feat: Let strategies handle the connection (#1510)

packages/authentication-client/test/index.test.ts

@@ -27,7 +27,7 @@ describe('@feathersjs/authentication-client', () => {
         if (!app.get('authentication')) {
           throw new Error('Not logged in');
         }
-        
+
         return Promise.resolve({ id });
       }
     });

packages/authentication/src/core.ts

@@ -4,7 +4,7 @@ import jsonwebtoken, { SignOptions, Secret, VerifyOptions } from 'jsonwebtoken';
 import uuidv4 from 'uuid/v4';
 import { NotAuthenticated } from '@feathersjs/errors';
 import Debug from 'debug';
-import { Application, Params } from '@feathersjs/feathers';
+import { Application, Params, HookContext } from '@feathersjs/feathers';
 import { IncomingMessage, ServerResponse } from 'http';
 import defaultOptions from './options';
 
@@ -49,6 +49,13 @@ export interface AuthenticationStrategy {
    * @param params The service call parameters
    */
   authenticate? (authentication: AuthenticationRequest, params: Params): Promise<AuthenticationResult>;
+  /**
+   * Update a real-time connection according to this strategy.
+   *
+   * @param connection The real-time connection
+   * @param context The hook context
+   */
+  handleConnection? (connection: any, context: HookContext): Promise<HookContext>;
   /**
    * Parse a basic HTTP request and response for authentication request information.
    * @param req The HTTP request

packages/authentication/src/hooks/connection.ts

@@ -1,26 +1,23 @@
 import { HookContext } from '@feathersjs/feathers';
-import Debug from 'debug';
+import { omit } from 'lodash';
 
-const debug = Debug('@feathersjs/authentication/hooks/connection');
+import { AuthenticationBase } from '../core';
 
-export default (strategy = 'jwt') => (context: HookContext) => {
-  const { method, result, params: { connection } } = context;
-  const { accessToken, ...rest } = result;
+export default () => async (context: HookContext) => {
+  const { result, params: { connection } } = context;
 
   if (!connection) {
     return context;
   }
 
-  const { authentication = {} } = connection;
+  const service = context.service as unknown as AuthenticationBase;
+  const strategies = service.getStrategies(...Object.keys(service.strategies))
+    .filter(current => typeof current.handleConnection === 'function');
 
-  if (method === 'remove' && accessToken === authentication.accessToken) {
-    debug('Removing authentication information from real-time connection');
-    delete connection.authentication;
-  } else if (method === 'create' && accessToken) {
-    debug('Adding authentication information to real-time connection');
-    Object.assign(connection, rest, {
-      authentication: { strategy, accessToken }
-    });
+  Object.assign(connection, omit(result, 'accessToken', 'authentication'));
+
+  for (const strategy of strategies) {
+    await strategy.handleConnection(connection, context);
   }
 
   return context;

packages/authentication/src/hooks/events.ts → packages/authentication/src/hooks/event.ts

@@ -2,16 +2,11 @@ import Debug from 'debug';
 import { HookContext } from '@feathersjs/feathers';
 
 const debug = Debug('@feathersjs/authentication/hooks/connection');
-const EVENTS: { [key: string]: string } = {
-  create: 'login',
-  remove: 'logout'
-};
 
-export default () => (context: HookContext) => {
-  const { method, app, result, params } = context;
-  const event = EVENTS[method];
+export default (event: string) => (context: HookContext) => {
+  const { type, app, result, params } = context;
 
-  if (event && params.provider && result) {
+  if (type === 'after' && params.provider && result) {
     debug(`Sending authentication event '${event}'`);
     app.emit(event, result, params, context);
   }

packages/authentication/src/hooks/index.ts

@@ -1,3 +1,3 @@
 export { default as authenticate } from './authenticate';
 export { default as connection } from './connection';
-export { default as events } from './events';
+export { default as event } from './event';

packages/authentication/src/jwt.ts

@@ -1,10 +1,13 @@
 import { NotAuthenticated } from '@feathersjs/errors';
-import { omit } from 'lodash';
-import { AuthenticationRequest, AuthenticationResult } from './core';
-import { Params } from '@feathersjs/feathers';
 import { IncomingMessage } from 'http';
+import { omit } from 'lodash';
+import Debug from 'debug';
+import { Params, HookContext } from '@feathersjs/feathers';
+
 import { AuthenticationBaseStrategy } from './strategy';
+import { AuthenticationRequest, AuthenticationResult } from './core';
 
+const debug = Debug('@feathersjs/authentication/jwt');
 const SPLIT_HEADER = /(\S+)\s+(\S+)/;
 
 export class JWTStrategy extends AuthenticationBaseStrategy {
@@ -21,6 +24,25 @@ export class JWTStrategy extends AuthenticationBaseStrategy {
     };
   }
 
