Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Cannot get request.payload inside auth.strategy #3070

Closed
SJ-SivaSubrahmaniam opened this issue Mar 1, 2016 · 8 comments

Comments

Projects
None yet
4 participants
@SJ-SivaSubrahmaniam
Copy link

commented Mar 1, 2016

Am using 'hapi auth bearer token' strategy.. I can get all request inside strategy, though req.payload is null

am using post and am passing the json request. I can get payload inside handler function but payload is null inside auth.strategy. Is there anything i need to mention in config object to pass payload to strategies ?

@gergoerdosi

This comment has been minimized.

Copy link
Contributor

commented Mar 1, 2016

Why do you need the payload for bearer authentication?

@SJ-SivaSubrahmaniam

This comment has been minimized.

Copy link
Author

commented Mar 1, 2016

To check token against one more request .... is there a way to get payload inside strategy ?

@hueniverse

This comment has been minimized.

Copy link
Member

commented Mar 1, 2016

You have to use the auth payload function when creating the strategy.

@hueniverse hueniverse closed this Mar 1, 2016

@hueniverse hueniverse added the question label Mar 1, 2016

@hueniverse hueniverse self-assigned this Mar 1, 2016

@SJ-SivaSubrahmaniam

This comment has been minimized.

Copy link
Author

commented Mar 1, 2016

plugin.auth.strategy('validateToken', 'bearer-access-token', {
      allowQueryToken: true,              // optional, true by default
      allowMultipleHeaders: false,        // optional, false by default
      accessTokenName: 'access_token',    // optional, 'access_token' by default
      validateFunc: function (token, callback) {

           var request = this;

  });

hi can u explain how to pass payload in strategy ? am getting payload : null in THIS object.

@hueniverse

This comment has been minimized.

Copy link
Member

commented Mar 1, 2016

You can't. The strategy does not support it.

@SJ-SivaSubrahmaniam

This comment has been minimized.

Copy link
Author

commented Mar 1, 2016

so how can I get payload inside ? through scheme or from config object ?!!

@hueniverse

This comment has been minimized.

Copy link
Member

commented Mar 1, 2016

You cannot access the payload during the authentication step of the scheme because it was not processed yet. If you go read the docs about server.auth.scheme() you will see how you can write a new scheme that will look at the payload.

@zazapeta

This comment has been minimized.

Copy link

commented May 18, 2019

As said, we can't access to the req.payload into the authenticate method, but in the payload method.
For what it's worth, and for the sake of a complete example of how to use the payload auth :

// route should have the options.auth.payload set to true !
  {
    method: 'GET',
    path: '/your-headers-payload-protected-route',
    options: {
      description: 'a header and payload protected route ',
      auth: {
        strategy: 'headers-payload-protected',
        payload: true, // MANDATORY to activate the payload method defined in the scheme
      },
    },
    handler: (req, res) => {
       return req.auth.credentials; // contain {headers, payload}
    },
  },
'use strict';
// plugin that define the scheme
const assert = require('assert');
const Boom = require('@hapi/boom');

const defautValidate = () => ({
  isValid: true,
});

exports.plugin = {
  name: 'auth-headers-payload-plugin',
  version: '1.0.0',
  register: async (server) => {
    /**
     * @params options -- the options of the auth scheme
     * @params options.validateHeaders -- function that validate the header auth - should return at least { isValid }.
     *  The rest will be passed to { credentials : { headers: rest }}
     *  @params options.validatePayload -- function that validate the payload auth - should return at least { isValid }.
     *  The rest will be passed to { credentials : { payload : rest }}
     */
    server.auth.scheme('auth-headers-payload', function(server, options) {
      const validateHeaders = options.validateHeaders || defautValidate;
      const validatePayload = options.validatePayload || defautValidate;
      assert(
        typeof validateHeaders === 'function',
        'options.validateHeaders must be a valid function',
      );
      assert(
        typeof validatePayload === 'function',
        'options.validatePayload must be a valid function',
      );
      return {
        authenticate: async (req, res) => {
          const { isValid, ...rest } = await validateHeaders(req, res);
          if (!isValid) {
            return res.unauthenticated(Boom.unauthorized('Bad headers auth'));
          }
          return res.authenticated({ credentials: { headers: rest } });
        },
        payload: async (req, res) => {
          const { isValid, ...rest } = await validatePayload(req, res);
          if (!isValid) {
            throw Boom.unauthorized('Bad payload auth');
          }
          req.auth.credentials.payload = rest;
          return res.continue;
        },
        options: {
          payload: true, // MANDATORY to force the payload verification
        },
      };
    });
  },
};

It's working very well for me. But I do not know if it's the right way to do this.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.