             * Login a user using a specific auth guard
+             */
+            loginAs(user: Authenticators[K] extends GuardFactory ? ReturnType<Authenticators[K]> extends GuardContract<infer A> ? A : never : never): Self;
+        };
+    }
+}
+/**
+ * Auth API client to authenticate users when making
+ * HTTP requests using the Japa API client
+ */
+export declare const authApiClient: (app: ApplicationService) => PluginFn;

package/build/src/auth/plugins/japa/api_client.js

@@ -0,0 +1,63 @@
+/*
+ * @adonisjs/auth
+ *
+ * (c) AdonisJS
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+import { ApiClient, ApiRequest } from '@japa/api-client';
+import debug from '../../debug.js';
+/**
+ * Auth API client to authenticate users when making
+ * HTTP requests using the Japa API client
+ */
+export const authApiClient = (app) => {
+    const pluginFn = function () {
+        debug('installing auth api client plugin');
+        ApiRequest.macro('loginAs', function (user) {
+            this.authData = {
+                guard: '__default__',
+                user: user,
+            };
+            return this;
+        });
+        ApiRequest.macro('withGuard', function (guard) {
+            return {
+                loginAs: (user) => {
+                    this.authData = {
+                        guard,
+                        user: user,
+                    };
+                    return this;
+                },
+            };
+        });
+        /**
+         * Hook into the request and login the user
+         */
+        ApiClient.setup(async (request) => {
+            const auth = await app.container.make('auth.manager');
+            const authData = request['authData'];
+            if (!authData) {
+                return;
+            }
+            const client = auth.createAuthenticatorClient();
+            const guard = authData.guard === '__default__' ? client.use() : client.use(authData.guard);
+            const requestData = await guard.authenticateAsClient(authData.user);
+            if (requestData.headers) {
+                debug('defining headers with api client request %O', requestData.headers);
+                request.headers(requestData.headers);
+            }
+            if (requestData.session) {
+                debug('defining session with api client request %O', requestData.session);
+                request.withSession(requestData.session);
+            }
+            if (requestData.cookies) {
+                debug('defining session with api client request %O', requestData.session);
+                request.cookies(requestData.cookies);
+            }
+        });
+    };
+    return pluginFn;
+};

package/build/src/auth/plugins/japa/browser_client.d.ts

@@ -0,0 +1,25 @@
+import type { PluginFn } from '@japa/runner/types';
+import type { ApplicationService } from '@adonisjs/core/types';
+import type { Authenticators, GuardContract, GuardFactory } from '../../types.js';
+declare module 'playwright' {
+    interface BrowserContext {
+        /**
+         * Login a user using the default authentication
+         * guard when using the browser context to
+         * make page visits
+         */
+        loginAs(user: {
+            [K in keyof Authenticators]: Authenticators[K] extends GuardFactory ? ReturnType<Authenticators[K]> extends GuardContract<infer A> ? A : never : never;
+        }): Promise<void>;
+        /**
+         * Define the authentication guard for login
+         */
+        withGuard<K extends keyof Authenticators>(guard: K): {
+            /**
+             * Login a user using a specific auth guard
+             */
+            loginAs(user: Authenticators[K] extends GuardFactory ? ReturnType<Authenticators[K]> extends GuardContract<infer A> ? A : never : never): Promise<void>;
+        };
+    }
+}
+export declare const authBrowserClient: (app: ApplicationService) => PluginFn;

