Update hapi to v16 and fix breaking changes

lib/config.js

@@ -27,7 +27,7 @@ const appSessionCookieSchema = Joi.object().keys({
   ephemeral: Joi.boolean().optional(),
   httpOnly: Joi.boolean().optional(),
   path: Joi.string().optional(),
-  sameSite: Joi.string().valid(['Lax', 'Strict', 'None']).optional(),
+  sameSite: Joi.string().valid('Lax', 'Strict', 'None').optional(),
   secure: Joi.boolean().optional()
 }).unknown(false);
 
@@ -41,7 +41,7 @@ const paramsSchema = Joi.object().keys({
     // Array of keys to allow for rotation.
     Joi.array().items(Joi.string()),
     // False to stop client session from being created.
-    Joi.boolean().valid([false])
+    Joi.boolean().valid(false)
   ]).required(),
   auth0Logout: Joi.boolean().optional().default(false),
   authorizationParams: Joi.object().optional(),
@@ -50,8 +50,8 @@ const paramsSchema = Joi.object().keys({
   clientSecret: Joi.string().optional(),
   clockTolerance: Joi.number().optional().default(60),
   errorOnRequiredAuth: Joi.boolean().optional().default(false),
-  getUser: Joi.func().optional().default(getUser),
-  handleCallback: Joi.func().optional().default(handleCallback),
+  getUser: Joi.function().optional().default(() => getUser),
+  handleCallback: Joi.function().optional().default(() => handleCallback),
   httpOptions: Joi.object().optional(),
   identityClaimFilter: Joi.array().optional().default(['aud', 'iss', 'iat', 'exp', 'nonce', 'azp', 'auth_time']),
   idpLogout: Joi.boolean().optional().default(false).when(
@@ -63,7 +63,7 @@ const paramsSchema = Joi.object().keys({
   loginPath: Joi.string().uri({relativeOnly: true}).optional().default('/login'),
   logoutPath: Joi.string().uri({relativeOnly: true}).optional().default('/logout'),
   redirectUriPath: Joi.string().uri({relativeOnly: true}).optional().default('/callback'),
-  required: Joi.alternatives([ Joi.func(), Joi.boolean()]).optional().default(true),
+  required: Joi.alternatives([ Joi.function(), Joi.boolean()]).optional().default(true),
   routes: Joi.boolean().optional().default(true),
   postLogoutRedirectUri: Joi.string().uri({allowRelative: true}).optional().default('/')
 });
@@ -86,7 +86,7 @@ If the user provides authorizationParams then
     authorizationParams.scope = defaultAuthorizeParams.scope;
   }
 
-  const authParamsValidation = Joi.validate(authorizationParams, authorizationParamsSchema);
+  const authParamsValidation = authorizationParamsSchema.validate(authorizationParams);
 
   if(authParamsValidation.error) {
     throw new Error(authParamsValidation.error.details[0].message);
@@ -99,7 +99,7 @@ function buildAppSessionCookieConfig(cookieConfig) {
 
   cookieConfig = cookieConfig && Object.keys(cookieConfig).length ? cookieConfig : {};
   cookieConfig = Object.assign({}, defaultAppSessionCookie, cookieConfig);
-  const cookieConfigValidation = Joi.validate(cookieConfig, appSessionCookieSchema);
+  const cookieConfigValidation = appSessionCookieSchema.validate(cookieConfig);
 
   if(cookieConfigValidation.error) {
     throw new Error(cookieConfigValidation.error.details[0].message);
@@ -113,7 +113,7 @@ module.exports.get = function(params) {
 
   loadEnvs(config);
 
-  const paramsValidation = Joi.validate(config, paramsSchema);
+  const paramsValidation = paramsSchema.validate(config);
 
   if(paramsValidation.error) {
     throw new Error(paramsValidation.error.details[0].message);

package.json

@@ -11,7 +11,7 @@
     "test": "mocha"
   },
   "dependencies": {
-    "@hapi/joi": "^15.1.1",
+    "@hapi/joi": "^16.1.8",
     "cb": "^0.1.0",
     "clone": "^2.1.2",
     "cookie": "^0.4.0",

test/invalid_params.tests.js

@@ -21,7 +21,7 @@ describe('invalid parameters', function() {
         issuerBaseURL: '__invalid_url__',
         clientID: '__test_client_id__'
       });
-    }, '"issuerBaseURL" must be a valid uri');
+    }, '"issuerBaseURL" does not match any of the allowed types');
   });
 
   it('should fail when the baseURL is invalid', function() {
@@ -94,7 +94,7 @@ describe('invalid parameters', function() {
   it('should fail when app session secret is invalid', function() {
     assert.throws(() => {
       expressOpenid.auth(getTestConfig({appSessionSecret: {key: '__test_session_secret__'}}));
-    }, '"appSessionSecret" must be a string');
+    }, '"appSessionSecret" must be one of [string, array, false]');
   });
 
   it('should fail when app session cookie httpOnly is not a boolean', function() {