Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Koa / Hapi template seems to not support multiple authentication methods on same function #974

Closed
2 of 4 tasks
fantapop opened this issue May 6, 2021 · 0 comments
Closed
2 of 4 tasks

Koa / Hapi template seems to not support multiple authentication methods on same function #974

fantapop opened this issue May 6, 2021 · 0 comments
Labels
bug help wanted

Comments

@fantapop
Copy link
Contributor

fantapop commented May 6, 2021

Sorting

  • I'm submitting a ...

    • bug report
    • feature request
    • support request

  • I confirm that I

    • used the search to make sure that a similar issue hasn't already been submit

Expected Behavior

While using the koa template, If there are two authentication methods on a controller function, tsoa should try both of them before giving up.

Current Behavior

When using a koa template, The first authentication method is attempted only. If that fails the method call seems to be 404ing.

Possible Solution

Here the security methods are being looped over:

tsoa/packages/cli/src/routeGeneration/templates/koa.hbs

Line 139 in 8f54760

for (const secMethod of security) {

Within that for of loop, the promise is being returned and exiting before the other security methods can be attempted.
https://github.com/lukeautry/tsoa/blob/master/packages/cli/src/routeGeneration/templates/koa.hbs#L152

Steps to Reproduce

Use the koa template, have a controller method with more than 1 security method, make sure the first one doesn't succeed. See that the second is not attempted.

Context (Environment)

Version of the library: 3.7.0
Version of NodeJS:

  • Confirm you were using yarn not npm: [ ]

Detailed Description

It appears that the express templates handle this correctly. It may be that not returning there would fix the issue.

Breaking change?

It could change the existing application flow but It seems unlikely that someone has come to rely on this behavior.

Side note. I don't mind making a PR for this but it will likely be a day or two before I can get to it.
fantapop added a commit to fantapop/tsoa that referenced this issue May 15, 2021
@fantapop
fix security handling of multiple auth types for hapi/koa
ac96174 
Closes lukeautry#974
fantapop added a commit to fantapop/tsoa that referenced this issue May 15, 2021
@fantapop
fix security handling of multiple auth types for hapi/koa
bf331ae 
Closes lukeautry#974
fantapop added a commit to fantapop/tsoa that referenced this issue May 18, 2021
@fantapop
fix security handling of multiple auth types for hapi/koa
29fae38 
As part of this refactored how calls to the authentication method for each
server type are handled.  Express multi auth was not previously broken
but I was able to share the same solution across all three servers and
isolate the server specific handling to a single block of code after
waiting for the appropriate promises to be resolved.

I additionally added tests for the following:
- security AND / OR tests for hapi/koa
- a slow failure test to show that promiseAny returns with first success
- checks for which error is resolved to the user in the case that there
  is more than one

Closes lukeautry#974
fantapop added a commit to fantapop/tsoa that referenced this issue Jun 6, 2021
@fantapop
fix security handling of multiple auth types for hapi/koa
4ae2d7a 
As part of this refactored how calls to the authentication method for each
server type are handled.  Express multi auth was not previously broken
but I was able to share the same solution across all three servers and
isolate the server specific handling to a single block of code after
waiting for the appropriate promises to be resolved.

I additionally added tests for the following:
- security AND / OR tests for hapi/koa
- a slow failure test to show that promiseAny returns with first success
- checks for which error is resolved to the user in the case that there
  is more than one

Closes lukeautry#974
fantapop added a commit to fantapop/tsoa that referenced this issue Jun 15, 2021
@fantapop
fix security handling of multiple auth types for hapi/koa
f0ef4c0 
As part of this refactored how calls to the authentication method for each
server type are handled.  Express multi auth was not previously broken
but I was able to share the same solution across all three servers and
isolate the server specific handling to a single block of code after
waiting for the appropriate promises to be resolved.

I additionally added tests for the following:
- security AND / OR tests for hapi/koa
- a slow failure test to show that promiseAny returns with first success
- checks for which error is resolved to the user in the case that there
  is more than one

Closes lukeautry#974
fantapop added a commit to fantapop/tsoa that referenced this issue Jun 15, 2021
@fantapop
fix security handling of multiple auth types for hapi/koa
0a5e35b 
As part of this refactored how calls to the authentication method for each
server type are handled.  Express multi auth was not previously broken
but I was able to share the same solution across all three servers and
isolate the server specific handling to a single block of code after
waiting for the appropriate promises to be resolved.

I additionally added tests for the following:
- security AND / OR tests for hapi/koa
- a slow failure test to show that promiseAny returns with first success
- checks for which error is resolved to the user in the case that there
  is more than one

Closes lukeautry#974
@WoH WoH closed this as completed in 3b0ab3b Jun 21, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug help wanted
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@WoH @fantapop