package/build/src/auth/plugins/japa/browser_client.js

@@ -0,0 +1,42 @@
+/*
+ * @adoniss/auth
+ *
+ * (c) AdonisJS
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+/// <reference types="@japa/plugin-adonisjs" />
+/// <reference types="@adonisjs/session/plugins/browser_client" />
+import { RuntimeException } from '@poppinss/utils';
+import { decoratorsCollection } from '@japa/browser-client';
+import debug from '../../debug.js';
+export const authBrowserClient = (app) => {
+    const pluginFn = async function () {
+        debug('installing auth browser client plugin');
+        const auth = await app.container.make('auth.manager');
+        decoratorsCollection.register({
+            context(context) {
+                context.loginAs = async function (user) {
+                    const client = auth.createAuthenticatorClient();
+                    const guard = client.use();
+                    const requestData = await guard.authenticateAsClient(user);
+                    if (requestData.headers) {
+                        throw new RuntimeException(`Cannot use "${guard.driverName}" guard with browser client`);
+                    }
+                    if (requestData.cookies) {
+                        debug('defining cookies with browser context %O', requestData.cookies);
+                        Object.keys(requestData.cookies).forEach((cookie) => {
+                            context.setCookie(cookie, requestData.cookies[cookie]);
+                        });
+                    }
+                    if (requestData.session) {
+                        debug('defining session with browser context %O', requestData.session);
+                        context.setSession(requestData.session);
+                    }
+                };
+            },
+        });
+    };
+    return pluginFn;
+};

package/build/src/auth/types.d.ts

@@ -2,6 +2,14 @@ import type { HttpContext } from '@adonisjs/core/http';
 import type { ApplicationService, ConfigProvider } from '@adonisjs/core/types';
 import type { AuthManager } from './auth_manager.js';
 import type { GUARD_KNOWN_EVENTS } from './symbols.js';
+/**
+ * The client response for authentication.
+ */
+export interface AuthClientResponse {
+    headers?: Record<string, any>;
+    cookies?: Record<string, any>;
+    session?: Record<string, any>;
+}
 /**
  * A set of properties a guard must implement.
  */
@@ -30,6 +38,12 @@ export interface GuardContract<User> {
      * exception
      */
     check(): Promise<boolean>;
+    /**
+     * The method is used to authenticate the user as
+     * client. This method should return cookies,
+     * headers, or session state.
+     */
+    authenticateAsClient(user: User): Promise<AuthClientResponse>;
     /**
      * Authenticates the current request and throws
      * an exception if the request is not authenticated.

package/build/src/guards/basic_auth/define_config.d.ts

@@ -0,0 +1,16 @@
+import type { HttpContext } from '@adonisjs/core/http';
+import type { ConfigProvider } from '@adonisjs/core/types';
+import type { GuardConfigProvider } from '../../auth/types.js';
+import type { UserProviderContract } from '../../core/types.js';
+import { BasicAuthGuard } from './guard.js';
+/**
+ * Helper function to configure the basic auth guard for
+ * authentication.
+ *
+ * This method returns a config builder, which internally
+ * returns a factory function to construct a guard
+ * during HTTP requests.
+ */
+export declare function basicAuthGuard<UserProvider extends UserProviderContract<unknown>>(config: {
+    provider: ConfigProvider<UserProvider>;
+}): GuardConfigProvider<(ctx: HttpContext) => BasicAuthGuard<UserProvider>>;

package/build/src/guards/basic_auth/define_config.js

@@ -0,0 +1,38 @@
+/*
+ * @adonisjs/auth
+ *
+ * (c) AdonisJS
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+import { configProvider } from '@adonisjs/core';
+import { RuntimeException } from '@poppinss/utils';
+import { BasicAuthGuard } from './guard.js';
+/**
+ * Helper function to configure the basic auth guard for
+ * authentication.
+ *
+ * This method returns a config builder, which internally
+ * returns a factory function to construct a guard
+ * during HTTP requests.
+ */
+export function basicAuthGuard(config) {
+    return {
+        async resolver(guardName, app) {
+            const provider = await configProvider.resolve(app, config.provider);
+            if (!provider) {
+                throw new RuntimeException(`Invalid user provider defined on "${guardName}" guard`);
+            }
+            const emitter = await app.container.make('emitter');
+            /**
+             * Factory function needed by Authenticator to switch
+             * between guards and perform authentication
+             */
+            return (ctx) => {
+                const guard = new BasicAuthGuard(guardName, ctx, provider);
+                return guard.withEmitter(emitter);
+            };
+        },
+    };
+}

