platform/lib/src/plugin.dart

import 'dart:async';
import 'dart:io';
import 'dart:math' as Math;
import 'package:angel_framework/angel_framework.dart';
import 'package:crypto/crypto.dart';
import 'middleware/require_auth.dart';
import 'auth_token.dart';
import 'defs.dart';
import 'options.dart';
import 'strategy.dart';

class AngelAuth extends AngelPlugin {
  Hmac _hs256;
  num _jwtLifeSpan;
  Math.Random _random = new Math.Random.secure();
  final RegExp _rgxBearer = new RegExp(r"^Bearer");
  RequireAuthorizationMiddleware _requireAuth =
      new RequireAuthorizationMiddleware();
  final bool allowCookie;
  final bool allowTokenInQuery;
  String middlewareName;
  bool debug;
  bool enforceIp;
  String reviveTokenEndpoint;
  List<AuthStrategy> strategies = [];
  UserSerializer serializer;
  UserDeserializer deserializer;

  Hmac get hmac => _hs256;

  String _randomString(
      {int length: 32,
      String validChars:
          "ABCDEFHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789_"}) {
    var chars = <int>[];

    while (chars.length < length) chars.add(_random.nextInt(validChars.length));

    return new String.fromCharCodes(chars);
  }

  AngelAuth(
      {String jwtKey,
      num jwtLifeSpan,
      this.allowCookie: true,
      this.allowTokenInQuery: true,
      this.debug: false,
      this.enforceIp: true,
      this.middlewareName: 'auth',
      this.reviveTokenEndpoint: "/auth/token"})
      : super() {
    _hs256 = new Hmac(sha256, (jwtKey ?? _randomString()).codeUnits);
    _jwtLifeSpan = jwtLifeSpan ?? -1;
  }

  @override
  call(Angel app) async {
    app.container.singleton(this);
    if (runtimeType != AngelAuth) app.container.singleton(this, as: AngelAuth);

    app.before.add(decodeJwt);
    app.registerMiddleware(middlewareName, _requireAuth);

    if (reviveTokenEndpoint != null) {
      app.post(reviveTokenEndpoint, reviveJwt);
    }
  }

  decodeJwt(RequestContext req, ResponseContext res) async {
    if (req.method == "POST" && req.path == reviveTokenEndpoint) {
      // Shouldn't block invalid JWT if we are reviving it
      if (debug) print('Token revival endpoint accessed.');
      return await reviveJwt(req, res);
    }

    if (debug) {
      print('Enforcing JWT authentication...');
    }

    String jwt = getJwt(req);

    if (debug) {
      print('Found JWT: $jwt');
    }

    if (jwt != null) {
      var token = new AuthToken.validate(jwt, _hs256);

      if (debug) {
        print('Decoded auth token: ${token.toJson()}');
      }

      if (enforceIp) {
        if (debug) {
          print('Token IP: ${token.ipAddress}. Current request sent from: ${req
                  .ip}');
        }

        if (req.ip != null && req.ip != token.ipAddress)
          throw new AngelHttpException.forbidden(
              message: "JWT cannot be accessed from this IP address.");
      }

      if (token.lifeSpan > -1) {
        if (debug) {
          print("Making sure this token hasn't already expired...");
        }

        token.issuedAt.add(new Duration(milliseconds: token.lifeSpan));

        if (!token.issuedAt.isAfter(new DateTime.now()))
          throw new AngelHttpException.forbidden(message: "Expired JWT.");
      } else if (debug) {
        print('This token has an infinite life span.');
      }

      if (debug) {
        print('Now deserializing from this userId: ${token.userId}');
      }

      final user = await deserializer(token.userId);

      req
        ..inject(AuthToken, req.properties['token'] = token)
        ..inject(user.runtimeType, req.properties["user"] = user);
    }

    return true;
  }

  getJwt(RequestContext req) {
    if (debug) {
      print('Attempting to parse JWT');
    }

    if (req.headers.value("Authorization") != null) {
      if (debug) {
        print('Found Auth header');
      }

      final authHeader = req.headers.value("Authorization");

