diff --git a/package.json b/package.json index 18412c48..6fd33e22 100644 --- a/package.json +++ b/package.json @@ -51,6 +51,7 @@ "debug": "^2.2.0", "feathers-commons": "^0.7.5", "feathers-errors": "^2.4.0", + "feathers-socket-commons": "^2.3.1", "jsonwebtoken": "^7.1.9", "lodash.merge": "^4.6.0", "lodash.omit": "^4.5.0", diff --git a/src/base.js b/src/base.js index 30ba8d18..36262620 100644 --- a/src/base.js +++ b/src/base.js @@ -4,6 +4,8 @@ import middlewares from './middleware/authentication'; const debug = Debug('feathers-authentication:authentication:base'); +// A basic Authentication class that allows to create and verify JWTs +// and also run through a token authentication chain export default class Authentication { constructor(app, options) { this.options = options; @@ -16,6 +18,7 @@ export default class Authentication { this._middleware.isInitial = true; } + // Register one or more handlers for the JWT verification chain use(... middleware) { // Reset the default middleware chain if(this._middleware.isInitial) { @@ -31,6 +34,7 @@ export default class Authentication { return this; } + // Run the JWT verification chain against data authenticate(data) { let promise = Promise.resolve(data); @@ -46,6 +50,8 @@ export default class Authentication { return promise; } + // Returns a { token } object either from a string, + // an HTTP request object or another object with a `.token` property getJWT(data) { const { header } = this.options; @@ -70,7 +76,7 @@ export default class Authentication { debug('Token found in header', token); } - return Promise.resolve({ token, req }); + return Promise.resolve({ token }); } else if (typeof data === 'object' && data.token) { return Promise.resolve({ token: data.token }); diff --git a/src/index.js b/src/index.js index 3297cf78..f3cae2ae 100644 --- a/src/index.js +++ b/src/index.js @@ -7,7 +7,6 @@ import { socketioHandler, primusHandler } from './middleware/socket'; import getOptions from './options'; import Authentication from './base'; import service from './service'; -// import tokenAuth from './token-auth'; const debug = Debug('feathers-authentication:index'); @@ -32,14 +31,12 @@ export default function init(config = {}) { options.cookie.secure = false; } - debug('Initializing base Authentication class'); - app.authentication = new Authentication(app, options); + debug('Setting up Authentication class and Express middleware'); - debug('registering Express authentication middleware'); + app.authentication = new Authentication(app, options); + app.authenticate = app.authentication.authenticate.bind(app.authenticate); app.use(express.getJWT(options)); - app.configure(service(options)); - // app.configure(tokenAuth(options)); app.setup = function() { let result = _super.apply(this, arguments); diff --git a/src/middleware/authentication/populate-user.js b/src/middleware/authentication/populate-user.js index 627bd9c4..680172b6 100644 --- a/src/middleware/authentication/populate-user.js +++ b/src/middleware/authentication/populate-user.js @@ -3,6 +3,7 @@ import Debug from 'debug'; const debug = Debug('feathers-authentication:token:populate-user'); export default function(options) { + const app = this; const { user } = options; if (!user.service) { @@ -14,7 +15,6 @@ export default function(options) { } return function populateUser(data) { - const app = this; const service = typeof user.service === 'string' ? app.service(user.service) : user.service; const { payloadField } = user; diff --git a/src/middleware/authentication/verify-key.js b/src/middleware/authentication/verify-key.js index bcd87aae..7435f2ef 100644 --- a/src/middleware/authentication/verify-key.js +++ b/src/middleware/authentication/verify-key.js @@ -4,7 +4,7 @@ const debug = Debug('feathers-authentication:token:verifyKey'); export default function(options) { return function verifyKey(data) { - if (data && data.token) { + if (data && data[options.keyfield]) { const app = this; const key = data[options.keyfield]; diff --git a/src/middleware/socket/handler.js b/src/middleware/socket/handler.js index 0a293f2d..58ae6310 100644 --- a/src/middleware/socket/handler.js +++ b/src/middleware/socket/handler.js @@ -1,20 +1,19 @@ import Debug from 'debug'; -// import errors from 'feathers-errors'; +import errors from 'feathers-errors'; +import { normalizeError } from 'feathers-socket-commons/lib/utils'; const debug = Debug('feathers-authentication:sockets:handler'); -export function