package/build/src/guards/basic_auth/guard.d.ts

@@ -0,0 +1,70 @@
+import type { Emitter } from '@adonisjs/core/events';
+import type { HttpContext } from '@adonisjs/core/http';
+import type { BasicAuthGuardEvents } from './types.js';
+import type { GuardContract } from '../../auth/types.js';
+import type { UserProviderContract } from '../../core/types.js';
+import { PROVIDER_REAL_USER, GUARD_KNOWN_EVENTS } from '../../auth/symbols.js';
+/**
+ * Implementation of basic auth as an authentication guard
+ */
+export declare class BasicAuthGuard<UserProvider extends UserProviderContract<unknown>> implements GuardContract<UserProvider[typeof PROVIDER_REAL_USER]> {
+    #private;
+    [GUARD_KNOWN_EVENTS]: BasicAuthGuardEvents<UserProvider[typeof PROVIDER_REAL_USER]>;
+    /**
+     * Driver name of the guard
+     */
+    driverName: 'basic_auth';
+    /**
+     * Whether or not the authentication has been attempted
+     * during the current request
+     */
+    authenticationAttempted: boolean;
+    /**
+     * A boolean to know if the current request has
+     * been authenticated
+     */
+    isAuthenticated: boolean;
+    /**
+     * Reference to an instance of the authenticated or logged-in
+     * user. The value only exists after calling one of the
+     * following methods.
+     *
+     * - authenticate
+     *
+     * You can use the "getUserOrFail" method to throw an exception if
+     * the request is not authenticated.
+     */
+    user?: UserProvider[typeof PROVIDER_REAL_USER];
+    constructor(name: string, ctx: HttpContext, userProvider: UserProvider);
+    /**
+     * Register an event emitter to listen for global events for
+     * authentication lifecycle.
+     */
+    withEmitter(emitter: Emitter<any>): this;
+    /**
+     * Returns an instance of the authenticated user. Or throws
+     * an exception if the request is not authenticated.
+     */
+    getUserOrFail(): UserProvider[typeof PROVIDER_REAL_USER];
+    /**
+     * Verifies user credentials and returns an instance of
+     * the user or throws "E_INVALID_BASIC_AUTH_CREDENTIALS" exception.
+     */
+    verifyCredentials(uid: string, password: string): Promise<UserProvider[typeof PROVIDER_REAL_USER]>;
+    /**
+     * Authenticates the current HTTP request for basic
+     * auth credentials
+     */
+    authenticate(): Promise<UserProvider[typeof PROVIDER_REAL_USER]>;
+    /**
+     * Silently attempt to authenticate the user.
+     *
+     * The method returns a boolean indicating if the authentication
+     * succeeded or failed.
+     */
+    check(): Promise<boolean>;
+    /**
+     * Not support
+     */
+    authenticateAsClient(_: UserProvider[typeof PROVIDER_REAL_USER]): Promise<never>;
+}

