Merge pull request #79 from alanshaw/validate-err

resolves #77 error in validateFunc causes correct 500 series response to be sent to client

lib/index.js

@@ -59,7 +59,7 @@ internals.implementation = function (server, options) {
           else { // see: http://hapijs.com/tutorials/auth for validateFunc signature
             options.validateFunc(decoded, request, function (err, valid, credentials) { // bring your own checks
               if (err) {
-                return reply(Boom.unauthorized('Invalid token', 'Token'), null, err);
+                return reply(Boom.wrap(err));
               }
               else if (!valid) {
                 return reply(Boom.unauthorized('Invalid credentials', 'Token'), null, { credentials: credentials || decoded });

test/custom-parameters-server.js

@@ -14,7 +14,7 @@ var db = {
 // defining our own validate function lets us do something
 // useful/custom with the decodedToken before reply(ing)
 var validate = function (decoded, request, callback) {
-  return db[decoded.id].allowed ? callback(null, true) : callback('fail', false);
+  return db[decoded.id].allowed ? callback(null, true) : callback(null, false);
 };
 
 var home = function(req, reply) {

test/dynamic-key-server.js

@@ -45,7 +45,7 @@ var validate = function (decoded, request, callback) {
     return callback(null, true, credentials);
   }
   else {
-    return callback('fail', false);
+    return callback(null, false);
   }
 };
 

test/server.js

@@ -18,7 +18,7 @@ var validate = function (decoded, request, callback) {
     return callback(null, true);
   }
   else {
-    return callback('fail', false);
+    return callback(null, false);
   }
 };
 

test/validate-func-test.js

@@ -0,0 +1,42 @@
+var test   = require('tape');
+var Hapi   = require('hapi');
+var Boom   = require('boom');
+var JWT    = require('jsonwebtoken');
+var secret = 'NeverShareYourSecret';
+
+test('Should respond with 500 series error when validateFunc errs', function (t) {
+  t.plan(2);
+
+  var server = new Hapi.Server();
+  server.connection();
+
+  server.register(require('../'), function (err) {
+    t.ifError(err, 'No error registering hapi-auth-jwt2 plugin');
+
+    server.auth.strategy('jwt', 'jwt', {
+      key: secret,
+      validateFunc: function (decoded, request, callback) {
+        return callback(new Error('ASPLODE'));
+      },
+      verifyOptions: {algorithms: ['HS256']}
+    });
+
+    server.route({
+      method: 'POST',
+      path: '/privado',
+      handler: function (req, reply) { return reply('PRIVADO'); },
+      config: { auth: 'jwt' }
+    });
+
+    var options = {
+      method: 'POST',
+      url: '/privado',
+      headers: {Authorization: JWT.sign({id: 138, name: 'Test'}, secret)}
+    };
+
+    server.inject(options, function (response) {
+      t.equal(response.statusCode, 500, 'Server returned 500 for validateFunc error');
+      t.end();
+    });
+  });
+});