      // Allow Basic auth to fall through
      if (_rgxBearer.hasMatch(authHeader))
        return authHeader.replaceAll(_rgxBearer, "").trim();
    } else if (allowCookie &&
        req.cookies.any((cookie) => cookie.name == "token")) {
      if (debug) print('Request has "token" cookie...');
      return req.cookies.firstWhere((cookie) => cookie.name == "token").value;
    } else if (allowTokenInQuery && req.query['token'] is String) {
      return req.query['token'];
    }

    return null;
  }

  reviveJwt(RequestContext req, ResponseContext res) async {
    try {
      if (debug) print('Attempting to revive JWT...');

      var jwt = getJwt(req);

      if (debug) print('Found JWT: $jwt');

      if (jwt == null) {
        throw new AngelHttpException.forbidden(message: "No JWT provided");
      } else {
        var token = new AuthToken.validate(jwt, _hs256);

        if (debug) print('Validated and deserialized: $token');

        if (enforceIp) {
          if (debug)
            print(
                'Token IP: ${token.ipAddress}. Current request sent from: ${req
                    .ip}');

          if (req.ip != token.ipAddress)
            throw new AngelHttpException.forbidden(
                message: "JWT cannot be accessed from this IP address.");
        }

        if (token.lifeSpan > -1) {
          if (debug) {
            print('Checking if token has expired... Life span is ${token
                    .lifeSpan}');
          }

          token.issuedAt.add(new Duration(milliseconds: token.lifeSpan));

          if (!token.issuedAt.isAfter(new DateTime.now())) {
            print(
                'Token has indeed expired! Resetting assignment date to current timestamp...');
            // Extend its lifespan by changing iat
            token.issuedAt = new DateTime.now();
          } else if (debug) {
            print('Token has not expired yet.');
          }
        } else if (debug) {
          print('This token never expires, so it is still valid.');
        }

        if (debug) {
          print('Final, valid token: ${token.toJson()}');
        }

        if (allowCookie)
          res.cookies.add(new Cookie('token', token.serialize(_hs256)));

        final data = await deserializer(token.userId);
        return {'data': data, 'token': token.serialize(_hs256)};
      }
    } catch (e, st) {
      if (debug) {
        print('An error occurred while reviving this token.');
        print(e);
        print(st);
      }

      if (e is AngelHttpException) rethrow;
      throw new AngelHttpException.badRequest(message: "Malformed JWT");
    }
  }

  authenticate(String type, [AngelAuthOptions options]) {
    return (RequestContext req, ResponseContext res) async {
      AuthStrategy strategy =
          strategies.firstWhere((AuthStrategy x) => x.name == type);
      var result = await strategy.authenticate(req, res, options);
      if (result == true)
        return result;
      else if (result != false) {
        var userId = await serializer(result);

        // Create JWT
        var token = new AuthToken(
            userId: userId, lifeSpan: _jwtLifeSpan, ipAddress: req.ip);
        var jwt = token.serialize(_hs256);

        if (options?.tokenCallback != null) {
          var r = await options.tokenCallback(
              req, res, token, req.properties["user"] = result);
          if (r != null) return r;
        }

        req
          ..inject(AuthToken, req.properties['token'] = token)
          ..inject(result.runtimeType, req.properties["user"] = result);

        if (allowCookie) res.cookies.add(new Cookie("token", jwt));

        if (options?.callback != null) {
          return await options.callback(req, res, jwt);
        }

        if (options?.successRedirect?.isNotEmpty == true) {
          return res.redirect(options.successRedirect, code: HttpStatus.OK);
        } else if (options?.canRespondWithJson != false &&
            req.headers.value("accept") != null &&
            (req.headers.value("accept").contains("application/json") ||
                req.headers.value("accept").contains("*/*") ||
                req.headers.value("accept").contains("application/*"))) {
          return {"data": result, "token": jwt};
        }

        return true;
      } else {
        await authenticationFailure(req, res);
      }
    };
  }