package/build/src/guards/basic_auth/guard.js

@@ -0,0 +1,190 @@
+/*
+ * @adonisjs/auth
+ *
+ * (c) AdonisJS
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+import auth from 'basic-auth';
+import { RuntimeException } from '@poppinss/utils';
+import debug from '../../auth/debug.js';
+import { AuthenticationException } from '../../auth/errors.js';
+import { GUARD_KNOWN_EVENTS } from '../../auth/symbols.js';
+/**
+ * Implementation of basic auth as an authentication guard
+ */
+export class BasicAuthGuard {
+    /**
+     * A unique name for the guard. It is used while
+     * emitting events
+     */
+    #name;
+    /**
+     * Reference to the current HTTP context
+     */
+    #ctx;
+    /**
+     * Provider to lookup user details
+     */
+    #userProvider;
+    /**
+     * Emitter to emit events
+     */
+    #emitter;
+    /**
+     * Driver name of the guard
+     */
+    driverName = 'basic_auth';
+    /**
+     * Whether or not the authentication has been attempted
+     * during the current request
+     */
+    authenticationAttempted = false;
+    /**
+     * A boolean to know if the current request has
+     * been authenticated
+     */
+    isAuthenticated = false;
+    /**
+     * Reference to an instance of the authenticated or logged-in
+     * user. The value only exists after calling one of the
+     * following methods.
+     *
+     * - authenticate
+     *
+     * You can use the "getUserOrFail" method to throw an exception if
+     * the request is not authenticated.
+     */
+    user;
+    constructor(name, ctx, userProvider) {
+        this.#ctx = ctx;
+        this.#name = name;
+        this.#userProvider = userProvider;
+    }
+    /**
+     * Notifies about authentication failure and throws the exception
+     */
+    #authenticationFailed(error) {
+        if (this.#emitter) {
+            this.#emitter.emit('basic_auth:authentication_failed', {
+                guardName: this.#name,
+                error,
+            });
+        }
+        throw error;
+    }
+    /**
+     * Register an event emitter to listen for global events for
+     * authentication lifecycle.
+     */
+    withEmitter(emitter) {
+        this.#emitter = emitter;
+        return this;
+    }
+    /**
+     * Returns an instance of the authenticated user. Or throws
+     * an exception if the request is not authenticated.
+     */
+    getUserOrFail() {
+        if (!this.user) {
+            throw AuthenticationException.E_INVALID_BASIC_AUTH_CREDENTIALS();
+        }
+        return this.user;
+    }
+    /**
+     * Verifies user credentials and returns an instance of
+     * the user or throws "E_INVALID_BASIC_AUTH_CREDENTIALS" exception.
+     */
+    async verifyCredentials(uid, password) {
+        debug('basic_auth_guard: attempting to verify credentials for uid "%s"', uid);
+        /**
+         * Attempt to find a user by the uid and raise
+         * error when unable to find one
+         */
+        const providerUser = await this.#userProvider.findByUid(uid);
+        if (!providerUser) {
+            this.#authenticationFailed(AuthenticationException.E_INVALID_BASIC_AUTH_CREDENTIALS());
+        }
+        /**
+         * Raise error when unable to verify password
+         */
+        const user = providerUser.getOriginal();
+        /**
+         * Raise error when unable to verify password
+         */
+        if (!(await providerUser.verifyPassword(password))) {
+            this.#authenticationFailed(AuthenticationException.E_INVALID_BASIC_AUTH_CREDENTIALS());
+        }
+        return user;
+    }
+    /**
+     * Authenticates the current HTTP request for basic
+     * auth credentials
+     */
+    async authenticate() {
+        /**
+         * Avoid re-authenticating when already authenticated
+         */
+        if (this.authenticationAttempted) {
+            return this.getUserOrFail();
+        }
+        /**
+         * Beginning authentication attempt
+         */
+        this.authenticationAttempted = true;
+        if (this.#emitter) {
+            this.#emitter.emit('basic_auth:authentication_attempted', {
+                guardName: this.#name,
+            });
+        }
+        /**
+         * Fetch credentials from the header
+         */
+        const credentials = auth(this.#ctx.request.request);
+        if (!credentials) {
+            this.#authenticationFailed(AuthenticationException.E_INVALID_BASIC_AUTH_CREDENTIALS());
+        }
+        debug('basic_auth_guard: authenticating user using credentials');
+        /**
+         * Verifying user credentials
+         */
+        this.user = await this.verifyCredentials(credentials.name, credentials.pass);
+        this.isAuthenticated = true;
+        debug('basic_auth_guard: marking user as authenticated');
+        if (this.#emitter) {
+            this.#emitter.emit('basic_auth:authentication_succeeded', {
+                guardName: this.#name,
+                user: this.user,
+            });
+        }
+        /**
+         * Return user
+         */
+        return this.getUserOrFail();
+    }
+    /**
+     * Silently attempt to authenticate the user.
+     *
+     * The method returns a boolean indicating if the authentication
+     * succeeded or failed.
+     */
+    async check() {
+        try {
+            await this.authenticate();
+            return true;
+        }
+        catch (error) {
+            if (error instanceof AuthenticationException) {
+                return false;
+            }
+            throw error;
+        }
+    }
+    /**
+     * Not support
+     */
+    async authenticateAsClient(_) {
+        throw new RuntimeException('Cannot authenticate as a client when using basic auth');
+    }
+}

