@feathersjs/authentication 5.0.0-pre.6 → 5.0.0

package/src/jwt.ts

@@ -1,88 +1,101 @@
-/* eslint-disable @typescript-eslint/no-unused-vars */
-import omit from 'lodash/omit';
-import { IncomingMessage } from 'http';
-import { NotAuthenticated } from '@feathersjs/errors';
-import { Params } from '@feathersjs/feathers';
-import { createDebug } from '@feathersjs/commons';
+/* eslint-disable @typescript-eslint/no-unused-vars, @typescript-eslint/ban-ts-comment */
+import omit from 'lodash/omit'
+import { IncomingMessage } from 'http'
+import { NotAuthenticated } from '@feathersjs/errors'
+import { Params } from '@feathersjs/feathers'
+import { createDebug } from '@feathersjs/commons'
 // @ts-ignore
-import lt from 'long-timeout';
+import lt from 'long-timeout'
 
-import { AuthenticationBaseStrategy } from './strategy';
-import { AuthenticationRequest, AuthenticationResult, ConnectionEvent } from './core';
+import { AuthenticationBaseStrategy } from './strategy'
+import { AuthenticationParams, AuthenticationRequest, AuthenticationResult, ConnectionEvent } from './core'
 
-const debug = createDebug('@feathersjs/authentication/jwt');
-const SPLIT_HEADER = /(\S+)\s+(\S+)/;
+const debug = createDebug('@feathersjs/authentication/jwt')
+const SPLIT_HEADER = /(\S+)\s+(\S+)/
 
 export class JWTStrategy extends AuthenticationBaseStrategy {
-  expirationTimers = new WeakMap();
+  expirationTimers = new WeakMap()
 
-  get configuration () {
-    const authConfig = this.authentication.configuration;
-    const config = super.configuration;
+  get configuration() {
+    const authConfig = this.authentication.configuration
+    const config = super.configuration
 
     return {
       service: authConfig.service,
       entity: authConfig.entity,
       entityId: authConfig.entityId,
       header: 'Authorization',
-      schemes: [ 'Bearer', 'JWT' ],
+      schemes: ['Bearer', 'JWT'],
       ...config
-    };
+    }
   }
 
-  async handleConnection (event: ConnectionEvent, connection: any, authResult?: AuthenticationResult): Promise<void> {
-    const isValidLogout = event === 'logout' && connection.authentication && authResult &&
-      connection.authentication.accessToken === authResult.accessToken;
+  async handleConnection(
+    event: ConnectionEvent,
+    connection: any,
+    authResult?: AuthenticationResult
+  ): Promise<void> {
+    const isValidLogout =
+      event === 'logout' &&
+      connection.authentication &&
+      authResult &&
+      connection.authentication.accessToken === authResult.accessToken
 
-    const { accessToken } = authResult || {};
+    const { accessToken } = authResult || {}
+    const { entity } = this.configuration
 
     if (accessToken && event === 'login') {
-      debug('Adding authentication information to connection');
-      const { exp } = await this.authentication.verifyAccessToken(accessToken);
+      debug('Adding authentication information to connection')
+      const { exp } =
+        authResult?.authentication?.payload || (await this.authentication.verifyAccessToken(accessToken))
       // The time (in ms) until the token expires
-      const duration = (exp * 1000) - Date.now();
-      // This may have to be a `logout` event but right now we don't want
-      // the whole context object lingering around until the timer is gone
-      const timer = lt.setTimeout(() => this.app.emit('disconnect', connection), duration);
+      const duration = exp * 1000 - Date.now()
+      const timer = lt.setTimeout(() => this.app.emit('disconnect', connection), duration)
 
-      debug(`Registering connection expiration timer for ${duration}ms`);
-      lt.clearTimeout(this.expirationTimers.get(connection));
-      this.expirationTimers.set(connection, timer);
+      debug(`Registering connection expiration timer for ${duration}ms`)
+      lt.clearTimeout(this.expirationTimers.get(connection))
+      this.expirationTimers.set(connection, timer)
 
-      debug('Adding authentication information to connection');
+      debug('Adding authentication information to connection')
       connection.authentication = {
         strategy: this.name,
         accessToken
-      };
+      }
+      connection[entity] = authResult[entity]
     } else if (event === 'disconnect' || isValidLogout) {
-      debug('Removing authentication information and expiration timer from connection');
-
-      const { entity } = this.configuration;
-
-      delete connection[entity];
-      delete connection.authentication;
-
-      lt.clearTimeout(this.expirationTimers.get(connection));
-      this.expirationTimers.delete(connection);
+      debug('Removing authentication information and expiration timer from connection')
+
+      await new Promise((resolve) =>
+        process.nextTick(() => {
+          delete connection[entity]
+          delete connection.authentication
+          resolve(connection)
+        })
+      )
+
+      lt.clearTimeout(this.expirationTimers.get(connection))
+      this.expirationTimers.delete(connection)
     }
   }
 
-  verifyConfiguration () {
-    const allowedKeys = [ 'entity', 'entityId', 'service', 'header', 'schemes' ];
+  verifyConfiguration() {
+    const allowedKeys = ['entity', 'entityId', 'service', 'header', 'schemes']
 
     for (const key of Object.keys(this.configuration)) {
       if (!allowedKeys.includes(key)) {
-        throw new Error(`Invalid JwtStrategy option 'authentication.${this.name}.${key}'. Did you mean to set it in 'authentication.jwtOptions'?`);
+        throw new Error(
+          `Invalid JwtStrategy option 'authentication.${this.name}.${key}'. Did you mean to set it in 'authentication.jwtOptions'?`
+        )
       }
     }
 
     if (typeof this.configuration.header !== 'string') {
-      throw new Error(`The 'header' option for the ${this.name} strategy must be a string`);
+      throw new Error(`The 'header' option for the ${this.name} strategy must be a string`)
     }
   }
 
-  async getEntityQuery (_params: Params) {
-    return {};
+  async getEntityQuery(_params: Params) {
+    return {}
   }
 
   /**
@@ -91,40 +104,40 @@ export class JWTStrategy extends AuthenticationBaseStrategy {
    * @param id The id to use
    * @param params Service call parameters
    */
-  async getEntity (id: string, params: Params) {
-    const entityService = this.entityService;
-    const { entity } = this.configuration;
+  async getEntity(id: string, params: Params) {
+    const entityService = this.entityService
+    const { entity } = this.configuration
 
-    debug('Getting entity', id);
+    debug('Getting entity', id)
 
     if (entityService === null) {
-      throw new NotAuthenticated('Could not find entity service');
+      throw new NotAuthenticated('Could not find entity service')
     }
 
-    const query = await this.getEntityQuery(params);
-    const getParams = Object.assign({}, omit(params, 'provider'), { query });
-    const result = await entityService.get(id, getParams);
+    const query = await this.getEntityQuery(params)
+    const getParams = Object.assign({}, omit(params, 'provider'), { query })
+    const result = await entityService.get(id, getParams)
 
     if (!params.provider) {
-      return result;
+      return result
     }
 
-    return entityService.get(id, { ...params, [entity]: result });
+    return entityService.get(id, { ...params, [entity]: result })
   }
 
-  async getEntityId (authResult: AuthenticationResult, _params: Params) {
-    return authResult.authentication.payload.sub;
+  async getEntityId(authResult: AuthenticationResult, _params: Params) {
+    return authResult.authentication.payload.sub
   }
 
-  async authenticate (authentication: AuthenticationRequest, params: Params) {
-    const { accessToken } = authentication;
-    const { entity } = this.configuration;
+  async authenticate(authentication: AuthenticationRequest, params: AuthenticationParams) {
+    const { accessToken } = authentication
+    const { entity } = this.configuration
 
     if (!accessToken) {
-      throw new NotAuthenticated('No access token');
+      throw new NotAuthenticated('No access token')
     }
 
-    const payload = await this.authentication.verifyAccessToken(accessToken, params.jwt);
+    const payload = await this.authentication.verifyAccessToken(accessToken, params.jwt)
     const result = {
       accessToken,
       authentication: {
@@ -132,46 +145,44 @@ export class JWTStrategy extends AuthenticationBaseStrategy {
         accessToken,
         payload
       }
-    };
+    }
 
     if (entity === null) {
-      return result;
+      return result
     }
 
-    const entityId = await this.getEntityId(result, params);
-    const value = await this.getEntity(entityId, params);
+    const entityId = await this.getEntityId(result, params)
+    const value = await this.getEntity(entityId, params)
 
     return {
       ...result,
       [entity]: value
-    };
+    }
   }
 
-  async parse (req: IncomingMessage): Promise<{
-    strategy: string;
-    accessToken: string;
+  async parse(req: IncomingMessage): Promise<{
+    strategy: string
+    accessToken: string
   } | null> {
-    const { header, schemes }: { header: string, schemes: string[] } = this.configuration;
-    const headerValue = req.headers && req.headers[header.toLowerCase()];
+    const { header, schemes }: { header: string; schemes: string[] } = this.configuration
+    const headerValue = req.headers && req.headers[header.toLowerCase()]
 
     if (!headerValue || typeof headerValue !== 'string') {
-      return null;
+      return null
     }
 