normalizeError(e) { - let result = {}; - - Object.getOwnPropertyNames(e).forEach(key => result[key] = e[key]); - - if(process.env.NODE_ENV === 'production') { - delete result.stack; +function handleSocketCallback(promise, callback) { + if(typeof callback === 'function') { + promise.then(data => callback(null, data)) + .catch(error => { + debug(`Socket authentication error`, error); + callback(normalizeError(error)); + }); } - delete result.hook; - - return result; + return promise; } export default function setupSocketHandler(app, options, { @@ -23,41 +22,54 @@ export default function setupSocketHandler(app, options, { const service = app.service(options.service); - if(!service) { - throw new Error(`Could not find authentication service '${options.service}'`); - } - return function(socket) { - const authenticate = (data, callback = () => {}) => { - service.create(data, { provider }) - .then( ({ token }) => { + const authenticate = function (data, callback = () => {}) { + const promise = service.create(data, { provider }) + .then(jwt => app.authentication.authenticate(jwt)) + .then(result => { + if(!result.authenticated) { + throw new errors.NotAuthenticated('Authentication was not successful'); + } + + const { token } = result; + const connection = feathersParams(socket); + debug(`Successfully authenticated socket with token`, token); - feathersParams(socket).token = token; + // Add the token to the connection so that it shows up as `params.token` + connection.token = token; + + app.emit('login', result, { + provider, socket, connection + }); return { token }; - }) - .then(data => callback(null, data)) - .catch(error => { - debug(`Socket authentication error`, error); - callback(normalizeError(error)); }); + + handleSocketCallback(promise, callback); }; - const logout = (callback = () => {}) => { - const params = feathersParams(socket); - const { token } = params; + const logout = function (callback = () => {}) { + const connection = feathersParams(socket); + const { token } = connection; if(token) { - debug('Authenticated socket disconnected', token); + debug('Logging out socket with token', token); - delete params.token; + delete connection.token; - service.remove(token) - .then(data => callback(null, data)) - .catch(error => { - debug(`Error logging out socket`, error); - callback(error); + const promise = service.remove(token, { provider }) + .then(jwt => app.authentication.authenticate(jwt)) + .then(result => { + debug(`Successfully logged out socket with token`, token); + + app.emit('logout', result, { + provider, socket, connection + }); + + return result; }); + + handleSocketCallback(promise, callback); } }; diff --git a/src/middleware/socket/index.js b/src/middleware/socket/index.js index f7d95f10..83983adb 100644 --- a/src/middleware/socket/index.js +++ b/src/middleware/socket/index.js @@ -24,7 +24,7 @@ export function primusHandler(app, options = {}) { const providerSettings = { provider: 'primus', emit: 'send', - disconnect: 'disconnection', + disconnect: 'end', feathersParams(socket) { return socket.request.feathers; } diff --git a/src/service.js b/src/service.js index b8fb6d57..eefe20d1 100644 --- a/src/service.js +++ b/src/service.js @@ -21,10 +21,6 @@ class Service { } remove(id, params) { - if (params.provider && !params.authentication) { - return Promise.reject(new Error(`External ${params.provider} requests need to run through an authentication provider`)); - } - const token = id !== null ? id : params.token; this.emit('logout', { token }); @@ -48,4 +44,4 @@ export default function init(options){ }; } -init.Service = Service; \ No newline at end of file +init.Service = Service; diff --git a/test/base.test.js b/test/base.test.js index 79f9e01e..626afce8 100644 --- a/test/base.test.js +++ b/test/base.test.js @@ -95,7 +95,6 @@ describe('Feathers Authentication Base Class', () => { }; return auth.getJWT(mockRequest).then(data => { - expect(data.req).to.equal(mockRequest); expect(data.token).to.equal('sometoken'); }); }); @@ -108,7 +107,6 @@ describe('Feathers Authentication Base Class', () => { }; return auth.getJWT(mockRequest).then(data => { - expect(data.req).to.equal(mockRequest); expect(data.token).to.equal('sometoken'); }); }); diff --git a/test/fixtures/server.js b/test/fixtures/server.js index 933aa2b1..de57973b 100644 --- a/test/fixtures/server.js +++ b/test/fixtures/server.js @@ -45,6 +45,12 @@ export default function(settings, useSocketio = true) { userId: 0, authentication: 'test-auth' }; + } else if(hook.data.login === 'testing-fail') { + hook.params.authentication = 'test-auth'; + + hook.data.payload = { + authentication: 'test-auth' + }; } } }); diff --git a/test/integration/primus.test.js b/test/integration/primus.test.js new file mode 100644 index 00000000..5bdcbd86 --- /dev/null +++ b/test/integration/primus.test.js @@ -0,0 +1,157 @@ +import { expect } from 'chai'; +import createApplication from '../fixtures/server'; + +describe('Primus authentication', function() { + this.timeout(10000); + + const PORT = 9889; + const app = createApplication({ + secret: 'supersecret' + }, false); + + let primus, Socket; + + before(function(done) { + this.server = app.listen(PORT); + this.server.once('listening', () => { + Socket = app.primus.Socket; + done(); + }); + }); + + beforeEach(done => { + primus = new Socket(`http://localhost:${PORT}`); + primus.on('open', () => done()); + }); + + after(function() { + this.server.close(); + }); + + it('returns not authenticated error for protected endpoint', done => { + primus.send('todos::get', 'laundry', e => { + expect(e.name).to.equal('NotAuthenticated'); + expect(e.code).to.equal(401); + + done(); + }); + }); + + it('creates a token using the `authenticate` event', done => { + primus.send('authenticate', { + login: 'testing' + }, function(error, data) { + expect(error).to.not.be.ok; + expect(data.token).to.exist; + done(); + }); + }); + + it('`authenticate` with error', done => { + primus.send('authenticate', { + login: 'testing-fail' + }, function(error) { + expect(error).to.be.ok; + expect(error.name).to.equal('NotAuthenticated'); + done(); + }); + }); + + it('authenticated socket allows accesss and populates user', done => { + primus.send('authenticate', { + login: 'testing' + }, function(error) { + if(error) { + return done(error); + } + + primus.send('todos::get', 'laundry', function(error, data) { + expect(data).to.deep.equal({ + id: 'laundry', + description: 'You have to do laundry', + user: { id: 0, name: 'Tester' } + }); + done(); + }); + }); + }); + + it('app `login` event', done => { + app.once('login', function(result, info) { + expect(result.token).to.exist; + expect(result.payload).to.exist; + expect(result.payload.userId).to.equal(0); + expect(result.authenticated).to.be.ok; + expect(result.user).to.deep.equal({ id: 0, name: 'Tester' }); + + expect(info.provider).to.equal('primus'); + expect(info.connection.token).to.equal(result.token); + expect(info.socket).to.exist; + + done(); + }); + + primus.send('authenticate', { + login: 'testing' + }); + }); + + it('app `logout` event', done => { + app.once('logout', function(result, info) { + expect(result.token).to.exist; + expect(result.payload).to.exist; + expect(result.payload.userId).to.equal(0); + expect(result.authenticated).to.be.ok; + expect(result.user).to.deep.equal({ id: 0, name: 'Tester' }); + + expect(info.provider).to.equal('primus'); + expect(info.socket).to.exist; + + done(); + }); + + primus.send('authenticate', { + login: 'testing' + }, () => primus.send('logout')); + }); + + it('disconnecting sends `logout` event', done => { + primus.send('authenticate', { + login: 'testing' + }, function(error) { + if(error) { + return done(error); + } + + app.once('logout', function(result, info) { + expect(result.token).to.exist; + expect(result.payload).to.exist; + expect(result.payload.userId).to.equal(0); + expect(result.authenticated).to.be.ok; + expect(result.user).to.deep.equal({ id: 0, name: 'Tester' }); + + expect(info.provider).to.equal('primus'); + expect(info.socket).to.exist; + + done(); + }); + + primus.end(); + }); + }); + + it('no access allowed after logout', done => { + app.once('logout', function() { + primus.send('todos::get', 'laundry', e => { + expect(e.name).to.equal('NotAuthenticated'); + expect(e.code).to.equal(401); + + done(); + }); + }); + + primus.send('authenticate', { + login: 'testing' + }, () => primus.send('logout')); + }); +}); diff --git a/test/integration/socketio.test.js b/test/integration/socketio.test.js index af541dd8..0062c64e 100644 --- a/test/integration/socketio.test.js +++ b/test/integration/socketio.test.js @@ -1,4 +1,4 @@ -// import { expect } from 'chai'; +import { expect } from 'chai'; import io from 'socket.io-client'; import createApplication from '../fixtures/server'; @@ -14,10 +14,11 @@ describe('Socket.io authentication', function() { before(function(done) { this.server = app.listen(PORT); - this.server.once('listening', () => { - socket = io(`http://localhost:${PORT}`); - done(); - }); + this.server.once('listening', () => done()); + }); + + beforeEach(function() { + socket = io(`http://localhost:${PORT}`); }); after(function() { @@ -25,54 +26,129 @@ describe('Socket.io authentication', function() { }); it('returns not authenticated error for protected endpoint', done => { + socket.emit('todos::get', 'laundry', e => { + expect(e.name).to.equal('NotAuthenticated'); + expect(e.code).to.equal(401); + + done(); + }); + }); + + it('creates a token using the `authenticate` event', done => { + socket.emit('authenticate', { + login: 'testing' + }, function(error, data) { + expect(error).to.not.be.ok; + expect(data.token).to.exist; + done(); + }); + }); + + it('`authenticate` with error', done => { + socket.emit('authenticate', { + login: 'testing-fail' + }, function(error) { + expect(error).to.be.ok; + expect(error.name).to.equal('NotAuthenticated'); + done(); + }); + }); + + it('authenticated socket allows accesss and populates user', done => { + socket.emit('authenticate', { + login: 'testing' + }, function(error) { + if(error) { + return done(error); + } + + socket.emit('todos::get', 'laundry', function(error, data) { + expect(data).to.deep.equal({ + id: 'laundry', + description: 'You have to do laundry', + user: { id: 0, name: 'Tester' } + }); + done(); + }); + }); + }); + + it('app `login` event', done => { + app.once('login', function(result, info) { + expect(result.token).to.exist; + expect(result.payload).to.exist; + expect(result.payload.userId).to.equal(0); + expect(result.authenticated).to.be.ok; + expect(result.user).to.deep.equal({ id: 0, name: 'Tester' }); + + expect(info.provider).to.equal('socketio'); + expect(info.connection.token).to.equal(result.token); + expect(info.socket).to.exist; + + done(); + }); + socket.emit('authenticate', { login: 'testing' - }, function() { - console.log(arguments); + }); + }); + + it('app `logout` event', done => { + app.once('logout', function(result, info) { + expect(result.token).to.exist; + expect(result.payload).to.exist; + expect(result.payload.userId).to.equal(0); + expect(result.authenticated).to.be.ok; + expect(result.user).to.deep.equal({ id: 0, name: 'Tester' }); + + expect(info.provider).to.equal('socketio'); + expect(info.socket).to.exist; + done(); }); + + socket.emit('authenticate', { + login: 'testing' + }, () => socket.emit('logout')); }); - // it('creates a valid token via HTTP with custom auth', () => { - // return request({ - // url: '/authentication', - // method: 'POST', - // body: { - // login: 'testing' - // } - // }).then(body => { - // expect(body.token).to.exist; - // return app.authentication.verifyJWT(body); - // }).then(verifiedToken => { - // const p = verifiedToken.payload; - - // expect(p).to.exist; - // expect(p.iss).to.equal('feathers'); - // expect(p.userId).to.equal(0); - // expect(p.authentication).to.equal('test-auth'); - // }); - // }); - - // it('allows access to protected service with valid token, populates user', () => { - // return request({ - // url: '/authentication', - // method: 'POST', - // body: { - // login: 'testing' - // } - // }).then(login => - // request({ - // url: '/todos/dishes', - // headers: { - // 'Authorization': login.token - // } - // }) - // ).then(data => { - // expect(data).to.deep.equal({ - // id: 'dishes', - // description: 'You have to do dishes', - // user: { id: 0, name: 'Tester' } - // }); - // }); - // }); + it('disconnecting sends `logout` event', done => { + socket.emit('authenticate', { + login: 'testing' + }, function(error) { + if(error) { + return done(error); + } + + app.once('logout', function(result, info) { + expect(result.token).to.exist; + expect(result.payload).to.exist; + expect(result.payload.userId).to.equal(0); + expect(result.authenticated).to.be.ok; + expect(result.user).to.deep.equal({ id: 0, name: 'Tester' }); + + expect(info.provider).to.equal('socketio'); + expect(info.socket).to.exist; + + done(); + }); + + socket.disconnect(); + }); + }); + + it('no access allowed after logout', done => { + app.once('logout', function() { + socket.emit('todos::get', 'laundry', e => { + expect(e.name).to.equal('NotAuthenticated'); + expect(e.code).to.equal(401); + + done(); + }); + }); + + socket.emit('authenticate', { + login: 'testing' + }, () => socket.emit('logout')); + }); });