package/build/src/guards/basic_auth/main.d.ts

@@ -0,0 +1,2 @@
+export { BasicAuthGuard } from './guard.js';
+export { basicAuthGuard } from './define_config.js';

package/build/src/guards/basic_auth/main.js

@@ -0,0 +1,10 @@
+/*
+ * @adonisjs/auth
+ *
+ * (c) AdonisJS
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+export { BasicAuthGuard } from './guard.js';
+export { basicAuthGuard } from './define_config.js';

package/build/src/guards/basic_auth/types.d.ts

@@ -0,0 +1,35 @@
+import { Exception } from '@poppinss/utils';
+/**
+ * Events emitted by the basic auth guard
+ */
+export type BasicAuthGuardEvents<User> = {
+    /**
+     * The event is emitted when the user credentials
+     * have been verified successfully.
+     */
+    'basic_auth:credentials_verified': {
+        guardName: string;
+        uid: string;
+        user: User;
+    };
+    /**
+     * Attempting to authenticate the user
+     */
+    'basic_auth:authentication_attempted': {
+        guardName: string;
+    };
+    /**
+     * Authentication was successful
+     */
+    'basic_auth:authentication_succeeded': {
+        guardName: string;
+        user: User;
+    };
+    /**
+     * Authentication failed
+     */
+    'basic_auth:authentication_failed': {
+        guardName: string;
+        error: Exception;
+    };
+};

package/build/src/guards/basic_auth/types.js

@@ -0,0 +1,9 @@
+/*
+ * @adonisjs/auth
+ *
+ * (c) AdonisJS
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+export {};

package/build/src/guards/session/guard.d.ts

@@ -113,4 +113,11 @@ export declare class SessionGuard<UserProvider extends SessionUserProviderContra
      * Logout user and revoke remember me token (if any)
      */
     logout(): Promise<void>;
+    /**
+     * Returns the session state for the user to be
+     * logged-in as a client
+     */
+    authenticateAsClient(user: UserProvider[typeof PROVIDER_REAL_USER]): Promise<{
+        session: Record<string, string | number>;
+    }>;
 }