-    debug('Found parsed header value');
+    debug('Found parsed header value')
 
-    const [ , scheme, schemeValue ] = headerValue.match(SPLIT_HEADER) || [];
-    const hasScheme = scheme && schemes.some(
-      current => new RegExp(current, 'i').test(scheme)
-    );
+    const [, scheme, schemeValue] = headerValue.match(SPLIT_HEADER) || []
+    const hasScheme = scheme && schemes.some((current) => new RegExp(current, 'i').test(scheme))
 
     if (scheme && !hasScheme) {
-      return null;
+      return null
     }
 
     return {
       strategy: this.name,
       accessToken: hasScheme ? schemeValue : headerValue
-    };
+    }
   }
 }

package/src/options.ts

@@ -1,5 +1,7 @@
-export default {
-  authStrategies: [],
+import { FromSchema, authenticationSettingsSchema } from '@feathersjs/schema'
+
+export const defaultOptions = {
+  authStrategies: [] as string[],
   jwtOptions: {
     header: { typ: 'access' }, // by default is an access token but can be any type
     audience: 'https://yourdomain.com', // The resource server where the token is processed
@@ -7,4 +9,8 @@ export default {
     algorithm: 'HS256',
     expiresIn: '1d'
   }
-};
+}
+
+export { authenticationSettingsSchema }
+
+export type AuthenticationConfiguration = FromSchema<typeof authenticationSettingsSchema>

package/src/service.ts

@@ -1,47 +1,64 @@
-import merge from 'lodash/merge';
-import { NotAuthenticated } from '@feathersjs/errors';
-import { AuthenticationBase, AuthenticationResult, AuthenticationRequest } from './core';
-import { connection, event } from './hooks';
-import '@feathersjs/transport-commons';
-import { createDebug } from '@feathersjs/commons';
-import { Params, ServiceMethods, ServiceAddons } from '@feathersjs/feathers';
-import jsonwebtoken from 'jsonwebtoken';
+import merge from 'lodash/merge'
+import { NotAuthenticated } from '@feathersjs/errors'
+import '@feathersjs/transport-commons'
+import { createDebug } from '@feathersjs/commons'
+import { ServiceMethods, ServiceAddons } from '@feathersjs/feathers'
+import { resolveDispatch } from '@feathersjs/schema'
+import jsonwebtoken from 'jsonwebtoken'
+import { hooks } from '@feathersjs/hooks'
 
-const debug = createDebug('@feathersjs/authentication/service');
+import { AuthenticationBase, AuthenticationResult, AuthenticationRequest, AuthenticationParams } from './core'
+import { connection, event } from './hooks'
+
+const debug = createDebug('@feathersjs/authentication/service')
 
 declare module '@feathersjs/feathers/lib/declarations' {
-  interface FeathersApplication<ServiceTypes, AppSettings> { // eslint-disable-line
+  // eslint-disable-next-line @typescript-eslint/no-unused-vars
+  interface FeathersApplication<Services, Settings> {
+    // eslint-disable-line
     /**
      * Returns the default authentication service or the
      * authentication service for a given path.
      *
      * @param location The service path to use (optional)
      */
-    defaultAuthentication? (location?: string): AuthenticationService;
+    defaultAuthentication?(location?: string): AuthenticationService
   }
 
   interface Params {
-    authenticated?: boolean;
-    authentication?: AuthenticationRequest;
+    authenticated?: boolean
+    authentication?: AuthenticationRequest
   }
 }
 
-// eslint-disable-next-line
+// eslint-disable-next-line @typescript-eslint/no-empty-interface
 export interface AuthenticationService extends ServiceAddons<AuthenticationResult, AuthenticationResult> {}
 