  Future authenticationFailure(RequestContext req, ResponseContext res) async {
    throw new AngelHttpException.notAuthenticated();
  }

  /// Log a user in on-demand.
  Future login(AuthToken token, RequestContext req, ResponseContext res) async {
    var user = await deserializer(token.userId);

    req
      ..inject(AuthToken, req.properties['token'] = token)
      ..inject(user.runtimeType, req.properties["user"] = user);

    if (allowCookie)
      res.cookies.add(new Cookie('token', token.serialize(_hs256)));
  }

  /// Log a user in on-demand.
  Future loginById(userId, RequestContext req, ResponseContext res) async {
    var user = await deserializer(userId);
    var token = new AuthToken(
        userId: userId, lifeSpan: _jwtLifeSpan, ipAddress: req.ip);

    req
      ..inject(AuthToken, req.properties['token'] = token)
      ..inject(user.runtimeType, req.properties["user"] = user);

    if (allowCookie)
      res.cookies.add(new Cookie('token', token.serialize(_hs256)));
  }

  logout([AngelAuthOptions options]) {
    return (RequestContext req, ResponseContext res) async {
      for (AuthStrategy strategy in strategies) {
        if (!(await strategy.canLogout(req, res))) {
          if (options != null &&
              options.failureRedirect != null &&
              options.failureRedirect.isNotEmpty) {
            return res.redirect(options.failureRedirect);
          }

          return false;
        }
      }

      res.cookies.removeWhere((cookie) => cookie.name == "token");

      if (options != null &&
          options.successRedirect != null &&
          options.successRedirect.isNotEmpty) {
        return res.redirect(options.successRedirect);
      }

      return true;
    };
  }
}
Switched from session to JWT 2016-09-21 23:09:23 +00:00			`import 'dart:async';`
			`import 'dart:io';`
			`import 'dart:math' as Math;`
+6 2016-09-21 06:19:52 +00:00			`import 'package:angel_framework/angel_framework.dart';`
Switched from session to JWT 2016-09-21 23:09:23 +00:00			`import 'package:crypto/crypto.dart';`
+6 2016-09-21 06:19:52 +00:00			`import 'middleware/require_auth.dart';`
Switched from session to JWT 2016-09-21 23:09:23 +00:00			`import 'auth_token.dart';`
+6 2016-09-21 06:19:52 +00:00			`import 'defs.dart';`
			`import 'options.dart';`
			`import 'strategy.dart';`

			`class AngelAuth extends AngelPlugin {`
Switched from session to JWT 2016-09-21 23:09:23 +00:00			`Hmac _hs256;`
			`num _jwtLifeSpan;`
			`Math.Random _random = new Math.Random.secure();`
			`final RegExp _rgxBearer = new RegExp(r"^Bearer");`
			`RequireAuthorizationMiddleware _requireAuth =`
			`new RequireAuthorizationMiddleware();`
+10 2016-11-23 20:37:40 +00:00			`final bool allowCookie;`
			`final bool allowTokenInQuery;`
Debug 2016-10-08 11:39:39 +00:00			`String middlewareName;`
			`bool debug;`
Switched from session to JWT 2016-09-21 23:09:23 +00:00			`bool enforceIp;`
Revive token 2016-09-22 09:26:38 +00:00			`String reviveTokenEndpoint;`
+6 2016-09-21 06:19:52 +00:00			`List<AuthStrategy> strategies = [];`
			`UserSerializer serializer;`
			`UserDeserializer deserializer;`

18 2017-01-20 23:15:21 +00:00			`Hmac get hmac => _hs256;`

Debug 2016-10-08 11:39:39 +00:00			`String _randomString(`
			`{int length: 32,`
			`String validChars:`
			`"ABCDEFHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789_"}) {`
Switched from session to JWT 2016-09-21 23:09:23 +00:00			`var chars = <int>[];`

