Merge pull request #112 from dwyl/try-mode

Try mode
dwyl · Oct 17, 2015 · de2a6a3 · de2a6a3
2 parents 6b80b3f + cc429bc
commit de2a6a3
Show file tree

Hide file tree

Showing 3 changed files with 90 additions and 5 deletions.
diff --git a/lib/index.js b/lib/index.js
@@ -28,10 +28,6 @@ internals.implementation = function (server, options) {
     authenticate: function (request, reply) {
       var token = extract(request, options);
 
-      if (!token && request.auth.mode !== 'required') {
-        return reply.continue({ credentials: {} });
-      }
-
       if (!token) {
         return reply(Boom.unauthorized(null, 'Token'));
       }

diff --git a/package.json b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "hapi-auth-jwt2",
-  "version": "5.1.1",
+  "version": "5.1.2",
   "description": "Hapi.js Authentication Plugin/Scheme using JSON Web Tokens (JWT)",
   "main": "lib/index.js",
   "repository": {

diff --git a/test/try-and-optional-auth-mode.test.js b/test/try-and-optional-auth-mode.test.js
@@ -0,0 +1,89 @@
+var test   = require('tape');
+var Hapi   = require('hapi');
+var JWT    = require('jsonwebtoken');
+var secret = 'NeverShareYourSecret';
+
+test('Auth mode \'try\' should not set isAuthenticated to true when no token sent', function (t) {
+  t.plan(3);
+
+  var server = new Hapi.Server({ debug: {"request": ["error", "uncaught"]} });
+  server.connection();
+
+  server.register(require('../'), function (err) {
+    t.ifError(err, 'No error registering hapi-auth-jwt2 plugin');
+
+    server.auth.strategy('jwt', 'jwt', {
+      key: secret,
+      validateFunc: function (decoded, request, callback) {
+        return callback();
+      },
+      verifyOptions: {algorithms: ['HS256']}
+    });
+
+    server.route({
+      method: 'GET',
+      path: '/try',
+      handler: function (request, reply) {
+        // console.log(' - - - - - - - - - - - - - - - - - - - - - - -')
+        // console.log(request.auth);
+        // console.log(' - - - - - - - - - - - - - - - - - - - - - - -')
+        t.notOk(request.auth.isAuthenticated, 'isAuthenticated is false')
+        reply('TRY');
+      },
+      config: {
+        auth: {
+          strategy: 'jwt',
+          mode: 'try'
+        }
+      }
+    });
+
+    var options = {method: 'GET', url: '/try'};
+
+    server.inject(options, function (response) {
+      t.equal(response.statusCode, 200, 'Server returned HTTP 200');
+      t.end();
+    });
+  });
+});
+
+test('Auth mode \'optional\' should not set isAuthenticated to true when no token sent', function (t) {
+  t.plan(3);
+
+  var server = new Hapi.Server();
+  server.connection();
+
+  server.register(require('../'), function (err) {
+    t.ifError(err, 'No error registering hapi-auth-jwt2 plugin');
+
+    server.auth.strategy('jwt', 'jwt', {
+      key: secret,
+      validateFunc: function (decoded, request, callback) {
+        return callback();
+      },
+      verifyOptions: {algorithms: ['HS256']}
+    });
+
+    server.route({
+      method: 'GET',
+      path: '/optional',
+      handler: function (request, reply) {
+        t.notOk(request.auth.isAuthenticated, 'isAuthenticated is false')
+        reply('OPTIONAL');
+      },
+      config: {
+        auth: {
+          strategy: 'jwt',
+          mode: 'optional'
+        }
+      }
+    });
+
+    var options = {method: 'GET', url: '/optional'};
+
+    server.inject(options, function (response) {
+      t.equal(response.statusCode, 200, 'Server returned HTTP 200');
+      t.end();
+    });
+  });
+});