-export class AuthenticationService extends AuthenticationBase implements Partial<ServiceMethods<AuthenticationResult>> {
-  constructor (app: any, configKey = 'authentication', options = {}) {
-    super(app, configKey, options);
+export class AuthenticationService
+  extends AuthenticationBase
+  implements Partial<ServiceMethods<AuthenticationResult, AuthenticationRequest, AuthenticationParams>>
+{
+  constructor(app: any, configKey = 'authentication', options = {}) {
+    super(app, configKey, options)
+
+    hooks(this, {
+      create: [resolveDispatch(), event('login'), connection('login')],
+      remove: [resolveDispatch(), event('logout'), connection('logout')]
+    })
+
+    this.app.on('disconnect', async (connection) => {
+      await this.handleConnection('disconnect', connection)
+    })
 
     if (typeof app.defaultAuthentication !== 'function') {
       app.defaultAuthentication = function (location?: string) {
-        const configKey = app.get('defaultAuthentication');
-        const path = location || Object.keys(this.services).find(current =>
-          this.service(current).configKey === configKey
-        );
+        const configKey = app.get('defaultAuthentication')
+        const path =
+          location ||
+          Object.keys(this.services).find((current) => this.service(current).configKey === configKey)
 
-        return path ? this.service(path) : null;
-      };
+        return path ? this.service(path) : null
+      }
     }
   }
   /**
@@ -51,11 +68,11 @@ export class AuthenticationService extends AuthenticationBase implements Partial
    * @param _authResult The current authentication result
    * @param params The service call parameters
    */
-  async getPayload (_authResult: AuthenticationResult, params: Params) {
+  async getPayload(_authResult: AuthenticationResult, params: AuthenticationParams) {
     // Uses `params.payload` or returns an empty payload
-    const { payload = {} } = params;
+    const { payload = {} } = params
 
-    return payload;
+    return payload
   }
 
   /**
@@ -65,24 +82,24 @@ export class AuthenticationService extends AuthenticationBase implements Partial
    * @param authResult The authentication result
    * @param params Service call parameters
    */
-  async getTokenOptions (authResult: AuthenticationResult, params: Params) {
-    const { service, entity, entityId } = this.configuration;
-    const jwtOptions = merge({}, params.jwtOptions, params.jwt);
-    const value = service && entity && authResult[entity];
+  async getTokenOptions(authResult: AuthenticationResult, params: AuthenticationParams) {
+    const { service, entity, entityId } = this.configuration
+    const jwtOptions = merge({}, params.jwtOptions, params.jwt)
+    const value = service && entity && authResult[entity]
 
     // Set the subject to the entity id if it is available
     if (value && !jwtOptions.subject) {
-      const idProperty = entityId || this.app.service(service).id;
-      const subject = value[idProperty];
+      const idProperty = entityId || this.app.service(service).id
+      const subject = value[idProperty]
 
       if (subject === undefined) {
-        throw new NotAuthenticated(`Can not set subject from ${entity}.${idProperty}`);
+        throw new NotAuthenticated(`Can not set subject from ${entity}.${idProperty}`)
       }
 
-      jwtOptions.subject = `${subject}`;
+      jwtOptions.subject = `${subject}`
     }
 
-    return jwtOptions;
+    return jwtOptions
   }
 
   /**
@@ -92,36 +109,38 @@ export class AuthenticationService extends AuthenticationBase implements Partial
    * @param data The authentication request (should include `strategy` key)
    * @param params Service call parameters
    */
-  async create (data: AuthenticationRequest, params?: Params) {
-    const authStrategies = params.authStrategies || this.configuration.authStrategies;
+  async create(data: AuthenticationRequest, params?: AuthenticationParams) {
+    const authStrategies = params.authStrategies || this.configuration.authStrategies
 
     if (!authStrategies.length) {
-      throw new NotAuthenticated('No authentication strategies allowed for creating a JWT (`authStrategies`)');
+      throw new NotAuthenticated('No authentication strategies allowed for creating a JWT (`authStrategies`)')
     }
 
-    const authResult = await this.authenticate(data, params, ...authStrategies);
+    const authResult = await this.authenticate(data, params, ...authStrategies)
 
-    debug('Got authentication result', authResult);
+    debug('Got authentication result', authResult)
 
     if (authResult.accessToken) {
-      return authResult;
+      return authResult
     }
 
-    const [ payload, jwtOptions ] = await Promise.all([
+    const [payload, jwtOptions] = await Promise.all([
       this.getPayload(authResult, params),
       this.getTokenOptions(authResult, params)
-    ]);
+    ])
 
-    debug('Creating JWT with', payload, jwtOptions);
+    debug('Creating JWT with', payload, jwtOptions)
 
-    const accessToken = await this.createAccessToken(payload, jwtOptions, params.secret);
+    const accessToken = await this.createAccessToken(payload, jwtOptions, params.secret)
 