			`while (chars.length < length) chars.add(_random.nextInt(validChars.length));`

			`return new String.fromCharCodes(chars);`
			`}`

Debug 2016-10-08 11:39:39 +00:00			`AngelAuth(`
			`{String jwtKey,`
			`num jwtLifeSpan,`
+10 2016-11-23 20:37:40 +00:00			`this.allowCookie: true,`
			`this.allowTokenInQuery: true,`
Debug 2016-10-08 11:39:39 +00:00			`this.debug: false,`
			`this.enforceIp: true,`
			`this.middlewareName: 'auth',`
			`this.reviveTokenEndpoint: "/auth/token"})`
			`: super() {`
Switched from session to JWT 2016-09-21 23:09:23 +00:00			`_hs256 = new Hmac(sha256, (jwtKey ?? _randomString()).codeUnits);`
			`_jwtLifeSpan = jwtLifeSpan ?? -1;`
			`}`

+6 2016-09-21 06:19:52 +00:00			`@override`
			`call(Angel app) async {`
			`app.container.singleton(this);`
Switched from session to JWT 2016-09-21 23:09:23 +00:00			`if (runtimeType != AngelAuth) app.container.singleton(this, as: AngelAuth);`
+6 2016-09-21 06:19:52 +00:00
+10 2016-11-23 20:37:40 +00:00			`app.before.add(decodeJwt);`
Debug 2016-10-08 11:39:39 +00:00			`app.registerMiddleware(middlewareName, _requireAuth);`
Revive token 2016-09-22 09:26:38 +00:00
			`if (reviveTokenEndpoint != null) {`
+10 2016-11-23 20:37:40 +00:00			`app.post(reviveTokenEndpoint, reviveJwt);`
Revive token 2016-09-22 09:26:38 +00:00			`}`
+6 2016-09-21 06:19:52 +00:00			`}`

+10 2016-11-23 20:37:40 +00:00			`decodeJwt(RequestContext req, ResponseContext res) async {`
Debug 2016-10-08 11:39:39 +00:00			`if (req.method == "POST" && req.path == reviveTokenEndpoint) {`
Revive token 2016-09-22 09:26:38 +00:00			`// Shouldn't block invalid JWT if we are reviving it`
+10 2016-11-23 20:37:40 +00:00			`if (debug) print('Token revival endpoint accessed.');`
			`return await reviveJwt(req, res);`
			`}`
Debug 2016-10-08 11:39:39 +00:00
+10 2016-11-23 20:37:40 +00:00			`if (debug) {`
			`print('Enforcing JWT authentication...');`
Switched from session to JWT 2016-09-21 23:09:23 +00:00			`}`

+10 2016-11-23 20:37:40 +00:00			`String jwt = getJwt(req);`

			`if (debug) {`
			`print('Found JWT: $jwt');`
			`}`
Revive token 2016-09-22 09:26:38 +00:00
Switched from session to JWT 2016-09-21 23:09:23 +00:00			`if (jwt != null) {`
			`var token = new AuthToken.validate(jwt, _hs256);`

+10 2016-11-23 20:37:40 +00:00			`if (debug) {`
			`print('Decoded auth token: ${token.toJson()}');`
			`}`

Switched from session to JWT 2016-09-21 23:09:23 +00:00			`if (enforceIp) {`
+10 2016-11-23 20:37:40 +00:00			`if (debug) {`
12 2016-12-03 18:23:11 +00:00			`print('Token IP: ${token.ipAddress}. Current request sent from: ${req`
			`.ip}');`
+10 2016-11-23 20:37:40 +00:00			`}`

			`if (req.ip != null && req.ip != token.ipAddress)`
17 2017-01-13 15:50:38 +00:00			`throw new AngelHttpException.forbidden(`
Switched from session to JWT 2016-09-21 23:09:23 +00:00			`message: "JWT cannot be accessed from this IP address.");`
			`}`

			`if (token.lifeSpan > -1) {`
+10 2016-11-23 20:37:40 +00:00			`if (debug) {`
			`print("Making sure this token hasn't already expired...");`
			`}`

Switched from session to JWT 2016-09-21 23:09:23 +00:00			`token.issuedAt.add(new Duration(milliseconds: token.lifeSpan));`

			`if (!token.issuedAt.isAfter(new DateTime.now()))`
17 2017-01-13 15:50:38 +00:00			`throw new AngelHttpException.forbidden(message: "Expired JWT.");`
+10 2016-11-23 20:37:40 +00:00			`} else if (debug) {`
			`print('This token has an infinite life span.');`
Switched from session to JWT 2016-09-21 23:09:23 +00:00			`}`

+10 2016-11-23 20:37:40 +00:00			`if (debug) {`
			`print('Now deserializing from this userId: ${token.userId}');`
			`}`

User injection 2016-12-13 16:39:20 +00:00			`final user = await deserializer(token.userId);`

			`req`
			`..inject(AuthToken, req.properties['token'] = token)`
			`..inject(user.runtimeType, req.properties["user"] = user);`
+6 2016-09-21 06:19:52 +00:00			`}`

			`return true;`
			`}`

+10 2016-11-23 20:37:40 +00:00			`getJwt(RequestContext req) {`
Debug 2016-10-08 11:39:39 +00:00			`if (debug) {`
			`print('Attempting to parse JWT');`
			`}`

Revive token 2016-09-22 09:26:38 +00:00			`if (req.headers.value("Authorization") != null) {`
Debug 2016-10-08 11:39:39 +00:00			`if (debug) {`
			`print('Found Auth header');`
			`}`

+10 2016-11-23 20:37:40 +00:00			`final authHeader = req.headers.value("Authorization");`

			`// Allow Basic auth to fall through`
			`if (_rgxBearer.hasMatch(authHeader))`
			`return authHeader.replaceAll(_rgxBearer, "").trim();`
12 2016-12-03 18:23:11 +00:00			`} else if (allowCookie &&`
			`req.cookies.any((cookie) => cookie.name == "token")) {`
			`if (debug) print('Request has "token" cookie...');`
Revive token 2016-09-22 09:26:38 +00:00			`return req.cookies.firstWhere((cookie) => cookie.name == "token").value;`
+10 2016-11-23 20:37:40 +00:00			`} else if (allowTokenInQuery && req.query['token'] is String) {`
			`return req.query['token'];`
Revive token 2016-09-22 09:26:38 +00:00			`}`

			`return null;`
			`}`

+10 2016-11-23 20:37:40 +00:00			`reviveJwt(RequestContext req, ResponseContext res) async {`
Revive token 2016-09-22 09:26:38 +00:00			`try {`
+10 2016-11-23 20:37:40 +00:00			`if (debug) print('Attempting to revive JWT...');`
Debug 2016-10-08 11:39:39 +00:00
+10 2016-11-23 20:37:40 +00:00			`var jwt = getJwt(req);`
Revive token 2016-09-22 09:26:38 +00:00
+10 2016-11-23 20:37:40 +00:00			`if (debug) print('Found JWT: $jwt');`
Debug 2016-10-08 11:39:39 +00:00
Revive token 2016-09-22 09:26:38 +00:00			`if (jwt == null) {`
17 2017-01-13 15:50:38 +00:00			`throw new AngelHttpException.forbidden(message: "No JWT provided");`
Revive token 2016-09-22 09:26:38 +00:00			`} else {`
			`var token = new AuthToken.validate(jwt, _hs256);`