+  async handleConnection (connection: any, context: HookContext) {
+    const { result: { accessToken }, method } = context;
+
+    if (accessToken) {
+      if (method === 'create') {
+        debug('Adding authentication information to connection');
+        connection.authentication = {
+          strategy: this.name,
+          accessToken
+        };
+      } else if (method === 'remove' && accessToken === connection.authentication.accessToken) {
+        debug('Removing authentication information from connection');
+        delete connection.authentication;
+      }
+    }
+
+    return context;
+  }
+
   verifyConfiguration () {
     const allowedKeys = [ 'entity', 'service', 'header', 'schemes' ];
 
@@ -40,6 +62,8 @@ export class JWTStrategy extends AuthenticationBaseStrategy {
     const { entity } = this.configuration;
     const entityService = this.entityService;
 
+    debug('Getting entity', id);
+
     if (entityService === null) {
       throw new NotAuthenticated(`Could not find entity service`);
     }
@@ -96,6 +120,8 @@ export class JWTStrategy extends AuthenticationBaseStrategy {
       return null;
     }
 
+    debug('Found parsed header value');
+
     const [ , scheme = null, schemeValue = null ] = headerValue.match(SPLIT_HEADER) || [];
     const hasScheme = scheme && schemes.some(
       current => new RegExp(current, 'i').test(scheme)

packages/authentication/src/service.ts

@@ -2,7 +2,7 @@ import Debug from 'debug';
 import { merge, get } from 'lodash';
 import { NotAuthenticated } from '@feathersjs/errors';
 import { AuthenticationBase, AuthenticationResult, AuthenticationRequest } from './core';
-import { connection, events } from './hooks';
+import { connection, event } from './hooks';
 import { Application, Params, ServiceMethods } from '@feathersjs/feathers';
 
 const debug = Debug('@feathersjs/authentication/service');
@@ -154,6 +154,12 @@ export class AuthenticationService extends AuthenticationBase implements Partial
     }
 
     // @ts-ignore
-    this.hooks({ after: [ connection(), events() ] });
+    this.hooks({
+      after: [ connection() ],
+      finally: {
+        create: [ event('login') ],
+        remove: [ event('logout') ]
+      }
+    });
   }
 }

packages/authentication/test/hooks/events.test.ts → packages/authentication/test/hooks/event.test.ts

@@ -1,7 +1,7 @@
 import assert from 'assert';
 import feathers, { Params, HookContext } from '@feathersjs/feathers';
 
-import hook from '../../src/hooks/events';
+import hook from '../../src/hooks/event';
 import { AuthenticationRequest, AuthenticationResult } from '../../src/core';
 
 describe('authentication/hooks/events', () => {
@@ -19,7 +19,8 @@ describe('authentication/hooks/events', () => {
 
   service.hooks({
     after: {
-      all: [ hook() ]
+      create: [ hook('login') ],
+      remove: [ hook('logout') ]
     }
   });
 

packages/authentication/test/jwt.test.ts

@@ -72,6 +72,7 @@ describe('authentication/jwt', () => {
     });
 
     payload = await service.verifyAccessToken(accessToken);
+    app.setup();
   });
 
   it('getEntity', async () => {
@@ -91,6 +92,64 @@ describe('authentication/jwt', () => {
     });
   });
 
+  describe('updateConnection', () => {
+    it('adds authentication information on create', async () => {
+      const connection: any = {};
+
+      await app.service('authentication').create({
+        strategy: 'jwt',
+        accessToken
+      }, { connection });
+
+      assert.deepStrictEqual(connection.user, user);
+      assert.deepStrictEqual(connection.authentication, {
+        strategy: 'jwt',
+        accessToken
+      });
+    });
+
+    it('deletes authentication information on remove', async () => {
+      const connection: any = {};
+
+      await app.service('authentication').create({
+        strategy: 'jwt',
+        accessToken
+      }, { connection });
+
+      assert.ok(connection.authentication);
+
+      await app.service('authentication').remove(null, {
+        authentication: connection.authentication,
+        connection
+      });
+
+      assert.ok(!connection.authentication);
+    });
+
+    it('does not remove if accessToken does not match', async () => {
+      const connection: any = {};
+
+      await app.service('authentication').create({
+        strategy: 'jwt',
+        accessToken
+      }, { connection });
+
+      assert.ok(connection.authentication);
+
+      await app.service('authentication').remove(null, {
+        authentication: {
+          strategy: 'jwt',
+          accessToken: await app.service('authentication').createAccessToken({}, {
+            subject: `${user.id}`
+          })
+        },
+        connection
+      });
+
+      assert.ok(connection.authentication);
+    });
+  });
+
   describe('with authenticate hook', () => {
     it('fails for protected service and external call when not set', async () => {
       try {