@hitchy/plugin-auth 0.5.3 → 0.5.5

package/api/policy/authentication.js

@@ -4,6 +4,7 @@ export default function() { // eslint-disable-line jsdoc/require-jsdoc
 
 	const logAlert = api.log( "hitchy:auth:alert" );
 	const logDebug = api.log( "hitchy:auth:debug" );
+	const logInfo = api.log( "hitchy:auth:info" );
 
 	/**
 	 * Implements policy handlers transparently managing authentication process
@@ -61,8 +62,9 @@ export default function() { // eslint-disable-line jsdoc/require-jsdoc
 				return;
 			}
 
-			const match = /^basic\s+([a-z0-9+/]+={1,2})$/i.exec( req.headers.authorization );
+			const match = /^basic\s+([a-z0-9+/]+={0,2})$/i.exec( req.headers.authorization );
 			if ( !match ) {
+				logDebug( "missing proper Authorization request header for basic authentication" );
 				next();
 				return;
 			}
@@ -70,6 +72,7 @@ export default function() { // eslint-disable-line jsdoc/require-jsdoc
 			const decoded = Buffer.from( match[1], "base64" ).toString( "utf8" );
 			const parts = /^([^:]+):(.+)$/.exec( decoded );
 			if ( !parts ) {
+				logDebug( "decoding Authorization request header for basic authentication has failed" );
 				next();
 				return;
 			}
@@ -80,7 +83,11 @@ export default function() { // eslint-disable-line jsdoc/require-jsdoc
 
 					this.qualifyAuthenticated( req, res, next );
 				} )
-				.catch( next );
+				.catch( cause => {
+					logInfo( `basic authentication failed: ${cause.message}` );
+
+					next( new service.HttpException( 403, "basic authentication failed" ) );
+				} );
 		}
 
 		/**

package/api/service/auth/manager.js

@@ -269,7 +269,7 @@ export default function() { // eslint-disable-line jsdoc/require-jsdoc
 
 			switch ( candidates.length ) {
 				case 0 :
-					throw new services.HttpException( 400, `no such local user: ${username}` );
+					throw new services.HttpException( 404, `no such local user: ${username}` );
 
 				case 1 : {
 					const [user] = candidates;

package/api/service/authorization/tree.js

@@ -157,6 +157,7 @@ export default function() { // eslint-disable-line jsdoc/require-jsdoc
 		 */
 		isAuthorized( selector, user, roles, acceptByDefault = false ) {
 			let result = 0;
+			let reason;
 
 			try {
 				this.selectNode( selector, false, node => {
@@ -164,6 +165,7 @@ export default function() { // eslint-disable-line jsdoc/require-jsdoc
 
 					if ( localResult !== 0 ) {
 						result = localResult;
+						reason = ( localResult > 0 ? "granted" : "rejected" ) + " by " + node.path();
 					}
 				} );
 			} catch ( cause ) {
@@ -172,13 +174,16 @@ export default function() { // eslint-disable-line jsdoc/require-jsdoc
 			}
 
 			if ( result > 0 ) {
+				logDebug( `${user || "<guest>"} with roles ${roles ?? "<none>"} may access ${selector} (${reason})` );
 				return true;
 			}
 
 			if ( result < 0 ) {
+				logDebug( `${user || "<guest>"} with roles ${roles ?? "<none>"} must not access ${selector} (${reason})` );
 				return false;
 			}
 
+			logDebug( `${user || "<guest>"} with roles ${roles ?? "<none>"} ${acceptByDefault ? "may" : "must not"} access ${selector} by default` );
 			return Boolean( acceptByDefault );
 		}
 

package/package.json

@@ -1,6 +1,6 @@
 {
 	"name": "@hitchy/plugin-auth",
-	"version": "0.5.3",
+	"version": "0.5.5",
 	"description": "user authentication and authorization for Hitchy",
 	"type": "module",
 	"main": "index.js",
@@ -28,17 +28,17 @@
 	"peerDependencies": {
 		"@hitchy/core": "1.x",
 		"@hitchy/plugin-cookies": "0.1.x",
-		"@hitchy/plugin-odem": "0.11.x",
+		"@hitchy/plugin-odem": "0.13.x",
 		"@hitchy/plugin-session": "0.4.x"
 	},
 	"devDependencies": {
-		"@hitchy/core": "^1.1.0",
+		"@hitchy/core": "^1.1.4",
 		"@hitchy/server-dev-tools": "^0.8.6",
 		"@hitchy/types": "^0.1.3",
 		"c8": "^10.1.3",
-		"eslint": "^9.19.0",
+		"eslint": "^9.23.0",
 		"eslint-config-cepharum": "^2.0.2",
-		"mermaid": "^11.4.1",
+		"mermaid": "^11.6.0",
 		"mocha": "^11.1.0",
 		"openid-client": "^5.7.1",
 		"passport-saml": "^3.2.4",