Pass auth error on try. Closes #1695

hapijs · Jun 9, 2014 · 6f6cbb3 · 6f6cbb3
1 parent bb3011e
commit 6f6cbb3
Show file tree

Hide file tree

Showing 3 changed files with 28 additions and 8 deletions.
diff --git a/docs/Reference.md b/docs/Reference.md
@@ -1412,6 +1412,7 @@ Each request object has the following properties:
     - `credentials` - the `credential` object received during the authentication process. The presence of an object does not mean
       successful authentication.
     - `artifacts` - an artifact object received from the authentication strategy and used in authentication-related actions.
+    - `error` - the authentication error is failed and mode set to `'try'`.
     - `session` - an object used by the [`'cookie'` authentication scheme](https://github.com/spumko/hapi-auth-cookie).
 - `domain` - the node domain object used to protect against exceptions thrown in extentions, handlers and prerequisites. Can be used to
   manually bind callback functions otherwise bound to other domains.

diff --git a/lib/auth.js b/lib/auth.js
@@ -171,17 +171,19 @@ internals.Auth.prototype._authenticate = function (request, next) {
         // Find next strategy
 
         if (strategyPos >= config.strategies.length) {
+            var err = Boom.unauthorized('Missing authentication', authErrors);
 
             if (config.mode === 'optional' ||
                 config.mode === 'try') {
 
                 request.auth.isAuthenticated = false;
                 request.auth.credentials = null;
+                request.auth.error = err;
                 request.log(['hapi', 'auth', 'unauthenticated']);
                 return next();
             }
 
-            return next(Boom.unauthorized('Missing authentication', authErrors));
+            return next(err);
         }
 
         var strategy = config.strategies[strategyPos];
@@ -224,9 +226,11 @@ internals.Auth.prototype._authenticate = function (request, next) {
             if (result.log) {
                 request.log(['hapi', 'auth', 'error', strategy].concat(result.log.tags), result.log.data);
             }
+            else if (err instanceof Error) {
+                request.log(['hapi', 'auth', 'error', 'unauthenticated'], err);
+            }
             else {
-                var tags = err.isBoom ? ['hapi', 'auth', 'error', 'unauthenticated'] : ['hapi', 'auth', 'response', 'unauthenticated'];
-                request.log(tags, (err.isBoom ? err : err.statusCode));
+                request.log(['hapi', 'auth', 'response', 'unauthenticated'], err.statusCode);
             }
 
             if (err.isMissing) {
@@ -242,6 +246,7 @@ internals.Auth.prototype._authenticate = function (request, next) {
                 request.auth.strategy = strategy;
                 request.auth.credentials = result.credentials;
                 request.auth.artifacts = result.artifacts;
+                request.auth.error = err;
                 request.log(['hapi', 'auth', 'unauthenticated', 'try'], err);
                 return next();
             }

diff --git a/test/auth.js b/test/auth.js
@@ -202,21 +202,35 @@ describe('Auth', function () {
 
     it('tries to authenticate a request', function (done) {
 
+        var handler = function (request, reply) {
+
+            reply({ status: request.auth.isAuthenticated, error: request.auth.error });
+        };
+
         var server = new Hapi.Server();
         server.auth.scheme('custom', internals.implementation);
         server.auth.strategy('default', 'custom', 'try', { users: { steve: {} } });
-        server.route({ method: 'GET', path: '/', handler: function (request, reply) { reply(request.auth.isAuthenticated); } });
+        server.route({ method: 'GET', path: '/', handler: handler });
 
         server.inject('/', function (res) {
 
             expect(res.statusCode).to.equal(200);
-            expect(res.result).to.equal(false);
+            expect(res.result.status).to.equal(false);
+            expect(res.result.error.message).to.equal('Missing authentication');
 
-            server.inject({ url: '/', headers: { authorization: 'Custom steve' } }, function (res) {
+            server.inject({ url: '/', headers: { authorization: 'Custom john' } }, function (res) {
 
                 expect(res.statusCode).to.equal(200);
-                expect(res.result).to.equal(true);
-                done();
+                expect(res.result.status).to.equal(false);
+                expect(res.result.error.message).to.equal('Missing credentials');
+
+                server.inject({ url: '/', headers: { authorization: 'Custom steve' } }, function (res) {
+
+                    expect(res.statusCode).to.equal(200);
+                    expect(res.result.status).to.equal(true);
+                    expect(res.result.error).to.not.exist;
+                    done();
+                });
             });
         });
     });