-    return merge({ accessToken }, authResult, {
+    return {
+      accessToken,
+      ...authResult,
       authentication: {
-          accessToken,
-          payload: jsonwebtoken.decode(accessToken)
+        ...authResult.authentication,
+        payload: jsonwebtoken.decode(accessToken)
       }
-    });
+    }
   }
 
   /**
@@ -131,57 +150,54 @@ export class AuthenticationService extends AuthenticationBase implements Partial
    * @param id The JWT to remove or null
    * @param params Service call parameters
    */
-  async remove (id: string | null, params?: Params) {
-    const { authentication } = params;
-    const { authStrategies } = this.configuration;
+  async remove(id: string | null, params?: AuthenticationParams) {
+    const { authentication } = params
+    const { authStrategies } = this.configuration
 
     // When an id is passed it is expected to be the authentication `accessToken`
     if (id !== null && id !== authentication.accessToken) {
-      throw new NotAuthenticated('Invalid access token');
+      throw new NotAuthenticated('Invalid access token')
     }
 
-    debug('Verifying authentication strategy in remove');
+    debug('Verifying authentication strategy in remove')
 
-    return this.authenticate(authentication, params, ...authStrategies);
+    return this.authenticate(authentication, params, ...authStrategies)
   }
 
   /**
    * Validates the service configuration.
    */
-  async setup () {
+  async setup() {
+    await super.setup()
+
     // The setup method checks for valid settings and registers the
     // connection and event (login, logout) hooks
-    const { secret, service, entity, entityId } = this.configuration;
+    const { secret, service, entity, entityId } = this.configuration
 
     if (typeof secret !== 'string') {
-      throw new Error('A \'secret\' must be provided in your authentication configuration');
+      throw new Error("A 'secret' must be provided in your authentication configuration")
     }
 
     if (entity !== null) {
       if (service === undefined) {
-        throw new Error('The \'service\' option is not set in the authentication configuration');
+        throw new Error("The 'service' option is not set in the authentication configuration")
       }
 
       if (this.app.service(service) === undefined) {
-        throw new Error(`The '${service}' entity service does not exist (set to 'null' if it is not required)`);
+        throw new Error(
+          `The '${service}' entity service does not exist (set to 'null' if it is not required)`
+        )
       }
 
       if (this.app.service(service).id === undefined && entityId === undefined) {
-        throw new Error(`The '${service}' service does not have an 'id' property and no 'entityId' option is set.`);
+        throw new Error(
+          `The '${service}' service does not have an 'id' property and no 'entityId' option is set.`
+        )
       }
     }
 
-    (this as any).hooks({
-      create: [ connection('login'), event('login') ],
-      remove: [ connection('logout'), event('logout') ]
-    });
-
-    this.app.on('disconnect', async (connection) => {
-      await this.handleConnection('disconnect', connection);
-    });
-
     if (typeof this.publish === 'function') {
-      this.publish(() => null);
+      this.publish(() => null)
     }
   }
 }

package/src/strategy.ts

@@ -1,34 +1,34 @@
-import { AuthenticationStrategy, AuthenticationBase } from './core';
-import { Application, Service } from '@feathersjs/feathers';
+import { AuthenticationStrategy, AuthenticationBase } from './core'
+import { Application, Service } from '@feathersjs/feathers'
 
 export class AuthenticationBaseStrategy implements AuthenticationStrategy {
-  authentication?: AuthenticationBase;
-  app?: Application;
-  name?: string;
+  authentication?: AuthenticationBase
+  app?: Application
+  name?: string
 
-  setAuthentication (auth: AuthenticationBase) {
-    this.authentication = auth;
+  setAuthentication(auth: AuthenticationBase) {
+    this.authentication = auth
   }
 
-  setApplication (app: Application) {
-    this.app = app;
+  setApplication(app: Application) {
+    this.app = app
   }
 
-  setName (name: string) {
-    this.name = name;
+  setName(name: string) {
+    this.name = name
   }
 
-  get configuration () {
-    return this.authentication.configuration[this.name];
+  get configuration(): any {
+    return this.authentication.configuration[this.name]
   }
 
-  get entityService (): Service<any> {
-    const { service } = this.configuration;
+  get entityService(): Service {
+    const { service } = this.configuration
 
     if (!service) {
-      return null;
+      return null
     }
 
-    return this.app.service(service) || null;
+    return this.app.service(service) || null
   }
 }