+10 2016-11-23 20:37:40 +00:00			`if (debug) print('Validated and deserialized: $token');`
Debug 2016-10-08 11:39:39 +00:00
Revive token 2016-09-22 09:26:38 +00:00			`if (enforceIp) {`
Debug 2016-10-08 11:39:39 +00:00			`if (debug)`
+10 2016-11-23 20:37:40 +00:00			`print(`
12 2016-12-03 18:23:11 +00:00			`'Token IP: ${token.ipAddress}. Current request sent from: ${req`
			`.ip}');`
Debug 2016-10-08 11:39:39 +00:00
Revive token 2016-09-22 09:26:38 +00:00			`if (req.ip != token.ipAddress)`
17 2017-01-13 15:50:38 +00:00			`throw new AngelHttpException.forbidden(`
Revive token 2016-09-22 09:26:38 +00:00			`message: "JWT cannot be accessed from this IP address.");`
			`}`

			`if (token.lifeSpan > -1) {`
Debug 2016-10-08 11:39:39 +00:00			`if (debug) {`
12 2016-12-03 18:23:11 +00:00			`print('Checking if token has expired... Life span is ${token`
			`.lifeSpan}');`
Debug 2016-10-08 11:39:39 +00:00			`}`

Revive token 2016-09-22 09:26:38 +00:00			`token.issuedAt.add(new Duration(milliseconds: token.lifeSpan));`

			`if (!token.issuedAt.isAfter(new DateTime.now())) {`
+10 2016-11-23 20:37:40 +00:00			`print(`
			`'Token has indeed expired! Resetting assignment date to current timestamp...');`
Revive token 2016-09-22 09:26:38 +00:00			`// Extend its lifespan by changing iat`
			`token.issuedAt = new DateTime.now();`
Debug 2016-10-08 11:39:39 +00:00			`} else if (debug) {`
			`print('Token has not expired yet.');`
Revive token 2016-09-22 09:26:38 +00:00			`}`
+10 2016-11-23 20:37:40 +00:00			`} else if (debug) {`
Debug 2016-10-08 11:39:39 +00:00			`print('This token never expires, so it is still valid.');`
Revive token 2016-09-22 09:26:38 +00:00			`}`

Debug 2016-10-08 11:39:39 +00:00			`if (debug) {`
			`print('Final, valid token: ${token.toJson()}');`
			`}`

12 2016-12-03 18:23:11 +00:00			`if (allowCookie)`
			`res.cookies.add(new Cookie('token', token.serialize(_hs256)));`

			`final data = await deserializer(token.userId);`
			`return {'data': data, 'token': token.serialize(_hs256)};`
Revive token 2016-09-22 09:26:38 +00:00			`}`
Debug 2016-10-08 11:39:39 +00:00			`} catch (e, st) {`
			`if (debug) {`
			`print('An error occurred while reviving this token.');`
			`print(e);`
			`print(st);`
			`}`

			`if (e is AngelHttpException) rethrow;`
17 2017-01-13 15:50:38 +00:00			`throw new AngelHttpException.badRequest(message: "Malformed JWT");`
Revive token 2016-09-22 09:26:38 +00:00			`}`
			`}`

+6 2016-09-21 06:19:52 +00:00			`authenticate(String type, [AngelAuthOptions options]) {`
			`return (RequestContext req, ResponseContext res) async {`
			`AuthStrategy strategy =`
Switched from session to JWT 2016-09-21 23:09:23 +00:00			`strategies.firstWhere((AuthStrategy x) => x.name == type);`
+6 2016-09-21 06:19:52 +00:00			`var result = await strategy.authenticate(req, res, options);`
			`if (result == true)`
			`return result;`
			`else if (result != false) {`
Switched from session to JWT 2016-09-21 23:09:23 +00:00			`var userId = await serializer(result);`

			`// Create JWT`
:) 2016-12-21 18:28:51 +00:00			`var token = new AuthToken(`
			`userId: userId, lifeSpan: _jwtLifeSpan, ipAddress: req.ip);`
			`var jwt = token.serialize(_hs256);`
18 2017-01-20 23:15:21 +00:00
			`if (options?.tokenCallback != null) {`
			`var r = await options.tokenCallback(`
			`req, res, token, req.properties["user"] = result);`
			`if (r != null) return r;`
			`}`

