-
Notifications
You must be signed in to change notification settings - Fork 475
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Koa / Hapi template seems to not support multiple authentication methods on same function #974
Closed
2 of 4 tasks
Labels
Comments
fantapop
added a commit
to fantapop/tsoa
that referenced
this issue
May 15, 2021
fantapop
added a commit
to fantapop/tsoa
that referenced
this issue
May 15, 2021
fantapop
added a commit
to fantapop/tsoa
that referenced
this issue
May 18, 2021
As part of this refactored how calls to the authentication method for each server type are handled. Express multi auth was not previously broken but I was able to share the same solution across all three servers and isolate the server specific handling to a single block of code after waiting for the appropriate promises to be resolved. I additionally added tests for the following: - security AND / OR tests for hapi/koa - a slow failure test to show that promiseAny returns with first success - checks for which error is resolved to the user in the case that there is more than one Closes lukeautry#974
fantapop
added a commit
to fantapop/tsoa
that referenced
this issue
Jun 6, 2021
As part of this refactored how calls to the authentication method for each server type are handled. Express multi auth was not previously broken but I was able to share the same solution across all three servers and isolate the server specific handling to a single block of code after waiting for the appropriate promises to be resolved. I additionally added tests for the following: - security AND / OR tests for hapi/koa - a slow failure test to show that promiseAny returns with first success - checks for which error is resolved to the user in the case that there is more than one Closes lukeautry#974
fantapop
added a commit
to fantapop/tsoa
that referenced
this issue
Jun 15, 2021
As part of this refactored how calls to the authentication method for each server type are handled. Express multi auth was not previously broken but I was able to share the same solution across all three servers and isolate the server specific handling to a single block of code after waiting for the appropriate promises to be resolved. I additionally added tests for the following: - security AND / OR tests for hapi/koa - a slow failure test to show that promiseAny returns with first success - checks for which error is resolved to the user in the case that there is more than one Closes lukeautry#974
fantapop
added a commit
to fantapop/tsoa
that referenced
this issue
Jun 15, 2021
As part of this refactored how calls to the authentication method for each server type are handled. Express multi auth was not previously broken but I was able to share the same solution across all three servers and isolate the server specific handling to a single block of code after waiting for the appropriate promises to be resolved. I additionally added tests for the following: - security AND / OR tests for hapi/koa - a slow failure test to show that promiseAny returns with first success - checks for which error is resolved to the user in the case that there is more than one Closes lukeautry#974
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Sorting
I'm submitting a ...
I confirm that I
Expected Behavior
While using the koa template, If there are two authentication methods on a controller function, tsoa should try both of them before giving up.
Current Behavior
When using a koa template, The first authentication method is attempted only. If that fails the method call seems to be 404ing.
Possible Solution
Here the security methods are being looped over:
tsoa/packages/cli/src/routeGeneration/templates/koa.hbs
Line 139 in 8f54760
Within that for of loop, the promise is being returned and exiting before the other security methods can be attempted.
https://github.com/lukeautry/tsoa/blob/master/packages/cli/src/routeGeneration/templates/koa.hbs#L152
Steps to Reproduce
Use the koa template, have a controller method with more than 1 security method, make sure the first one doesn't succeed. See that the second is not attempted.
Context (Environment)
Version of the library: 3.7.0
Version of NodeJS:
Detailed Description
It appears that the express templates handle this correctly. It may be that not returning there would fix the issue.
Breaking change?
It could change the existing application flow but It seems unlikely that someone has come to rely on this behavior.
Side note. I don't mind making a PR for this but it will likely be a day or two before I can get to it.
The text was updated successfully, but these errors were encountered: