Remove unauthorized payload.attributes

hapijs · Dec 5, 2023 · d277413 · d277413
1 parent 2153682
commit d277413
Show file tree

Hide file tree

Showing 3 changed files with 5 additions and 25 deletions.
diff --git a/API.md b/API.md
@@ -102,7 +102,8 @@ Returns a 401 Unauthorized error where:
   - an array of string values. These values will be separated by ', ' and set to the 'WWW-Authenticate' header.
 - `attributes` - an object of values to use while setting the 'WWW-Authenticate' header. This value is only used
   when `scheme` is a string, otherwise it is ignored. Every key/value pair will be included in the
-  'WWW-Authenticate' in the format of 'key="value"' as well as in the response payload under the `attributes` key.  Alternatively value can be a string which is use to set the value of the scheme, for example setting the token value for negotiate header.  If string is used message parameter must be null.
+  'WWW-Authenticate' in the format of 'key="value"'. Alternatively value can be a string which is used to set the
+  value of the scheme, for example setting the token value for negotiate header.  If string is used message parameter must be null.
   `null` and `undefined` will be replaced with an empty string. If `attributes` is set, `message` will be used as
   the 'error' segment of the 'WWW-Authenticate' header. If `message` is unset, the 'error' segment of the header
   will not be present and `isMissing` will be true on the error object.
@@ -135,10 +136,7 @@ Generates the following response:
 "payload": {
     "statusCode": 401,
     "error": "Unauthorized",
-    "message": "invalid password",
-    "attributes": {
-        "error": "invalid password"
-    }
+    "message": "invalid password"
 },
 "headers": {
   "WWW-Authenticate": "sample error=\"invalid password\""
@@ -154,8 +152,7 @@ Generates the following response:
 ```json
 "payload": {
     "statusCode": 401,
-    "error": "Unauthorized",
-    "attributes": "VGhpcyBpcyBhIHRlc3QgdG9rZW4="
+    "error": "Unauthorized"
 },
 "headers": {
   "WWW-Authenticate": "Negotiate VGhpcyBpcyBhIHRlc3QgdG9rZW4="
@@ -172,13 +169,7 @@ Generates the following response:
 "payload": {
     "statusCode": 401,
     "error": "Unauthorized",
-    "message": "invalid password",
-    "attributes": {
-        "error": "invalid password",
-        "ttl": 0,
-        "cache": "",
-        "foo": "bar"
-    }
+    "message": "invalid password"
 },
 "headers": {
   "WWW-Authenticate": "sample ttl=\"0\", cache=\"\", foo=\"bar\", error=\"invalid password\""

diff --git a/lib/index.js b/lib/index.js
@@ -221,23 +221,15 @@ exports.unauthorized = function (message, scheme, attributes) {          // Or (
 
     let wwwAuthenticate = `${scheme}`;
 
-    if (attributes ||
-        message) {
-
-        err.output.payload.attributes = {};
-    }
-
     if (attributes) {
         if (typeof attributes === 'string') {
             wwwAuthenticate += ' ' + Hoek.escapeHeaderAttribute(attributes);
-            err.output.payload.attributes = attributes;
         }
         else {
             wwwAuthenticate += ' ' + Object.keys(attributes).map((name) => {
 
                 const value = attributes[name] ?? '';
 
-                err.output.payload.attributes[name] = value;
                 return `${name}="${Hoek.escapeHeaderAttribute(value.toString())}"`;
             })
                 .join(', ');
@@ -250,7 +242,6 @@ exports.unauthorized = function (message, scheme, attributes) {          // Or (
         }
 
         wwwAuthenticate += ` error="${Hoek.escapeHeaderAttribute(message)}"`;
-        err.output.payload.attributes.error = message;
     }
     else {
         err.isMissing = true;

diff --git a/test/index.js b/test/index.js
@@ -357,15 +357,13 @@ describe('Boom', () => {
             const err = Boom.unauthorized('boom', 'Test', { a: 1, b: 'something', c: null, d: 0 });
             expect(err.output.statusCode).to.equal(401);
             expect(err.output.headers['WWW-Authenticate']).to.equal('Test a="1", b="something", c="", d="0", error="boom"');
-            expect(err.output.payload.attributes).to.equal({ a: 1, b: 'something', c: '', d: 0, error: 'boom' });
         });
 
         it('returns a WWW-Authenticate header from string input instead of object', () => {
 
             const err = Boom.unauthorized(null, 'Negotiate', 'VGhpcyBpcyBhIHRlc3QgdG9rZW4=');
             expect(err.output.statusCode).to.equal(401);
             expect(err.output.headers['WWW-Authenticate']).to.equal('Negotiate VGhpcyBpcyBhIHRlc3QgdG9rZW4=');
-            expect(err.output.payload.attributes).to.equal('VGhpcyBpcyBhIHRlc3QgdG9rZW4=');
         });
 
         it('returns a WWW-Authenticate header when passed attributes, missing error', () => {