:) 2016-12-21 18:28:51 +00:00			`req`
			`..inject(AuthToken, req.properties['token'] = token)`
			`..inject(result.runtimeType, req.properties["user"] = result);`
+10 2016-11-23 20:37:40 +00:00
Fixed minor issues 2016-12-22 17:24:01 +00:00			`if (allowCookie) res.cookies.add(new Cookie("token", jwt));`
Switched from session to JWT 2016-09-21 23:09:23 +00:00
Done? 2016-12-07 23:09:21 +00:00			`if (options?.callback != null) {`
			`return await options.callback(req, res, jwt);`
			`}`

Fixed minor issues 2016-12-22 17:24:01 +00:00			`if (options?.successRedirect?.isNotEmpty == true) {`
			`return res.redirect(options.successRedirect, code: HttpStatus.OK);`
			`} else if (options?.canRespondWithJson != false &&`
+11 2016-11-28 01:04:52 +00:00			`req.headers.value("accept") != null &&`
Switched from session to JWT 2016-09-21 23:09:23 +00:00			`(req.headers.value("accept").contains("application/json") \|\|`
			`req.headers.value("accept").contains("/") \|\|`
			`req.headers.value("accept").contains("application/*"))) {`
			`return {"data": result, "token": jwt};`
			`}`

+6 2016-09-21 06:19:52 +00:00			`return true;`
			`} else {`
Switched from session to JWT 2016-09-21 23:09:23 +00:00			`await authenticationFailure(req, res);`
+6 2016-09-21 06:19:52 +00:00			`}`
			`};`
			`}`

Switched from session to JWT 2016-09-21 23:09:23 +00:00			`Future authenticationFailure(RequestContext req, ResponseContext res) async {`
17 2017-01-13 15:50:38 +00:00			`throw new AngelHttpException.notAuthenticated();`
Switched from session to JWT 2016-09-21 23:09:23 +00:00			`}`

18 2017-01-20 23:15:21 +00:00			`/// Log a user in on-demand.`
			`Future login(AuthToken token, RequestContext req, ResponseContext res) async {`
			`var user = await deserializer(token.userId);`

			`req`
			`..inject(AuthToken, req.properties['token'] = token)`
			`..inject(user.runtimeType, req.properties["user"] = user);`

			`if (allowCookie)`
			`res.cookies.add(new Cookie('token', token.serialize(_hs256)));`
			`}`

			`/// Log a user in on-demand.`
			`Future loginById(userId, RequestContext req, ResponseContext res) async {`
			`var user = await deserializer(userId);`
			`var token = new AuthToken(`
			`userId: userId, lifeSpan: _jwtLifeSpan, ipAddress: req.ip);`

			`req`
			`..inject(AuthToken, req.properties['token'] = token)`
			`..inject(user.runtimeType, req.properties["user"] = user);`

			`if (allowCookie)`
			`res.cookies.add(new Cookie('token', token.serialize(_hs256)));`
			`}`

+6 2016-09-21 06:19:52 +00:00			`logout([AngelAuthOptions options]) {`
			`return (RequestContext req, ResponseContext res) async {`
			`for (AuthStrategy strategy in strategies) {`
			`if (!(await strategy.canLogout(req, res))) {`
			`if (options != null &&`
			`options.failureRedirect != null &&`
			`options.failureRedirect.isNotEmpty) {`
			`return res.redirect(options.failureRedirect);`
			`}`

			`return false;`
			`}`
			`}`

Fixed minor issues 2016-12-22 17:24:01 +00:00			`res.cookies.removeWhere((cookie) => cookie.name == "token");`
+6 2016-09-21 06:19:52 +00:00
			`if (options != null &&`
			`options.successRedirect != null &&`
			`options.successRedirect.isNotEmpty) {`
			`return res.redirect(options.successRedirect);`
			`}`

			`return true;`
			`};`
			`}`
Switched from session to JWT 2016-09-21 23:09:23 +00:00			`}`