Skip to content
This repository has been archived by the owner on Mar 22, 2022. It is now read-only.

1.0 Pre-release #336

Merged
merged 95 commits into from
Nov 16, 2016
Merged

1.0 Pre-release #336

merged 95 commits into from
Nov 16, 2016

Conversation

ekryski
Copy link
Member

@ekryski ekryski commented Oct 29, 2016
edited
Loading

Summary

This is a pretty big overhaul and now utilizes passport for the core authentication. This allows us to use any passport strategy from any location: hooks, express middleware, sockets. It also future proofs us so that all we need to do is adapt any other framework or transport to match the expected Passport request object.

Still to do:

  • Fix tests
  • Wrap up integration tests
  • Fix Auth Client to be consistent
  • Update docs
    • Highlight new features
    • Migration guide
    • Highlight data flow to create a JWT
    • Document public API/Options
    • Document basic usage
    • Document customizing JWT payload
    • Document verifying a JWT payload
    • Document not sending a JWT
    • Document refresh tokens
    • Document expected request object (writing a custom adapter)
  • Show examples. These likely should just be guides on Medium with gists

Stretch Goals

  • Add wrapper plugins for common authentication strategies that are are more feathers specific:

These should remove a bunch of the passport boilerplate around setting up middleware routes, looking up the user, verifying password, and populating the user. They should pull from the main app config object. This should make for an easier transition for people as they generally can just be a one liner. Example usage:

const auth = require('feathers-authentication');
const permissions = require('feathers-permissions');
const local = require('feathers-authentication-local');
const jwt = require('feathers-authentication-jwt');
const oauth2 = require('feathers-authentication-oauth2');
const FacebookStrategy = require('passport-facebook').Strategy;
const memory = require('feathers-memory');

app.configure(auth())
  .configure(local())
  .configure(jwt())
  .configure(oauth2({ //can provide multiple Oauth2 strategies
    facebook: { // defaults to '/auth/facebook' and '/auth/facebook/callback'
      strategy: FacebookStrategy
      clientID: '',
      clientSecret: '',
      options: { // passport options

      }
    }
  }))
  .use('/users', memory());

app.service('users').hooks({
  before: {
    all: [
      permissions.hooks.hasPermissions(),
      permissions.hooks.isPermitted()
    ]
    find: auth.hooks.authenticate('jwt'),
    get: auth.hooks.authenticate('jwt'),
    create: auth.hooks.hashPassword(),
    patch: auth.hooks.authenticate('jwt'),
    remove: auth.hooks.authenticate('jwt'),
  }
});

Other Information

Related to feathersjs-ecosystem/authentication-client#7

ekryski and others added 30 commits April 14, 2016 16:56
@ekryski
cleaning up dependencies
f6d247b
@ekryski
Merge branch 'master' into 0.8
14bb7b3
@ekryski
merging in master
545929a
@ekryski
removing auth redirects and exposing middleware
e6d4a86
@ekryski
expanding express middleware
521294a
@ekryski
moving what I can in services to setup method
da777d9
@ekryski
updating dependencies
36876c8
@ekryski
cleaning up middleware and adding debug logs
b6732ee
@ekryski
cleaning up services and adding debug logs
c031ac1
@ekryski
changing options for populate user hook to conform with other options
982ee1d
@ekryski
cleaning up main index file
ce3b534
@ekryski
fixing lint errors
a10f7a6
@ekryski
getting example app working
cfc09e0
@ekryski
fixing options for populate user middlware
a61df31
@ekryski
fixing socket logout emitting
f4018d2
@ekryski
restructuring so you can set hooks to construct your token payload if…
4fcdc41 
… you want to customize it
@ekryski
Default to a session cookie instead of 1 day
7dd6a56
@ekryski
Switch to "user" instead of "data" for the response from auth
444eca4
@ekryski
Make sure we clear the user out of locals so that you don't end up in…
f484d49 
… a weird state.
@ekryski
Allow passing options when creating a JWT.
681c2aa 
Used to customize the type of token we want to generate (ie. confirmation, password reset, etc.)
@ekryski
setting version
afe3ca2
@ekryski
don't throw an error in the decode token middleware
4dff589
@ekryski
bump version
6fafb6e
@ekryski
clearing cookie if use not found. Setting cookie age to same as JWT
ed19823
@ekryski
bump version
859178b
@marshallswain @ekryski
Don’t mix options when signing tokens (#255)
02e0682 
Fixes #254.
@marshallswain @ekryski
Attempt to get token right away. (#252)
880ca97 
* Attempt to get token right away.

This makes it so that we don’t have to wait for an async response in order to start making authenticated requests.

* Also set up localStorage.
@ekryski
fix restrict to owner hook methods. Closes #228
2c49e00
@ekryski
bump version
f6274fe
@ekryski
cookies should get set regardless of whether it was an xhr request if…
a972473 
… enabled
@ekryski ekryski mentioned this pull request Oct 29, 2016
Merged
5 tasks
This was referenced Oct 29, 2016
Closed
Closed
Closed
@ekryski ekryski mentioned this pull request Oct 31, 2016
Closed
marshallswain
marshallswain reviewed Nov 15, 2016
View reviewed changes
docs/migrating.md
- `auth.idField` has been removed. It is now included in all services so we can pull it internally without you needing to specify it.
- `auth.shouldSetupSuccessRoute` has been removed. Success redirect middleware is registered automatically but only triggers if you explicitly set a redirect. [See redirecting]() for more details.
- `auth.shouldSetupFailureRoute` has been removed. Failure redirect middleware is registered automatically but only triggers if you explicitly set a redirect. [See redirecting]() for more details.
- `auth.tokenEndpoint` has been removed. There isn't a token service anymore.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We should add a note stating why there isn't a token service anymore. Something like "It has been replaced by custom routes with auth strategies."

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sure thing. It sort of is still there though. Currently that's basically what the authentication service is. It generates and removes token.

marshallswain
marshallswain reviewed Nov 15, 2016
View reviewed changes
docs/migrating.md
- `auth.shouldSetupFailureRoute` has been removed. Failure redirect middleware is registered automatically but only triggers if you explicitly set a redirect. [See redirecting]() for more details.
- `auth.tokenEndpoint` has been removed. There isn't a token service anymore.
- `auth.localEndpoint` has been removed. There isn't a local service anymore. It is a passport plugin and has turned into `feathers-authentication-local`.
- `auth.userEndpoint` has been removed. It is now part of `feathers-authentication-local` and is `auth.local.service`.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

and is --> as

@ekryski
Copy link
Member Author

ekryski commented Nov 15, 2016

Tests aren't passing because the plugins and auth are all dependent on each other and aren't published yet. Almost done wrapping up the integration tests and I will publish a pre-release of all of them and then get the client wrapped up.

@ekryski ekryski merged commit 97f8004 into master Nov 16, 2016
@ekryski ekryski deleted the 1.0 branch November 16, 2016 22:59
@alanpog alanpog mentioned this pull request Nov 17, 2016
Closed
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@marshallswain marshallswain marshallswain left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@ekryski @marshallswain @daffl