package/build/src/guards/session/guard.js

@@ -327,6 +327,7 @@ export class SessionGuard {
             if (!providerUser) {
                 this.#authenticationFailed(AuthenticationException.E_INVALID_AUTH_SESSION(), session.sessionId);
             }
+            debug('session_guard: marking user with id "%s" as authenticated', providerUser.getId());
             this.user = providerUser.getOriginal();
             this.isAuthenticated = true;
             this.isLoggedOut = false;
@@ -390,6 +391,7 @@ export class SessionGuard {
         debug('session_guard: marking user with id "%s" as logged in from remember me cookie', userId);
         session.put(this.sessionKeyName, userId);
         session.regenerate();
+        debug('session_guard: marking user with id "%s" as authenticated', userId);
         this.user = providerUser.getOriginal();
         this.isAuthenticated = true;
         this.isLoggedOut = false;
@@ -491,4 +493,18 @@ export class SessionGuard {
         debug('session_auth: deleting remember me token');
         await this.#rememberMeTokenProvider.deleteTokenBySeries(decodedToken.series);
     }
+    /**
+     * Returns the session state for the user to be
+     * logged-in as a client
+     */
+    async authenticateAsClient(user) {
+        const providerUser = await this.#userProvider.createUserForGuard(user);
+        const userId = providerUser.getId();
+        debug('session_guard: returning client session for user id "%s"', userId);
+        return {
+            session: {
+                [this.sessionKeyName]: userId,
+            },
+        };
+    }
 }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@adonisjs/auth",
-  "version": "9.0.0-5",
+  "version": "9.0.0-7",
   "description": "Official authentication provider for Adonis framework",
   "type": "module",
   "main": "build/index.js",
@@ -22,6 +22,8 @@
     ".": "./build/index.js",
     "./types": "./build/src/auth/types.js",
     "./auth_provider": "./build/providers/auth_provider.js",
+    "./plugins/api_client": "./build/src/auth/plugins/japa/api_client.js",
+    "./plugins/browser_client": "./build/src/auth/plugins/japa/browser_client.js",
     "./services/main": "./build/services/auth.js",
     "./core/token": "./build/src/core/token.js",
     "./core/guard_user": "./build/src/core/guard_user.js",
@@ -29,6 +31,7 @@
     "./core/token_providers/*": "./build/src/core/token_providers/*.js",
     "./types/core": "./build/src/core/types.js",
     "./session": "./build/src/guards/session/main.js",
+    "./basic_auth": "./build/src/guards/basic_auth/main.js",
     "./initialize_auth_middleware": "./build/src/auth/middleware/initialize_auth_middleware.js",
     "./types/session": "./build/src/guards/session/types.js"
   },
@@ -74,12 +77,16 @@
     "@adonisjs/tsconfig": "^1.1.8",
     "@commitlint/cli": "^18.0.0",
     "@commitlint/config-conventional": "^18.0.0",
+    "@japa/api-client": "^2.0.0",
     "@japa/assert": "^2.0.0",
+    "@japa/browser-client": "^2.0.0",
     "@japa/expect-type": "^2.0.0",
     "@japa/file-system": "^2.0.0",
+    "@japa/plugin-adonisjs": "^2.0.0",
     "@japa/runner": "^3.0.4",
     "@japa/snapshot": "^2.0.0",
     "@swc/core": "1.3.82",
+    "@types/basic-auth": "^1.1.5",
     "@types/luxon": "^3.3.3",
     "@types/node": "^20.8.7",
     "@types/set-cookie-parser": "^2.4.5",
@@ -92,6 +99,7 @@
     "husky": "^8.0.3",
     "luxon": "^3.4.3",
     "np": "^8.0.4",
+    "playwright": "^1.39.0",
     "prettier": "^3.0.3",
     "set-cookie-parser": "^2.6.0",
     "sqlite3": "^5.1.6",
@@ -129,12 +137,16 @@
     ]
   },
   "dependencies": {
-    "@poppinss/utils": "^6.5.0"
+    "@poppinss/utils": "^6.5.0",
+    "basic-auth": "^2.0.1"
   },
   "peerDependencies": {
-    "@adonisjs/core": "^6.1.5-30",
+    "@adonisjs/core": "^6.1.5-31",
     "@adonisjs/lucid": "^19.0.0-3",
-    "@adonisjs/session": "^7.0.0-13"
+    "@adonisjs/session": "^7.0.0-13",
+    "@japa/api-client": "^2.0.0",
+    "@japa/browser-client": "^2.0.0",
+    "@japa/plugin-adonisjs": "^2.0.0"
   },
   "peerDependenciesMeta": {
     "@adonisjs/lucid": {
@@ -142,6 +154,15 @@
     },
     "@adonisjs/session": {
       "optional": true
+    },
+    "@japa/api-client": {
+      "optional": true
+    },
+    "@japa/browser-client": {
+      "optional": true
+    },
+    "@japa/plugin-adonisjs": {
+      "optional": true
     }
   }
 }